From 86141c8805a5566448dac122c4662359a611effd Mon Sep 17 00:00:00 2001
From: Anthony Minessale <anthony.minessale@gmail.com>
Date: Thu, 25 Mar 2010 21:36:11 +0000
Subject: [PATCH] add sanity check to project size of decoded codec data

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@17108 d0543943-73ff-0310-b7d9-9358b9ac24b2
---
 src/switch_core_codec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/switch_core_codec.c b/src/switch_core_codec.c
index 2ac5ea6b15..9a78c5a5f3 100644
--- a/src/switch_core_codec.c
+++ b/src/switch_core_codec.c
@@ -621,6 +621,15 @@ SWITCH_DECLARE(switch_status_t) switch_core_codec_decode(switch_codec_t *codec,
 		return SWITCH_STATUS_NOT_INITALIZED;
 	}
 
+	if (codec->implementation->encoded_bytes_per_packet) {
+		uint32_t frames = encoded_data_len / codec->implementation->encoded_bytes_per_packet;
+
+		if (frames && codec->implementation->decoded_bytes_per_packet * frames > *decoded_data_len) {
+			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT, "Buffer size sanity check failed!\n");
+			return SWITCH_STATUS_GENERR;
+		}
+	}
+	
 	if (codec->mutex)
 		switch_mutex_lock(codec->mutex);
 	status = codec->implementation->decode(codec, other_codec, encoded_data, encoded_data_len, encoded_rate,