Skip to content

Commit 8b621f1

Browse files
authored
Merge pull request from GHSA-3qx3-cg72-wrh9
1 parent cc339ac commit 8b621f1

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

Diff for: pjmedia/src/pjmedia/rtcp.c

+7
Original file line numberDiff line numberDiff line change
@@ -757,8 +757,15 @@ static void parse_rtcp_bye(pjmedia_rtcp_session *sess,
757757

758758
/* Check and get BYE reason */
759759
if (size > 8) {
760+
/* Make sure the BYE reason does not exceed:
761+
* - the size of the available buffer
762+
* - the declared reason's length
763+
* - the actual packet size
764+
*/
760765
reason.slen = PJ_MIN(sizeof(sess->stat.peer_sdes_buf_),
761766
*((pj_uint8_t*)pkt+8));
767+
reason.slen = PJ_MIN(reason.slen, size-9);
768+
762769
pj_memcpy(sess->stat.peer_sdes_buf_, ((pj_uint8_t*)pkt+9),
763770
reason.slen);
764771
reason.ptr = sess->stat.peer_sdes_buf_;

0 commit comments

Comments
 (0)