From: Ivan Poddubny <ivan.poddubny@gmail.com>
Date: Sun, 31 May 2015 16:33:37 +0000 (+0300)
Subject: Fix buffer overflow in slin sample frames generation.
X-Git-Tag: 11.19.0-rc1~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99c54fe42d78995df3d6d538d120d3543ec557a8;p=thirdparty%2Fasterisk.git

Fix buffer overflow in slin sample frames generation.

The length of frames retured by sample functions was twice as large as
real, what caused global buffer overflow caught by AddressSanitizer.

ASTERISK-24717 #close
Reported by: Badalian Vyacheslav

Change-Id: Iec2fe682aef13e556684912f906bedf7c18229c6
---

diff --git a/include/asterisk/slin.h b/include/asterisk/slin.h
index ab7d843abe..e9971a7c49 100644
--- a/include/asterisk/slin.h
+++ b/include/asterisk/slin.h
@@ -62,7 +62,7 @@ static inline struct ast_frame *slin8_sample(void)
 {
 	static struct ast_frame f = {
 		.frametype = AST_FRAME_VOICE,
-		.datalen = sizeof(ex_slin8) * 2,
+		.datalen = sizeof(ex_slin8),
 		.samples = ARRAY_LEN(ex_slin8),
 		.mallocd = 0,
 		.offset = 0,
@@ -78,7 +78,7 @@ static inline struct ast_frame *slin16_sample(void)
 {
 	static struct ast_frame f = {
 		.frametype = AST_FRAME_VOICE,
-		.datalen = sizeof(ex_slin16) * 2,
+		.datalen = sizeof(ex_slin16),
 		.samples = ARRAY_LEN(ex_slin16),
 		.mallocd = 0,
 		.offset = 0,