From 0e0f299cbc47c00b4a5dd527bc3b73dafd1c4854 Mon Sep 17 00:00:00 2001
From: Michael Jerris <mike@jerris.com>
Date: Tue, 20 May 2008 00:54:43 +0000
Subject: [PATCH] bounds checks to avoid buffer overflow. Found by Klockwork
 (www.klocwork.com)

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@8486 d0543943-73ff-0310-b7d9-9358b9ac24b2
---
 src/mod/codecs/mod_ilbc/mod_ilbc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mod/codecs/mod_ilbc/mod_ilbc.c b/src/mod/codecs/mod_ilbc/mod_ilbc.c
index 77982ef95a..a5ac96859e 100644
--- a/src/mod/codecs/mod_ilbc/mod_ilbc.c
+++ b/src/mod/codecs/mod_ilbc/mod_ilbc.c
@@ -115,7 +115,7 @@ static switch_status_t switch_ilbc_encode(switch_codec_t *codec,
 		float buf[240];
 
 		for (x = 0; x < loops && new_len < *encoded_data_len; x++) {
-			for (y = 0; y < context->dbytes / sizeof(short); y++) {
+			for (y = 0; y < context->dbytes / sizeof(short) && y < 240; y++) {
 				buf[y] = ddp[y];
 			}
 			iLBC_encode(edp, buf, &context->encoder);
@@ -157,7 +157,7 @@ static switch_status_t switch_ilbc_decode(switch_codec_t *codec,
 
 		for (x = 0; x < loops && new_len < *decoded_data_len; x++) {
 			iLBC_decode(buf, edp, &context->decoder, 1);
-			for (y = 0; y < context->dbytes / sizeof(short); y++) {
+			for (y = 0; y < context->dbytes / sizeof(short) && y < 240; y++) {
 				ddp[y] = (short) buf[y];
 			}
 			ddp += context->dbytes / sizeof(short);