From 4f2f66846642c6a8dfb99e8f75cb751a41264894 Mon Sep 17 00:00:00 2001
From: Andrey Volk <andywolk@gmail.com>
Date: Wed, 12 Jun 2024 15:28:24 +0300
Subject: [PATCH] [Core] msrp dump_buffer: Coverity 1364970 Out-of-bounds write

---
 src/switch_msrp.c | 40 +++++++++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/src/switch_msrp.c b/src/switch_msrp.c
index 9fd84d846b..f044404eba 100644
--- a/src/switch_msrp.c
+++ b/src/switch_msrp.c
@@ -562,30 +562,48 @@ void dump_buffer(const char *buf, switch_size_t len, int line, int is_send)
 {
 	int i, j, k = 0;
 	char buff[MSRP_BUFF_SIZE * 2];
-	// return;
-	for(i=0,j=0; i<len; i++) {
+
+	for (i = 0, j = 0; i < len; i++) {
 		if (buf[i] == '\0') {
+			if (j + 1 >= sizeof(buff)) break;
+
 			buff[j++] = '\\';
 			buff[j++] = '0';
-		} else if(buf[i] == '\r') {
+		} else if (buf[i] == '\r') {
+			if (j + 1 >= sizeof(buff)) break;
+
 			buff[j++] = '\\';
 			buff[j++] = 'r';
-		} else if(buf[i] == '\n') {
+		} else if (buf[i] == '\n') {
+			if (j + 2 >= sizeof(buff)) break;
+
 			buff[j++] = '\\';
 			buff[j++] = 'n';
 			buff[j++] = '\n';
 			k = 0;
-		}
-		 else {
+		} else {
+			if (j >= sizeof(buff)) break;
+
 			buff[j++] = buf[i];
 		}
-		if ((++k) %80 == 0) buff[j++] = '\n';
-		if (j >= MSRP_BUFF_SIZE * 2) break;
+
+		if ((++k) % 80 == 0) {
+			if (j + 1 >= sizeof(buff)) break;
+
+			buff[j++] = '\n';
+		}
+
+		if (j >= sizeof(buff)) break;
 	}
 
-	buff[j] = '\0';
-	switch_log_printf(SWITCH_CHANNEL_LOG, is_send ? SWITCH_LOG_NOTICE: SWITCH_LOG_INFO,
-		"%d: %s [%" SWITCH_SIZE_T_FMT "] bytes [\n%s]\n", line, is_send? "SEND" : "RECV", len, buff);
+	if (j >= sizeof(buff)) {
+		buff[sizeof(buff) - 1] = '\0';
+	} else {
+		buff[j] = '\0';
+	}
+
+	switch_log_printf(SWITCH_CHANNEL_LOG, is_send ? SWITCH_LOG_NOTICE : SWITCH_LOG_INFO,
+					  "%d: %s [%" SWITCH_SIZE_T_FMT "] bytes [\n%s]\n", line, is_send ? "SEND" : "RECV", len, buff);
 }
 
 char *find_delim(char *buf, int len, const char *delim)