From 3ecd420dd2e3a0267f8865f035c072122aee539d Mon Sep 17 00:00:00 2001 From: z3bra Date: Mon, 21 Nov 2016 20:46:44 +0100 Subject: Discard buffer if size is bigger than expected size --- ratox.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/ratox.c b/ratox.c index 48631a9..a3166fb 100644 --- a/ratox.c +++ b/ratox.c @@ -489,16 +489,13 @@ sendfriendcalldata(struct friend *f) ssize_t n; TOXAV_ERR_SEND_FRAME err; - if (!f->av.state) - return; - n = fiforead(f->dirfd, &f->fd[FCALL_IN], ffiles[FCALL_IN], - f->av.frame + (f->av.state & INCOMPLETE) * f->av.n, - framesize * sizeof(int16_t) - (f->av.state & INCOMPLETE) * f->av.n); + f->av.frame + (f->av.state & INCOMPLETE)/INCOMPLETE * f->av.n, + framesize * sizeof(int16_t) - (f->av.state & INCOMPLETE)/INCOMPLETE * f->av.n); if (n == 0) { f->av.state &= ~OUTGOING; return; - } else if (n < 0) { + } else if (n < 0 || n > framesize * sizeof(int16_t)) { return; } else if (n == (framesize * sizeof(int16_t) - (f->av.state & INCOMPLETE) * f->av.n)) { f->av.state &= ~INCOMPLETE; @@ -1773,7 +1770,7 @@ loop(void) f->av.state |= RINGING; logmsg(": %s : Audio : Tx > Inviting\n", f->name); } else { - if (f->av.state & OUTGOING) + if (f->av.state & TRANSMITTING) sendfriendcalldata(f); } } -- cgit v1.2.3