mirror of
https://github.com/asterisk/asterisk.git
synced 2026-06-30 12:10:12 -07:00
Milan Kyselica
e8c9782fb3
The codec2_samples() function uses floor division (160 * datalen/6) to compute expected output samples, but the decode loop condition (x < datalen) iterates with ceiling behavior when datalen is not a multiple of CODEC2_FRAME_LEN. This mismatch causes the loop to decode one extra frame beyond what the framework bounds check budgeted for, leading to an out-of-bounds write on the output buffer. Change the loop condition to only process complete frames, matching the floor-division behavior of codec2_samples(). This also prevents an out-of-bounds read on the input side when fewer than CODEC2_FRAME_LEN bytes remain. Resolves: #GHSA-qf8j-jp7h-c5hx