From 6e9d96efd85876b0ff472b8603e406d56cd2ad85 Mon Sep 17 00:00:00 2001
From: csoler <csoler@users.sourceforge.net>
Date: Mon, 11 Jan 2016 20:26:19 -0500
Subject: [PATCH] fixed potential integer overflow / Out of bounds read in
 RsVOIPDataItem.cc

---
 plugins/VOIP/services/rsVOIPItems.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/VOIP/services/rsVOIPItems.cc b/plugins/VOIP/services/rsVOIPItems.cc
index afc76b505..9ba20868e 100644
--- a/plugins/VOIP/services/rsVOIPItems.cc
+++ b/plugins/VOIP/services/rsVOIPItems.cc
@@ -447,6 +447,9 @@ RsVOIPDataItem::RsVOIPDataItem(void *data, uint32_t pktsize)
 	ok &= getRawUInt32(data, rssize, &offset, &flags);
 	ok &= getRawUInt32(data, rssize, &offset, &data_size);
 
+    	if(data_size > rssize || rssize - data_size < offset)
+            throw std::runtime_error("Not enough space.") ;
+        
 	voip_data = malloc(data_size) ;
 	memcpy(voip_data,&((uint8_t*)data)[offset],data_size) ;
 	offset += data_size ;