From 275fcd01d88661d29b1ff5bf0d3896c7c6a83663 Mon Sep 17 00:00:00 2001
From: Sean Bright <sean.bright@gmail.com>
Date: Thu, 10 Dec 2020 13:58:01 -0500
Subject: [PATCH] res_rtp_asterisk.c: Fix unsigned comparison that leads to
 buffer overflow

ASTERISK-29205 #close

Change-Id: Ib7aa65644e8df76e2378d7613ee7cf751b9d0bea
---
 res/res_rtp_asterisk.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index dfec8f55cb..29ffffc149 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -6932,7 +6932,7 @@ static int rtp_transport_wide_cc_feedback_produce(const void *data)
 			/* If there is no more room left for storing packets stop now, we leave 20
 			 * extra bits at the end just in case.
 			 */
-			if ((sizeof(bdata) - (packet_len + delta_len + 20)) < 0) {
+			if (packet_len + delta_len + 20 > sizeof(bdata)) {
 				res = -1;
 				break;
 			}
@@ -6966,7 +6966,7 @@ static int rtp_transport_wide_cc_feedback_produce(const void *data)
 		previous_packet = statistics;
 
 		/* If there is no more room left in the packet stop handling of any subsequent packets */
-		if ((sizeof(bdata) - (packet_len + delta_len + 20)) < 0) {
+		if (packet_len + delta_len + 20 > sizeof(bdata)) {
 			break;
 		}
 	}
-- 
2.25.1