From 91c97b5da5fd7008b8a5f90565ba26d72c014d9f Mon Sep 17 00:00:00 2001
From: Joshua Elson <joshelson@gmail.com>
Date: Mon, 13 Mar 2017 14:21:23 -0600
Subject: pjsip: prevent memory corruption on creation of xml bodies

ASTERISK-26776 #close

Change-Id: I884b6f4e8233a355d0be687ec78d41bc0e4d3fd2
---
 .../patches/0025-fix-print-xml-crash.patch         | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 third-party/pjproject/patches/0025-fix-print-xml-crash.patch

diff --git a/third-party/pjproject/patches/0025-fix-print-xml-crash.patch b/third-party/pjproject/patches/0025-fix-print-xml-crash.patch
new file mode 100644
index 000000000..eafc38906
--- /dev/null
+++ b/third-party/pjproject/patches/0025-fix-print-xml-crash.patch
@@ -0,0 +1,24 @@
+From 1bc5ca699f523bd8e910203a3eb4dee58f366976 Mon Sep 17 00:00:00 2001
+From: Joshua Elson <joshelson@gmail.com>
+Date: Mon, 20 Mar 2017 19:28:47 -0600
+Subject: [PATCH] Prevent memory corruption on xml tag write
+
+---
+ pjlib-util/src/pjlib-util/xml.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pjlib-util/src/pjlib-util/xml.c b/pjlib-util/src/pjlib-util/xml.c
+index 296b232..b0aad26 100644
+--- a/pjlib-util/src/pjlib-util/xml.c
++++ b/pjlib-util/src/pjlib-util/xml.c
+@@ -248,6 +248,7 @@ static int xml_print_node( const pj_xml_node *node, int indent,
+     if (node->content.slen==0 &&
+ 	node->node_head.next==(pj_xml_node*)&node->node_head)
+     {
++	if (SIZE_LEFT() < 3) return -1;
+ 	*p++ = ' ';
+ 	*p++ = '/';
+ 	*p++ = '>';
+-- 
+2.10.1 (Apple Git-78)
+
-- 
cgit v1.2.3