From f0c717463d569f87a16f9b014033c8ca8939a7b4 Mon Sep 17 00:00:00 2001
From: Mark Michelson <mmichelson@digium.com>
Date: Thu, 13 Apr 2017 16:59:40 -0500
Subject: [PATCH] Parse zero-length multipart body parts correctly.

The calculation of end_body could result in a negative length being
passed to multipart_body_parse_part().
---
 pjsip/src/pjsip/sip_multipart.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/pjsip/src/pjsip/sip_multipart.c b/pjsip/src/pjsip/sip_multipart.c
index 8351f7e..b302139 100644
--- a/pjsip/src/pjsip/sip_multipart.c
+++ b/pjsip/src/pjsip/sip_multipart.c
@@ -653,13 +653,15 @@ PJ_DEF(pjsip_msg_body*) pjsip_multipart_parse(pj_pool_t *pool,
 
 	end_body = curptr;
 
-	/* The newline preceeding the delimiter is conceptually part of
-	 * the delimiter, so trim it from the body.
-	 */
-	if (*(end_body-1) == '\n')
-	    --end_body;
-	if (*(end_body-1) == '\r')
-	    --end_body;
+	if (end_body > start_body) {
+	    /* The newline preceeding the delimiter is conceptually part of
+	     * the delimiter, so trim it from the body.
+	     */
+	    if (*(end_body-1) == '\n')
+		--end_body;
+	    if (*(end_body-1) == '\r')
+		 --end_body;
+	}
 
 	/* Now that we have determined the part's boundary, parse it
 	 * to get the header and body part of the part.
-- 
1.9.1