From a49941322113065f70afd433719890f8e4c509a7 Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Tue, 6 Jun 2017 02:07:13 -0700
Subject: [PATCH] Fix the buffer data packets value being truncated on very
 large frames causing an out of bounds buffer access in
 reed_solomon_reconstruct()

---
 src/RtpFecQueue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/RtpFecQueue.c b/src/RtpFecQueue.c
index 2baa1f4..7b413be 100644
--- a/src/RtpFecQueue.c
+++ b/src/RtpFecQueue.c
@@ -223,7 +223,7 @@ int RtpfAddPacket(PRTP_FEC_QUEUE queue, PRTP_PACKET packet, PRTPFEC_QUEUE_ENTRY
         queue->bufferLowestSequenceNumber = ushort(packet->sequenceNumber - fecIndex);
         queue->bufferSize = 0;
         queue->bufferHighestSequenceNumber = packet->sequenceNumber;
-        queue->bufferDataPackets = ((nvPacket->fecInfo & 0xFF00000) >> 20) / 4;
+        queue->bufferDataPackets = ((nvPacket->fecInfo & 0xFFF00000) >> 20) / 4;
         queue->fecPercentage = ((nvPacket->fecInfo & 0xFF0) >> 4);
     } else if (isBefore(queue->bufferHighestSequenceNumber, packet->sequenceNumber)) {
         queue->bufferHighestSequenceNumber = packet->sequenceNumber;