Commit bf0c9a9068 for asterisk.org

commit bf0c9a906892bc0f91fa753476e326919e4e30e5
Author: Mike Bradeen <mbradeen@sangoma.com>
Date:   Tue Mar 31 11:41:10 2026 -0600

    ooh323: Prevent potential buffer overflow in trace logging

    Replace a call to vsprintf with a call to ast_vasprintf to
    prevent a possible buffer overflow.

    Resolves: #GHSA-x348-j6c9-77f3

diff --git a/addons/ooh323c/src/ootrace.c b/addons/ooh323c/src/ootrace.c
index 3e097faa5d..61d28f4ed6 100644
--- a/addons/ooh323c/src/ootrace.c
+++ b/addons/ooh323c/src/ootrace.c
@@ -43,13 +43,17 @@ void ooTrace(OOUINT32 traceLevel, const char * fmtspec, ...) __attribute__((form

 void ooTrace(OOUINT32 traceLevel, const char * fmtspec, ...) {
    va_list arglist;
-   char logMessage[MAXLOGMSGLEN];
+   char *logMessage = NULL;
+   int res = 0;
    if(traceLevel > gs_traceLevel) return;
    va_start (arglist, fmtspec);
-   /*   memset(logMessage, 0, MAXLOGMSGLEN);*/
-   vsprintf(logMessage, fmtspec, arglist);
+   res = ast_vasprintf(&logMessage, fmtspec, arglist);
    va_end(arglist);
+   if (res < 0 || !logMessage) {
+      return;
+   }
    ooTraceLogMessage(logMessage);
+   ast_free(logMessage);
 }

 void ooTraceLogMessage(const char * logMessage)