There is a memory corruption vulnerability in audio processing
during a voice call in WeChat. When an RTP packet is processed,
there is a call to UnpacketRTP. This function decrements the length
of the packet by 12 without checking that the packet has at least
12 bytes in it. This leads to a negative packet length. Then,
CAudioJBM::InputAudioFrameToJBM will check that the packet size is
smaller than the size of a buffer before calling memcpy, but this
check (n