gaim/gaim

This is basically the same scenario as the previous fix.
oldstatus v1_3_1
2005-06-09, Daniel Atallah
ddb659dd612d
Parents c993c7f4e5b8
Children 8706427fde57
This is basically the same scenario as the previous fix.
1 files changed, 10 insertions(+), 4 deletions(-)
  • +10 -4
    src/protocols/msn/msg.c
    • --- a/src/protocols/msn/msg.c Thu Jun 09 22:28:13 2005 -0400
    +++ b/src/protocols/msn/msg.c Thu Jun 09 22:29:45 2005 -0400
    @@ -159,9 +159,14 @@
    {
    MsnSlpHeader header;
    const char *tmp;
    + int body_len;
    tmp = body;
    + if (len < sizeof(header)) {
    + g_return_if_reached();
    + }
    +
    /* Import the header. */
    memcpy(&header, tmp, sizeof(header));
    tmp += sizeof(header);
    @@ -177,13 +182,14 @@
    msg->msnslp_header.ack_size = GUINT64_FROM_LE(header.ack_size);
    /* Import the body. */
    + body_len = len - (tmp - body);
    /* msg->body_len = msg->msnslp_header.length; */
    - msg->body_len = len - (tmp - body);
    - if (msg->body_len > 0)
    + if (body_len > 0) {
    + msg->body_len = len - (tmp - body);
    msg->body = g_memdup(tmp, msg->body_len);
    -
    - tmp += msg->body_len;
    + tmp += body_len;
    + }
    }
    void