--- a/libpurple/protocols/jabber/useravatar.c Mon Feb 18 22:10:12 2013 -0500
+++ b/libpurple/protocols/jabber/useravatar.c Mon Feb 18 22:46:53 2013 -0500
@@ -113,6 +113,7 @@
/* A PNG header, including the IHDR, but nothing else */
+ /* ATTN: this is in network byte order! */ guchar signature[8]; /* must be hex 89 50 4E 47 0D 0A 1A 0A */
@@ -126,10 +127,13 @@
- } *png = purple_imgstore_get_data(img); /* ATTN: this is in network byte order! */
+ if (purple_imgstore_get_size(img) > sizeof(*png)) + png = purple_imgstore_get_data(img); /* check if the data is a valid png file (well, at least to some extent) */
- if(png->signature[0] == 0x89 &&
+ if(png && png->signature[0] == 0x89 && png->signature[1] == 0x50 &&
png->signature[2] == 0x4e &&
png->signature[3] == 0x47 &&