Mercurial > pidgin.yaz

comparison libpurple/protocols/oscar/family_locate.c @ 18630:ce3c8d30a200

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Hopefully fix a hella sporadic infinite loop bug in ICQ (and maybe AIM). Thanks to Vijay from meebo and wbadger from our trac for helping debug and track this down. Fixes #2078.
author Mark Doliner <mark@kingant.net>
date Tue, 24 Jul 2007 18:54:07 +0000
parents f79b6bb6bb5f
children 44b4e8bd759b
comparison
equal deleted inserted replaced
18628:1b032e320dbf 18630:ce3c8d30a200
634 634
635 /* 635 /*
636 * Parse out the Type-Length-Value triples as they're found. 636 * Parse out the Type-Length-Value triples as they're found.
637 */ 637 */
638 for (curtlv = 0; curtlv < tlvcnt; curtlv++) { 638 for (curtlv = 0; curtlv < tlvcnt; curtlv++) {
639 guint16 type;
640 guint8 number, length;
639 int endpos; 641 int endpos;
640 guint16 type, length;
641 642
642 type = byte_stream_get16(bs); 643 type = byte_stream_get16(bs);
643 length = byte_stream_get16(bs); 644 number = byte_stream_get8(bs);
644 645 length = byte_stream_get8(bs);
645 endpos = byte_stream_curpos(bs) + length; 646
647 endpos = byte_stream_curpos(bs) + MIN(length, byte_stream_empty(bs));
646 648
647 if (type == 0x0001) { 649 if (type == 0x0001) {
648 /* 650 /*
649 * User flags 651 * User flags
650 * 652 *
813 * (it's called an "available" message). Or it can 815 * (it's called an "available" message). Or it can
814 * contain information about the buddy icon the user 816 * contain information about the buddy icon the user
815 * has stored on the server. 817 * has stored on the server.
816 */ 818 */
817 guint16 type2; 819 guint16 type2;
818 guint8 number, length2; 820 guint8 number2, length2;
819 int endpos2; 821 int endpos2;
820 822
821 /* 823 /*
822 * Continue looping as long as we're able to read type2, 824 * Continue looping as long as we're able to read type2,
823 * number, and length2. 825 * number2, and length2.
824 */ 826 */
825 while (byte_stream_curpos(bs) + 4 <= endpos) { 827 while (byte_stream_curpos(bs) + 4 <= endpos) {
826 type2 = byte_stream_get16(bs); 828 type2 = byte_stream_get16(bs);
827 number = byte_stream_get8(bs); 829 number2 = byte_stream_get8(bs);
828 length2 = byte_stream_get8(bs); 830 length2 = byte_stream_get8(bs);
829 831
830 endpos2 = byte_stream_curpos(bs) + length2; 832 endpos2 = byte_stream_curpos(bs) + MIN(length2, byte_stream_empty(bs));
831 833
832 switch (type2) { 834 switch (type2) {
833 case 0x0000: { /* This is an official buddy icon? */ 835 case 0x0000: { /* This is an official buddy icon? */
834 /* This is always 5 bytes of "0x02 01 d2 04 72"? */ 836 /* This is always 5 bytes of "0x02 01 d2 04 72"? */
835 byte_stream_advance(bs, length2);
836 } break; 837 } break;
837 838
838 case 0x0001: { /* A buddy icon checksum */ 839 case 0x0001: { /* A buddy icon checksum */
839 if ((length2 > 0) && ((number == 0x00) || (number == 0x01))) { 840 if ((length2 > 0) && ((number2 == 0x00) || (number2 == 0x01))) {
840 g_free(outinfo->iconcsum); 841 g_free(outinfo->iconcsum);
841 outinfo->iconcsumtype = number; 842 outinfo->iconcsumtype = number2;
842 outinfo->iconcsum = byte_stream_getraw(bs, length2); 843 outinfo->iconcsum = byte_stream_getraw(bs, length2);
843 outinfo->iconcsumlen = length2; 844 outinfo->iconcsumlen = length2;
844 } else 845 }
845 byte_stream_advance(bs, length2);
846 } break; 846 } break;
847 847
848 case 0x0002: { /* A status/available message */ 848 case 0x0002: { /* A status/available message */
849 g_free(outinfo->status); 849 g_free(outinfo->status);
850 g_free(outinfo->status_encoding); 850 g_free(outinfo->status_encoding);