# HG changeset patch
# User Daniel Atallah <daniel.atallah@gmail.com>
# Date 1118378560 0
# Node ID 0c9e936c154b8781f0018711254f032a422d4d5a
# Parent  218cccfb8e48c26012e3be4351469379a6fff967
[gaim-migrate @ 12851]
This is basically the same scenario as the previous fix.

committer: Tailor Script <tailor@pidgin.im>

diff -r 218cccfb8e48 -r 0c9e936c154b src/protocols/msn/msg.c
--- a/src/protocols/msn/msg.c	Fri Jun 10 04:08:21 2005 +0000
+++ b/src/protocols/msn/msg.c	Fri Jun 10 04:42:40 2005 +0000
@@ -159,9 +159,14 @@
 {
 	MsnSlpHeader header;
 	const char *tmp;
+	int body_len;
 
 	tmp = body;
 
+	if (len < sizeof(header)) {
+		g_return_if_reached();
+	}
+
 	/* Import the header. */
 	memcpy(&header, tmp, sizeof(header));
 	tmp += sizeof(header);
@@ -177,13 +182,14 @@
 	msg->msnslp_header.ack_size   = GUINT64_FROM_LE(header.ack_size);
 
 	/* Import the body. */
+	body_len = len - (tmp - body);
 	/* msg->body_len = msg->msnslp_header.length; */
-	msg->body_len = len - (tmp - body);
 
-	if (msg->body_len > 0)
+	if (body_len > 0) {
+		msg->body_len = len - (tmp - body);
 		msg->body = g_memdup(tmp, msg->body_len);
-
-	tmp += msg->body_len;
+		tmp += body_len;
+	}
 }
 
 void