fixes an invalid read: ==12531== Invalid read of size 1 ==12531== at 0xFD7FB2D: yahoo_packet_read (yahoo_packet.c:205) ==12531== by 0xFD6E18D: yahoo_pending (yahoo.c:3267) ==12531== by 0x474C5C: pidgin_io_invoke (gtkeventloop.c:78) ==12531== by 0x9DF8D5A: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x9DFC52C: (within /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x9DFCA5C: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x60677A6: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1400.4) ==12531== by 0x492CFF: main (gtkmain.c:892) ==12531== Address 0xcee0552 is 0 bytes after a block of size 26 alloc'd ==12531== at 0x4C265AE: malloc (vg_replace_malloc.c:207) ==12531== by 0x9E01472: g_malloc (in /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x9E19056: g_memdup (in /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0xFD6E1E8: yahoo_pending (yahoo.c:3271) ==12531== by 0x474C5C: pidgin_io_invoke (gtkeventloop.c:78) ==12531== by 0x9DF8D5A: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x9DFC52C: (within /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x9DFCA5C: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1800.2) ==12531== by 0x60677A6: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1400.4) ==12531== by 0x492CFF: main (gtkmain.c:892)

--- a/libpurple/protocols/yahoo/yahoo_packet.c	Wed Mar 25 07:12:28 2009 +0000
+++ b/libpurple/protocols/yahoo/yahoo_packet.c	Thu Mar 26 03:40:59 2009 +0000
@@ -201,6 +201,8 @@
 		}
 		pos += 2;
 
+		if (pos + 1 > len) break;
+
 		/* Skip over garbage we've noticed in the mail notifications */
 		if (data[0] == '9' && data[pos] == 0x01)
 			pos++;