Mercurial > pidgin

diff src/toc.c @ 79:bfdc427b936d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 89] I'll save time and just post the email :-) Summary of changes: * Misc malloc/free cleanups, use g_malloc more places and other small stuff (e.g. lineardata not being freed in the error case in sound.c) * Misc signed/unsigned cleanups (use size_t more often) * read() can return -1 at any point, check return values more rigorously (read_rv variables used for this) * In can_play_audio, stat requires a pointer to an allocated stat_buf (the address of an automatic variable) * escape_text needs a buffer at least 4 times the size of the text being passed in (not 2 times); I can force core dumps with lots of newlines otherwise * There's a debug statement in netscape_command (browser.c) that was printf("Hello%d\n"); with no int for the %d; I threw in a getppid(), but the statement should probably come out eventually. Thanks, G Sumner Hayes! committer: Tailor Script <tailor@pidgin.im>
author Rob Flynn <gaim@robflynn.com>
date Wed, 05 Apr 2000 05:34:08 +0000
parents aa738bb8d8d7
children 55faf2e3a134
line wrap: on
line diff
--- a/src/toc.c	Fri Mar 31 20:22:12 2000 +0000
+++ b/src/toc.c	Wed Apr 05 05:34:08 2000 +0000
@@ -283,35 +283,47 @@
 }
 
 
-int wait_reply(char *buffer, int buflen)
+int wait_reply(char *buffer, size_t buflen)
 {
-        int res=6;
+        size_t res=-1;
+	int read_rv = -1;
 	struct sflap_hdr *hdr=(struct sflap_hdr *)buffer;
         char *c;
 
-        while((res = read(toc_fd, buffer, 1))) {
-		if (res < 0)
-			return res;
+	if(buflen < sizeof(struct sflap_hdr)) {
+	    do_error_dialog("Buffer too small", "Gaim - Error (internal)");
+	    return -1;
+	}
+
+        while((read_rv = read(toc_fd, buffer, 1))) {
+		if (read_rv < 0 || read_rv > 1)
+			return -1;
 		if (buffer[0] == '*')
                         break;
 
 	}
 
-	res = read(toc_fd, buffer+1, sizeof(struct sflap_hdr) - 1);
+	read_rv = read(toc_fd, buffer+1, sizeof(struct sflap_hdr) - 1);
 
-        if (res < 0)
-		return res;
+        if (read_rv < 0)
+		return read_rv;
 
-	res += 1;
+	res = read_rv + 1;
 	
         
 	sprintf(debug_buff, "Rcv: %s %s\n",print_header(buffer), "");
 	debug_print(debug_buff);
 
 
+	if(buflen < sizeof(struct sflap_hdr) + ntohs(hdr->len) + 1) {
+	    do_error_dialog("Buffer too small", "Gaim - Error (internal)");
+	    return -1;
+	}
 
         while (res < (sizeof(struct sflap_hdr) + ntohs(hdr->len))) {
-		res += read(toc_fd, buffer + res, (ntohs(hdr->len) + sizeof(struct sflap_hdr)) - res);
+		read_rv = read(toc_fd, buffer + res, (ntohs(hdr->len) + sizeof(struct sflap_hdr)) - res);
+		if(read_rv < 0) return read_rv;
+		res += read_rv;
 		while(gtk_events_pending())
 			gtk_main_iteration();
 	}