# HG changeset patch
# User Stu Tomlinson <stu@nosnilmot.com>
# Date 1214507127 0
# Node ID 0a7fe6eaa5ab2eaf64d86b92c992efcddd7e86ca
# Parent  f0a88845f51702a5e088bccec3bf74fc5c405e52# Parent  79b4a8e0da77ec51936f593d9c557fd327d44cb0
propagate from branch 'im.pidgin.pidgin.2.4.3' (head c3831c9181f4f61b747321240086ee79e4a08fd8)
            to branch 'im.pidgin.pidgin' (head 56142fc8ab251185fb90236062737b3768d52710)

diff -r f0a88845f517 -r 0a7fe6eaa5ab libpurple/protocols/msn/slplink.c
--- a/libpurple/protocols/msn/slplink.c	Thu Jun 26 09:14:42 2008 +0000
+++ b/libpurple/protocols/msn/slplink.c	Thu Jun 26 19:05:27 2008 +0000
@@ -593,7 +593,7 @@
 	}
 	else if (slpmsg->size)
 	{
-		if (offset < 0 || (offset + len) > slpmsg->size)
+		if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
 		{
 			purple_debug_error("msn",
 				"Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT " len=%" G_GSIZE_FORMAT "\n",
diff -r f0a88845f517 -r 0a7fe6eaa5ab libpurple/protocols/msnp9/slplink.c
--- a/libpurple/protocols/msnp9/slplink.c	Thu Jun 26 09:14:42 2008 +0000
+++ b/libpurple/protocols/msnp9/slplink.c	Thu Jun 26 19:05:27 2008 +0000
@@ -597,7 +597,7 @@
 	}
 	else if (slpmsg->size)
 	{
-		if (offset < 0 || (offset + len) > slpmsg->size)
+		if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
 		{
 			purple_debug_error("msn", "Oversized slpmsg\n");
 			g_return_if_reached();