# HG changeset patch
# User Ethan Blanton <elb@pidgin.im>
# Date 1313079033 0
# Node ID de1a7814023f08b98d4d1cd37084c986d93f754a
# Parent  32ef245fd1f63d36d290e423e762afe420cca8e8
Bounds check log scanning, thanks to the EFF

diff -r 32ef245fd1f6 -r de1a7814023f libpurple/log.c
--- a/libpurple/log.c	Thu Aug 11 16:08:40 2011 +0000
+++ b/libpurple/log.c	Thu Aug 11 16:10:33 2011 +0000
@@ -1838,7 +1838,7 @@
 
 			g_snprintf(convostart, length, "%s", temp);
 			memset(&tm, 0, sizeof(tm));
-			sscanf(convostart, "%*s %s %d %d:%d:%d %d",
+			sscanf(convostart, "%*s %3s %d %d:%d:%d %d",
 			       month, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec, &tm.tm_year);
 			/* Ugly hack, in case current locale is not English */
 			if (purple_strequal(month, "Jan")) {