changeset 11001:0c9e936c154b

[gaim-migrate @ 12851] This is basically the same scenario as the previous fix. committer: Tailor Script <tailor@pidgin.im>
author Daniel Atallah <daniel.atallah@gmail.com>
date Fri, 10 Jun 2005 04:42:40 +0000
parents 218cccfb8e48
children bf03a5271395
files src/protocols/msn/msg.c
diffstat 1 files changed, 10 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/protocols/msn/msg.c	Fri Jun 10 04:08:21 2005 +0000
+++ b/src/protocols/msn/msg.c	Fri Jun 10 04:42:40 2005 +0000
@@ -159,9 +159,14 @@
 {
 	MsnSlpHeader header;
 	const char *tmp;
+	int body_len;
 
 	tmp = body;
 
+	if (len < sizeof(header)) {
+		g_return_if_reached();
+	}
+
 	/* Import the header. */
 	memcpy(&header, tmp, sizeof(header));
 	tmp += sizeof(header);
@@ -177,13 +182,14 @@
 	msg->msnslp_header.ack_size   = GUINT64_FROM_LE(header.ack_size);
 
 	/* Import the body. */
+	body_len = len - (tmp - body);
 	/* msg->body_len = msg->msnslp_header.length; */
-	msg->body_len = len - (tmp - body);
 
-	if (msg->body_len > 0)
+	if (body_len > 0) {
+		msg->body_len = len - (tmp - body);
 		msg->body = g_memdup(tmp, msg->body_len);
-
-	tmp += msg->body_len;
+		tmp += body_len;
+	}
 }
 
 void