MSN SLP fix

author: Richard Laager <rlaager@pidgin.im> 2008-06-26 08:42:49 +0000
committer: Richard Laager <rlaager@pidgin.im> 2008-06-26 08:42:49 +0000
commit: 11acfddf5f4e6ddbdab26d83013bd0ecf7f14bf5 (patch)
tree: 59606945001413d7aea8ff33ae5642b7ffc8750f
parent: fd12925b238ad52512b8d117e8f45361cc62e2da (diff)
download: pidgin-11acfddf5f4e6ddbdab26d83013bd0ecf7f14bf5.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/libpurple/protocols/msn/slplink.c b/libpurple/protocols/msn/slplink.c
index 7975725e25..849cc500a4 100644
--- a/libpurple/protocols/msn/slplink.c
+++ b/libpurple/protocols/msn/slplink.c
@@ -593,7 +593,7 @@ msn_slplink_process_msg(MsnSlpLink *slplink, MsnMessage *msg)
 	}
 	else if (slpmsg->size)
 	{
-		if ((offset + len) > slpmsg->size)
+		if (offset < 0 || (offset + len) > slpmsg->size)
 		{
 			purple_debug_error("msn",
 				"Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT " len=%" G_GSIZE_FORMAT "\n",
diff --git a/libpurple/protocols/msnp9/slplink.c b/libpurple/protocols/msnp9/slplink.c
index 3cadeec328..635c7914a0 100644
--- a/libpurple/protocols/msnp9/slplink.c
+++ b/libpurple/protocols/msnp9/slplink.c
@@ -597,7 +597,7 @@ msn_slplink_process_msg(MsnSlpLink *slplink, MsnMessage *msg)
 	}
 	else if (slpmsg->size)
 	{
-		if ((offset + len) > slpmsg->size)
+		if (offset < 0 || (offset + len) > slpmsg->size)
 		{
 			purple_debug_error("msn", "Oversized slpmsg\n");
 			g_return_if_reached();
author	Richard Laager <rlaager@pidgin.im>	2008-06-26 08:42:49 +0000
committer	Richard Laager <rlaager@pidgin.im>	2008-06-26 08:42:49 +0000
commit	11acfddf5f4e6ddbdab26d83013bd0ecf7f14bf5 (patch)
tree	59606945001413d7aea8ff33ae5642b7ffc8750f
parent	fd12925b238ad52512b8d117e8f45361cc62e2da (diff)
download	pidgin-11acfddf5f4e6ddbdab26d83013bd0ecf7f14bf5.tar.gz