Mercurial > pidgin3 / changeset

--- a/libpurple/protocols/simple/simple.c	Sat Jan 11 21:41:52 2014 -0800
+++ b/libpurple/protocols/simple/simple.c	Sat Jan 11 21:43:32 2014 -0800
@@ -1640,7 +1640,7 @@
 		cur += 2;
 		restlen = conn->inbufused - (cur - conn->inbuf);
 		if(restlen >= msg->bodylen) {
-			dummy = g_malloc(msg->bodylen + 1);
+			dummy = g_new(char, msg->bodylen + 1);
 			memcpy(dummy, cur, msg->bodylen);
 			dummy[msg->bodylen] = '\0';
 			msg->body = dummy;

--- a/libpurple/protocols/simple/sipmsg.c	Sat Jan 11 21:41:52 2014 -0800
+++ b/libpurple/protocols/simple/sipmsg.c	Sat Jan 11 21:43:32 2014 -0800
@@ -114,6 +114,11 @@
 	tmp2 = sipmsg_find_header(msg, "Content-Length");
 	if (tmp2 != NULL)
 		msg->bodylen = strtol(tmp2, NULL, 10);
+	if (msg->bodylen < 0) {
+		purple_debug_warning("simple", "Invalid body length: %d",
+			msg->bodylen);
+		msg->bodylen = 0;
+	}
 
 	if(msg->response) {
 		tmp2 = sipmsg_find_header(msg, "CSeq");