Mercurial > pidgin
comparison src/protocols/msn/msg.c @ 11235:5ea38c98ff30
[gaim-migrate @ 13380]
Patch 1256826 from Federico Schwindt to ensure msg->body is always nul
terminated (even though strictly it shouldn't need to be, it's safer
like this). Plus a fix by me for one case where we were assuming it was
already nul terminated.
committer: Tailor Script <tailor@pidgin.im>
| author | Stu Tomlinson <stu@nosnilmot.com> |
|---|---|
| date | Thu, 11 Aug 2005 19:25:48 +0000 |
| parents | 0c9e936c154b |
| children | 95fa774d216d |
comparison
equal
deleted
inserted
replaced
| 11234:7d5e8bed8018 | 11235:5ea38c98ff30 |
|---|---|
| 185 body_len = len - (tmp - body); | 185 body_len = len - (tmp - body); |
| 186 /* msg->body_len = msg->msnslp_header.length; */ | 186 /* msg->body_len = msg->msnslp_header.length; */ |
| 187 | 187 |
| 188 if (body_len > 0) { | 188 if (body_len > 0) { |
| 189 msg->body_len = len - (tmp - body); | 189 msg->body_len = len - (tmp - body); |
| 190 msg->body = g_memdup(tmp, msg->body_len); | 190 msg->body = g_malloc0(msg->body_len + 1); |
| 191 memcpy(msg->body, tmp, msg->body_len); | |
| 191 tmp += body_len; | 192 tmp += body_len; |
| 192 } | 193 } |
| 193 } | 194 } |
| 194 | 195 |
| 195 void | 196 void |
| 298 body_len = payload_len - (tmp - tmp_base) - sizeof(footer); | 299 body_len = payload_len - (tmp - tmp_base) - sizeof(footer); |
| 299 | 300 |
| 300 /* Import the body. */ | 301 /* Import the body. */ |
| 301 if (body_len > 0) { | 302 if (body_len > 0) { |
| 302 msg->body_len = body_len; | 303 msg->body_len = body_len; |
| 303 msg->body = g_memdup(tmp, msg->body_len); | 304 msg->body = g_malloc0(msg->body_len + 1); |
| 305 memcpy(msg->body, tmp, msg->body_len); | |
| 304 tmp += body_len; | 306 tmp += body_len; |
| 305 } | 307 } |
| 306 | 308 |
| 307 /* Import the footer. */ | 309 /* Import the footer. */ |
| 308 if (body_len >= 0) { | 310 if (body_len >= 0) { |
| 313 } | 315 } |
| 314 else | 316 else |
| 315 { | 317 { |
| 316 if (payload_len - (tmp - tmp_base) > 0) { | 318 if (payload_len - (tmp - tmp_base) > 0) { |
| 317 msg->body_len = payload_len - (tmp - tmp_base); | 319 msg->body_len = payload_len - (tmp - tmp_base); |
| 318 msg->body = g_memdup(tmp, msg->body_len); | 320 msg->body = g_malloc0(msg->body_len + 1); |
| 321 memcpy(msg->body, tmp, msg->body_len); | |
| 319 } | 322 } |
| 320 } | 323 } |
| 321 | 324 |
| 322 g_free(tmp_base); | 325 g_free(tmp_base); |
| 323 } | 326 } |
| 509 if (msg->body != NULL) | 512 if (msg->body != NULL) |
| 510 g_free(msg->body); | 513 g_free(msg->body); |
| 511 | 514 |
| 512 if (data != NULL && len > 0) | 515 if (data != NULL && len > 0) |
| 513 { | 516 { |
| 514 msg->body = g_memdup(data, len); | 517 msg->body = g_malloc0(len + 1); |
| 518 memcpy(msg->body, data, len); | |
| 515 msg->body_len = len; | 519 msg->body_len = len; |
| 516 } | 520 } |
| 517 else | 521 else |
| 518 { | 522 { |
| 519 msg->body = NULL; | 523 msg->body = NULL; |