/pidgin/main: 49eb0136f2ec: jabber: avoid possible heap overflow...

[Daniel Atallah]

Changeset: 49eb0136f2ecfccd380e3a6e5fc2f617349dce26
Author:	 Daniel Atallah <datallah at pidgin.im>
Date:	 2013-02-18 22:46 -0500
Branch:	 release-2.x.y
URL: http://hg.pidgin.im/pidgin/main/rev/49eb0136f2ec

Description:

jabber: avoid possible heap overflow when a very small file has been chosen for
        your own avatar

 * Thanks goes to Jacob Appelbaum for noticing this
 * The way this works is certainly not ideal, but libpurple doesn't depend on
   any image libraries.

diffstat:

 libpurple/protocols/jabber/useravatar.c |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (27 lines):

diff --git a/libpurple/protocols/jabber/useravatar.c b/libpurple/protocols/jabber/useravatar.c
--- a/libpurple/protocols/jabber/useravatar.c
+++ b/libpurple/protocols/jabber/useravatar.c
@@ -113,6 +113,7 @@ void jabber_avatar_set(JabberStream *js,
 		 *       and width.
 		 */
 		/* A PNG header, including the IHDR, but nothing else */
+		/* ATTN: this is in network byte order! */
 		const struct {
 			guchar signature[8]; /* must be hex 89 50 4E 47 0D 0A 1A 0A */
 			struct {
@@ -126,10 +127,13 @@ void jabber_avatar_set(JabberStream *js,
 				guchar filter;
 				guchar interlace;
 			} ihdr;
-		} *png = purple_imgstore_get_data(img); /* ATTN: this is in network byte order! */
+		} *png = NULL;
+
+		if (purple_imgstore_get_size(img) > sizeof(*png))
+			png = purple_imgstore_get_data(img);
 
 		/* check if the data is a valid png file (well, at least to some extent) */
-		if(png->signature[0] == 0x89 &&
+		if(png && png->signature[0] == 0x89 &&
 		   png->signature[1] == 0x50 &&
 		   png->signature[2] == 0x4e &&
 		   png->signature[3] == 0x47 &&