Paul's patch looks good to me (thanks, Paul!) I do have a question... in order to reproduce this bug, does the victim need to accept an incoming file transfer in order to be vulnerable? Or is it possible for a stranger to trigger this crash on any XMPP user?