Index: libpurple/internal.h =================================================================== --- libpurple/internal.h (revision 13143) +++ libpurple/internal.h (working copy) @@ -140,6 +140,14 @@ # define G_MAXUINT32 ((guint32) 0xffffffff) #endif +#ifndef G_MAXSIZE +# if GLIB_SIZEOF_LONG == 8 +# define G_MAXSIZE ((gsize) 0xffffffffffffffff) +# else +# define G_MAXSIZE ((gsize) 0xffffffff) +# endif +#endif + #if GLIB_CHECK_VERSION(2,6,0) # include <glib/gstdio.h> #endif --- libpurple/protocols/msn/slplink.c.cve-2008-2927 2007-09-29 12:39:09.000000000 -0400 +++ libpurple/protocols/msn/slplink.c 2008-07-10 12:13:12.000000000 -0400 @@ -595,7 +595,7 @@ msn_slplink_process_msg(MsnSlpLink *slpl } else if (slpmsg->size) { - if ((offset + len) > slpmsg->size) + if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size) { purple_debug_error("msn", "Oversized slpmsg\n"); g_return_if_reached();