nice_socket_recv_messages() may return a NiceInputMessage of length = 0,
so before attempting to read the RFC4571 header check the message really
has at least sizeof (guint16) bytes of data.
The bug's always been there, the previous commit only made it more
apparent.
local_bufs[i + 1].size = message->buffers[i].size;
}
sockret = nice_socket_recv_messages (nicesock, &local_message, 1);
- if (sockret == 1) {
+ if (sockret == 1 && local_message.length >= sizeof (guint16)) {
message->length = ntohs (rfc4571_frame);
}
} else {
NiceInputMessage local_message = { &local_buf, 1, message->from, 0};
sockret = nice_socket_recv_messages (nicesock, &local_message, 1);
- if (sockret == 1) {
+ if (sockret == 1 && local_message.length >= sizeof (guint16)) {
agent->rfc4571_expecting_length = ntohs (rfc4571_frame);
available = g_socket_get_available_bytes (nicesock->fileno);
}