Comment 7 for bug 245770

#
#
# patch "libpurple/protocols/msnp9/slplink.c"
# from [0148f31961bbe4a9a992377e70db082952505db4]
# to [f65596ea173bf7c9c1114edd7599140f470e7788]
#
============================================================
--- libpurple/protocols/msnp9/slplink.c 0148f31961bbe4a9a992377e70db082952505db4
+++ libpurple/protocols/msnp9/slplink.c f65596ea173bf7c9c1114edd7599140f470e7788
@@ -597,7 +597,7 @@ msn_slplink_process_msg(MsnSlpLink *slpl
  }
  else if (slpmsg->size)
  {
- if ((offset + len) > slpmsg->size)
+ if (G_MAXSIZE - len < offset || (offset + len) > slpmsg->size)
   {
    purple_debug_error("msn", "Oversized slpmsg\n");
    g_return_if_reached();

For reference, this is the upstream patch that went into 2.4.3. I need to
backport this for pidgin-2.3.1 in RHEL4 and RHEL5, and pidgin-1.5.x in RHEL3.