--- deliantra/server/socket/image.C	2007/02/16 22:33:46	1.21
+++ deliantra/server/socket/image.C	2007/03/10 19:48:17	1.23
@@ -443,7 +443,7 @@
 send_image_sums (client *ns, char *params)
 {
   int start, stop;
-  char *cp, buf[MAX_BUF];
+  char *cp;
 
   packet sl;
 
@@ -469,6 +469,9 @@
 
       int qq = get_face_fallback (ns->faceset, i);
 
+      if (sl.room () < 2 + 4 + 1 + new_faces[i].name.length () + 1)
+        break;
+
       sl << uint16 (i)
          << uint32 (facesets[qq].faces[i].checksum)
          << uint8  (qq)
@@ -480,6 +483,7 @@
    * size to less than 1000, since that is what we claim the protocol would
    * support.
    */
+  //TODO: taken care of above, should simply abort or make sure the above code is correct
   if (sl.length () >= MAXSOCKBUF)
     {
       LOG (llevError, "send_image_send: buffer overrun, %d > %d\n", sl.length (), MAXSOCKBUF);