2 files changed, 14 insertions, 2 deletions

diff --git a/src/engine/client/ec_client.c b/src/engine/client/ec_client.c
index ac4b2b81..0b148f45 100644
--- a/src/engine/client/ec_client.c
+++ b/src/engine/client/ec_client.c
@@ -272,6 +272,10 @@ void *snap_find_item(int snapid, int type, int id)
 {
 	/* TODO: linear search. should be fixed. */
 	int i;
+	
+	if(!snapshots[snapid])
+		return 0x0;
+	
 	for(i = 0; i < snapshots[snapid]->snap->num_items; i++)
 	{
 		SNAPSHOT_ITEM *itm = snapshot_get_item(snapshots[snapid]->alt_snap, i);
diff --git a/src/engine/e_network.c b/src/engine/e_network.c
index 6a555d78..0999d189 100644
--- a/src/engine/e_network.c
+++ b/src/engine/e_network.c
@@ -27,11 +27,13 @@ void recvinfo_start(NETRECVINFO *info, NETADDR *addr, NETCONNECTION *conn, int c
 int recvinfo_fetch_chunk(NETRECVINFO *info, NETCHUNK *chunk)
 {
 	NETCHUNKHEADER header;
-	unsigned char *data = info->data.chunk_data;
+	unsigned char *end = info->data.chunk_data + info->data.data_size;
 	int i;
 	
 	while(1)
 	{
+		unsigned char *data = info->data.chunk_data;
+		
 		/* check for old data to unpack */
 		if(!info->valid || info->current_chunk >= info->data.num_chunks)
 		{
@@ -50,6 +52,12 @@ int recvinfo_fetch_chunk(NETRECVINFO *info, NETCHUNK *chunk)
 		data = unpack_chunk_header(data, &header);
 		info->current_chunk++;
 		
+		if(data+header.size > end)
+		{
+			recvinfo_clear(info);
+			return 0;
+		}
+		
 		/* handle sequence stuff */
 		if(info->conn && (header.flags&NET_CHUNKFLAG_VITAL))
 		{
@@ -188,7 +196,7 @@ int unpack_packet(unsigned char *buffer, int size, NETPACKETCONSTRUCT *packet)
 	packet->ack = ((buffer[0]&0xf)<<8) | buffer[1];
 	packet->num_chunks = buffer[2];
 	packet->data_size = size - NET_PACKETHEADERSIZE;
-	
+
 	if(packet->flags&NET_PACKETFLAG_CONNLESS)
 	{
 		packet->flags = NET_PACKETFLAG_CONNLESS;