From ad6ddcb507be002b5759e027299c48064a9ddb6a Mon Sep 17 00:00:00 2001
From: John Preston <johnprestonmail@gmail.com>
Date: Thu, 30 Nov 2017 11:14:31 +0400
Subject: [PATCH] Fix crash in selecting unsent messages.

Also add some more checks in file downloads and serialization.
---
 Telegram/SourceFiles/history/history_inner_widget.cpp | 8 +++++---
 Telegram/SourceFiles/mtproto/dc_options.cpp           | 2 +-
 Telegram/SourceFiles/storage/file_download.cpp        | 2 ++
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Telegram/SourceFiles/history/history_inner_widget.cpp b/Telegram/SourceFiles/history/history_inner_widget.cpp
index 92f71a796..f478ac2b6 100644
--- a/Telegram/SourceFiles/history/history_inner_widget.cpp
+++ b/Telegram/SourceFiles/history/history_inner_widget.cpp
@@ -1066,9 +1066,11 @@ void HistoryInner::mouseActionFinish(const QPoint &screenPos, Qt::MouseButton bu
 		return;
 	}
 	if (_mouseAction == MouseAction::PrepareSelect && !_pressWasInactive && !_selected.empty() && _selected.cbegin()->second == FullSelection) {
-		SelectedItems::iterator i = _selected.find(_mouseActionItem);
-		if (i == _selected.cend() && !_mouseActionItem->serviceMsg() && _mouseActionItem->id > 0) {
-			if (_selected.size() < MaxSelectedItems) {
+		auto i = _selected.find(_mouseActionItem);
+		if (i == _selected.cend()) {
+			if (!_mouseActionItem->serviceMsg()
+				&& IsServerMsgId(_mouseActionItem->id)
+				&& _selected.size() < MaxSelectedItems) {
 				if (!_selected.empty() && _selected.cbegin()->second != FullSelection) {
 					_selected.clear();
 				}
diff --git a/Telegram/SourceFiles/mtproto/dc_options.cpp b/Telegram/SourceFiles/mtproto/dc_options.cpp
index 6d3f976d3..4d458f475 100644
--- a/Telegram/SourceFiles/mtproto/dc_options.cpp
+++ b/Telegram/SourceFiles/mtproto/dc_options.cpp
@@ -284,7 +284,7 @@ void DcOptions::constructFromSerialized(const QByteArray &serialized) {
 
 		// https://stackoverflow.com/questions/1076714/max-length-for-client-ip-address
 		constexpr auto kMaxIpSize = 45;
-		if (ipSize > kMaxIpSize) {
+		if (ipSize <= 0 || ipSize > kMaxIpSize) {
 			LOG(("MTP Error: Bad data inside DcOptions::constructFromSerialized()"));
 			return;
 		}
diff --git a/Telegram/SourceFiles/storage/file_download.cpp b/Telegram/SourceFiles/storage/file_download.cpp
index f4e00be00..7a7008c8e 100644
--- a/Telegram/SourceFiles/storage/file_download.cpp
+++ b/Telegram/SourceFiles/storage/file_download.cpp
@@ -662,6 +662,8 @@ void mtpFileLoader::getCdnFileHashesDone(const MTPVector<MTPCdnFileHash> &result
 }
 
 void mtpFileLoader::placeSentRequest(mtpRequestId requestId, const RequestData &requestData) {
+	Expects(!_finished);
+
 	_downloader->requestedAmountIncrement(requestData.dcId, requestData.dcIndex, partSize());
 	++_queue->queriesCount;
 	_sentRequests.emplace(requestId, requestData);