-
Simon McVittie authored
This fast-path previously did not check that the array was made up of an integer number of items. This could lead to assertion failures and out-of-bounds accesses during subsequent message processing (which assumes that the message has already been validated), particularly after the addition of _dbus_header_remove_unknown_fields(), which makes it more likely that dbus-daemon will apply non-trivial edits to messages. Thanks: Evgeny Vereshchagin Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays" Resolves: #413 Resolves: CVE-2022 -42011 Signed-off-by: Simon McVittie <smcv@collabora.com>
079bbf16