mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-12-13 20:08:29 +01:00
c74177337d
They are not allowed in the specification, and can lead to infinite loops when parsing. That’s a security issue if your application is accepting D-Bus messages from untrusted peers (perhaps in a peer-to-peer connection). It’s not exploitable when your application is connected to a bus (such as the system or session buses), as the bus daemons (dbus-daemon or dbus-broker) filter out such broken messages and don’t forward them. Arrays of zero-length elements are disallowed in the D-Bus specification: https://dbus.freedesktop.org/doc/dbus-specification.html#container-types oss-fuzz#41428, #41435 Fixes: #2557
113 KiB
113 KiB