Merged requested to merge 2528-dbus-message-truncation into main
Perform strict bounds checking when reading data from the D-Bus message, and propagate errors to the callers.
Previously, truncated D-Bus messages could cause out-of-bounds reads.
This is a security issue, but one which is only exploitable when communicating with an untrusted peer (who might send malicious messages). Almost all D-Bus traffic is with a session or system bus, where the dbus-daemon or dbus-broker is trusted, and is known to have already rejected malformed (malicious) messages.
Accordingly, this is only exploitable with peer-to-peer D-Bus conversations with an untrusted peer.
(Includes some minor cleanups from Philip Withnall.)
oss-fuzz#17408 Fixes: #2528 (closed)
Closes #2528 (closed)