When a MessagePackSecurity instance is mutated, the copy constructor doesn't initialize its objectFallbackEqualityComparer field, leading to future calls to MessagePackSecurity.GetEqualityComparer<object> to return null.
What's particularly hazardous about this is that null is interpreted by Dictionary<K,V> to mean "default comparer" so it defeats the hash collision resistant fixes we made recently.
The text was updated successfully, but these errors were encountered:
When a
MessagePackSecurityinstance is mutated, the copy constructor doesn't initialize itsobjectFallbackEqualityComparerfield, leading to future calls toMessagePackSecurity.GetEqualityComparer<object>to return null.What's particularly hazardous about this is that
nullis interpreted byDictionary<K,V>to mean "default comparer" so it defeats the hash collision resistant fixes we made recently.The text was updated successfully, but these errors were encountered: