d9c75eaec2
server.peers.subscribe is attacker-controlled data: ParsePeers assumed the standard [ip, hostname, [features...]] shape and threw on anything else (non-array response, wrong element types), and GetString() on a JSON string containing invalid UTF-8 bytes threw InvalidOperationException instead of failing to parse — both found by fuzzing. Any unexpected shape or unparseable string now degrades to "no usable data" instead of propagating an exception into the sync/discovery path.