Hi Guacamole developers, I just noticed a unclear code behavior in guacamole-server/src/libguac/user.c:
===== (….) guac_user* user = calloc(1, sizeof(guac_user)); int i; /* Generate ID */ user->user_id = guac_generate_id(GUAC_USER_ID_PREFIX); (….) ===== Still in master branch: https://github.com/apache/guacamole-server/blob/332e187813595fc2e769f3e29c0582b7ec726ea1/src/libguac/user.c#L41 Further, its caller also not verify if guac_user_alloc() returns NULL user: ===== /* Create skeleton user */ guac_user* user = guac_user_alloc(); user->socket = socket; user->client = client; user->owner = params->owner; ===== Location: https://github.com/apache/guacamole-server/blob/67680bd2d51e7949453f0f7ffc7f4234a1136715/src/guacd/proc.c#L92 I am wondering weather this is intentional or not? Should the `calloc` call be verified if returns NULL pointer? It seems accessing NULL struct pointer members is an undefined behavior? Am I missing something here? Best, Changkun
