> > I just finished a "git bisect" between the 1.5.1 and 1.5.2 tags, and > here's the result: > > 4fca7a6d7b1f1ee9e5b058db745d511eca62b63b is the first bad commit > commit 4fca7a6d7b1f1ee9e5b058db745d511eca62b63b > Author: Keeley Hoek <[email protected]> > Date: Fri Mar 17 18:51:36 2023 -0400 > > GUACAMOLE-1717: Fix RDP cursor use of uninitialized memory > > :040000 040000 5aa8c97fa32b68918a91cd842f4c0272637edf5a > 3aedd2f17deca8c081711d12d10ddfe811f605e2 M src
Looking at the changes in this commit, my guess is that "_aligned_recalloc" is returning NULL, for some reason or another, and that condition is never checked, and so the NULL pointer "data" is then passed on to the freerdp_image_copy_from_pointer_data call, which causes the segfault. Also, reading over the original pull request (https://github.com/apache/guacamole-server/pull/418), it isn't obvious to me why the code was switched from _aligned_malloc to _aligned_recalloc in the first place. It's possible the version of FreeRDP that I have (2.1.1-5.el7_9) has a bug that causes an unexpected NULL return value. If I edit that src/protocols/rdp/pointer.c file and change the _aligned_recalloc call back to _aligned_malloc, it works as expected. -Nick
