Mike Jumper created GUACAMOLE-1784: -------------------------------------- Summary: guac_user instances must only be referenced from user callbacks Key: GUACAMOLE-1784 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1784 Project: Guacamole Issue Type: Bug Components: guacamole-server Reporter: Mike Jumper
An instance of {{guac_user}} has a lifecycle that may result in that {{guac_user}} becoming invalid at any moment _except_ within the context of a callback directly related to that user. The {{guac_client_for_user()}} function exists to provide a mechanism for referencing a {{guac_user}} without a corresponding callback, but this call is missing in a few locations, resulting in potential segfaults. For example: {code:c} static void guac_rdp_audio_buffer_ack(guac_rdp_audio_buffer* audio_buffer, const char* message, guac_protocol_status status) { guac_user* user = audio_buffer->user; guac_stream* stream = audio_buffer->stream; ... guac_protocol_send_ack(user->socket, stream, message, status); ... } {code} The above is incorrect because {{user->socket}} is being accessed outside a user-related callback and without using {{{}guac_client_for_user(){}}}. If the {{user}} turns out to not be valid, this will segfault. We should fix the above, look through the code for other references to {{guac_user}} outside a user-related callback, and fix those as well. -- This message was sent by Atlassian Jira (v8.20.10#820010)