[ https://issues.apache.org/jira/browse/GUACAMOLE-1784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Jumper reassigned GUACAMOLE-1784: -------------------------------------- Assignee: Mike Jumper > guac_user instances must only be referenced from user callbacks > --------------------------------------------------------------- > > Key: GUACAMOLE-1784 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-1784 > Project: Guacamole > Issue Type: Bug > Components: guacamole-server > Reporter: Mike Jumper > Assignee: Mike Jumper > Priority: Minor > > An instance of {{guac_user}} has a lifecycle that may result in that > {{guac_user}} becoming invalid at any moment _except_ within the context of a > callback directly related to that user. The {{guac_client_for_user()}} > function exists to provide a mechanism for referencing a {{guac_user}} > without a corresponding callback, but this call is missing in a few > locations, resulting in potential segfaults. > For example: > {code:c} > static void guac_rdp_audio_buffer_ack(guac_rdp_audio_buffer* audio_buffer, > const char* message, guac_protocol_status status) { > guac_user* user = audio_buffer->user; > guac_stream* stream = audio_buffer->stream; > ... > guac_protocol_send_ack(user->socket, stream, message, status); > ... > } > {code} > The above is incorrect because {{user->socket}} is being accessed outside a > user-related callback and without using {{{}guac_client_for_user(){}}}. If > the {{user}} turns out to not be valid, this will segfault. > We should fix the above, look through the code for other references to > {{guac_user}} outside a user-related callback, and fix those as well. -- This message was sent by Atlassian Jira (v8.20.10#820010)