devel questions

Chris Shoemaker c.shoemaker at cox.net
Fri Sep 17 19:58:57 EDT 2004


On Fri, Sep 17, 2004 at 10:13:11AM -0400, Derek Atkins wrote:
> Chris Shoemaker <c.shoemaker at cox.net> writes:
> 
> 
> >> > Why does removing/commenting out "gtk_container_add(GTK_CONTAINER(box),
> >> > GTK_WIDGET(dlg->relatedView));" from category_dialog_create(), prevent
> >> > the consistent SEGV upon closing the dialog?
> >> 
> >> Perhaps it's double-freed?  I dont know, you tell me.
> >
> > I suspected double-free, but I don't know either.  It dies in the
> > library, but I'll keep digging.
> 
> Where in the library does it die?
> Did you try running with valgrind?

I did now.  Looks kinda like use-after-free:

Creating dummy category.  Budget 0x1e316bd8
Adding inflow category...
Adding outflow category...
NumCols: 8
Editing Category... Druid: 0x1e2e1468 Budget: 0x1e316bd8
Category Selected: Inflow
 
(gnucash:12885): Gtk-CRITICAL **: file gtkentry.c: line 3643 (gtk_entry_set_text): assertion `text != NULL' failed
Related Accouts: 0
 
(gnucash:12885): GLib-GObject-WARNING **: invalid cast from `GncTreeModelAccount' to `GtkTreeModelSort'
 
(gnucash:12885): Gtk-CRITICAL **: file gtktreemodelsort.c: line 2016 (gtk_tree_model_sort_get_model): assertion `GTK_IS_TREE_MODEL_SORT (tree_model)' failed
==12885==
==12885== Invalid read of size 4
==12885==    at 0x1C523312: gtk_widget_get_toplevel (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==    by 0x1C522474: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==    by 0x1C5225E4: gtk_widget_has_screen (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==    by 0x1C3BAE64: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==  Address 0x1E23F0D8 is 56 bytes inside a block of size 100 free'd
==12885==    at 0x1B907460: free (vg_replace_malloc.c:153)
==12885==    by 0x1BCF02A3: g_free (in /usr/lib/libglib-2.0.so.0.400.6)
==12885==    by 0x1BCAD13A: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.400.6)
==12885==    by 0x1BC963B0: (within /usr/lib/libgobject-2.0.so.0.400.6)
==12885==
==12885== Invalid read of size 1
==12885==    at 0x1C522475: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==    by 0x1C5225E4: gtk_widget_has_screen (in /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==    by 0x1C3BAE64: (within /usr/lib/libgtk-x11-2.0.so.0.400.9)
==12885==    by 0x1BCECCF2: (within /usr/lib/libglib-2.0.so.0.400.6)
==12885==  Address 0x1E23F0AC is 12 bytes inside a block of size 100 free'd
==12885==    at 0x1B907460: free (vg_replace_malloc.c:153)
==12885==    by 0x1BCF02A3: g_free (in /usr/lib/libglib-2.0.so.0.400.6)
==12885==    by 0x1BCAD13A: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.400.6)

Later, I'll rerun with larger --num-callers.

Oddly, it doesn't SEGV under valgrind.  Is that normal?

Oh, and is all this kind of noise also normal:?
==12885== Use of uninitialised value of size 4
==12885==    at 0x1BCDF3EB: g_hash_table_lookup (in /usr/lib/libglib-2.0.so.0.40 0.6)
==12885==    by 0x1BE61084: qof_collection_lookup_entity (qofid.c:210)
==12885==    by 0x1BE60C33: qof_entity_init (qofid.c:71)
==12885==    by 0x1BE612B9: qof_instance_init (qofinstance.c:58)
==12885==
==12885== Use of uninitialised value of size 4
==12885==    at 0x1BCDF8ED: g_hash_table_remove (in /usr/lib/libglib-2.0.so.0.40 0.6)
==12885==    by 0x1BE60F15: qof_collection_remove_entity (qofid.c:189)
==12885==    by 0x1BE60FCB: qof_collection_insert_entity (qofid.c:199)
==12885==    by 0x1BE60CA1: qof_entity_init (qofid.c:78)


-chris


More information about the gnucash-devel mailing list