Segmentation Fault in xaccFreeSplit

Derek Atkins warlord at MIT.EDU
Fri Jan 21 23:09:18 EST 2005

Quoting Thomas Bushnell BSG <tb at>:

> Derek Atkins <warlord at MIT.EDU> writes:
> > And yes, this code has been there a long time, in order to detect a
> > double-free.  
> That's a bug then; you can't access freed memory, period.  

Well, yes and no...

> Indeed, it is fair game for an attempted read out of freed memory to
> fault; it's been freed, you can't read it.  You have no right to
> assume that malloc/free even keep pages mapped after a free.

Agreed, and it would be a bug if the freed object was kept around.  The fact
that the object-free function checks first is not a bug -- it's more of a
debugging tool.  If the code actually segfaulted at _that_ point it would show
you that you have a bug elsewhere causing the freed object to be retained. 
However the fact that we check for an invalid pointer and then, later, set the
object to an invalid pointer before freeing it is perfectly legal code.

> Thomas


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the gnucash-devel mailing list