[Gnucash-changes] Eliminate a double free of memory.
David Hampton
hampton-gnucash at rainbolthampton.net
Thu Jun 2 13:26:59 EDT 2005
On Thu, 2005-06-02 at 13:00 -0400, Chris Shoemaker wrote:
> On Thu, Jun 02, 2005 at 11:10:48AM -0400, David Hampton wrote:
> > --- src/business/business-gnome/dialog-customer.c
> > +++ src/business/business-gnome/dialog-customer.c
> > @@ -383,7 +383,8 @@
> > CustomerWindow *cw = user_data;
> >
> > gtk_widget_destroy (cw->dialog);
> > - cw->dialog = NULL;
> > + // cw has already been freed by this point.
> > + // cw->dialog = NULL;
> > }
>
> This patch looks wrong. 1) This certainly doesn't fix a double-free
> bug because it doesn't remove a free.
You're right; my comment is wrong. This change prevents writing to
already freed memory. The problem was this particular write trashes the
memory free list such that libc rolls over and dies.
> 2) gtk_widget_destroy() may
> free cw->dialog, in which case it's wise to assign NULL.
> gtk_widget_destroy should never free cw. If it does, then something
> is seriously wrong somewhere else, but not here.
Calling gtk_widget_destroy on this dialog eventually causes the
gnc_customer_window_destroy_cb function to be called. That function is
where the free of the cw data structure occurs.
The pattern of having a destroy callback function that frees the data
structure associated with a window is common in the gnucash code. It
allows one function to handle the cleanup of a dialog and any associated
data structures, no matter how the dialog was closed. This is
particularly important because closing a window via the title bar close
button translates directly to a call to gtk_widget_destroy on the window
widget. There's no other way for the code to know the window was closed
this way, other than to attach a callback to the widget destruction.
David
More information about the gnucash-devel
mailing list