r22240 - gnucash/branches/2.4/src/app-utils - Fix a double free crash when the required features dialog is shown
Geert Janssens
janssens-geert at telenet.be
Tue Jun 26 17:00:01 EDT 2012
On 26-06-12 19:28, John Ralls wrote:
>> From: Geert Janssens<gjanssens at code.gnucash.org>
>> To: gnucash-patches at gnucash.org
>> Subject: r22240 - gnucash/branches/2.4/src/app-utils - Fix a double
>> free crash when the required features dialog is shown
>> Message-ID:<201206252054.q5PKsuc9008785 at code.gnucash.org>
>> Content-Type: text/plain; charset=UTF-8
>>
>> Author: gjanssens
>> Date: 2012-06-25 16:54:55 -0400 (Mon, 25 Jun 2012)
>> New Revision: 22240
>> Trac: http://svn.gnucash.org/trac/changeset/22240
>>
>> Modified:
>> gnucash/branches/2.4/src/app-utils/gnc-features.c
>> Log:
>> Fix a double free crash when the required features dialog is shown
>>
> Geert,
>
> This doesn't make sense to me. msg is allocated with a starting value, then the relevant feature names are added one at a time in the for loop, allocating a new string each time. Where is msg getting double-freed? ISTM your change will leak all of the strings except the last one.
There is still a g_free(msg) inside the for loop, though it's not
visible in the patch only.
The msg free I removed is outside the for-loop, and frees msg two lines
before it is returned to the calling function. The calling function also
calls a free -> double free.
Geert
More information about the gnucash-devel
mailing list