[GNC] double free in gnc_import_exists_online_id (4.12)
Dong Lin
c54e-gnucash at yahoo.com
Sat Nov 26 17:35:14 EST 2022
I was chasing an issue in duplicate transaction handling in 4.8 (Ubuntu 22.04). Encountered a double free crash while running 4.12.
This is triggered by importing the same QFX file twice (or two distinct files with duplicate transactions).
Valgrind reported the following:
==1315253== Invalid free() / delete / delete[] / realloc()==1315253== at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)==1315253== by 0x6819CEF: gnc_import_exists_online_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x682426C: gnc_gen_trans_list_add_trans_with_ref_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x6824158: gnc_gen_trans_list_add_trans (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x11AEB20A: runMatcher (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEB679: gnc_file_ofx_import_process_file (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEB93A: gnc_file_ofx_import (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEBCFB: gnc_plugin_ofx_cmd_import (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x5AB4D2E: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD0B75: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD2553: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x515403E: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5AD263F: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5435CBB: gtk_widget_activate (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x53039CD: gtk_menu_shell_activate_item (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5303CA2: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5483EB7: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5AD263F: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x544B723: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x52EE67F: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x52EF529: gtk_main_do_event (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x6B3D742: ??? (in /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.2404.29)==1315253== Address 0x14a1abd0 is 0 bytes inside a block of size 15 free'd==1315253== at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)==1315253== by 0x4C336C9: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.1)==1315253== by 0x4C33C6F: g_hash_table_insert (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.1)==1315253== by 0x6819CDF: gnc_import_exists_online_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x682426C: gnc_gen_trans_list_add_trans_with_ref_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x6824158: gnc_gen_trans_list_add_trans (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x11AEB20A: runMatcher (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEB679: gnc_file_ofx_import_process_file (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEB93A: gnc_file_ofx_import (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEBCFB: gnc_plugin_ofx_cmd_import (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x5AB4D2E: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD0B75: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD2553: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x515403E: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5AD263F: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5435CBB: gtk_widget_activate (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x53039CD: gtk_menu_shell_activate_item (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5303CA2: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5483EB7: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5AD263F: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x544B723: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x52EE67F: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== Block was alloc'd at==1315253== at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)==1315253== by 0x4C4E718: g_malloc (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.1)==1315253== by 0x4C63573: g_strdup (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.1)==1315253== by 0x5AE067C: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AC7830: g_object_get_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5F4C2BD: qof_instance_get (in /disk2/nbu/src/gnucash.git/build-4.12/lib/libgnc-engine.so)==1315253== by 0x681CE35: gnc_import_get_split_online_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x6819CC3: gnc_import_exists_online_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x682426C: gnc_gen_trans_list_add_trans_with_ref_id (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x6824158: gnc_gen_trans_list_add_trans (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgnc-generic-import.so)==1315253== by 0x11AEB20A: runMatcher (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEB679: gnc_file_ofx_import_process_file (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEB93A: gnc_file_ofx_import (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x11AEBCFB: gnc_plugin_ofx_cmd_import (in /disk2/nbu/src/gnucash.git/build-4.12/lib/gnucash/libgncmod-ofx.so)==1315253== by 0x5AB4D2E: g_closure_invoke (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD0B75: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD2553: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x515403E: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5AD263F: g_signal_emit_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5AD27A2: g_signal_emit (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.7200.1)==1315253== by 0x5435CBB: gtk_widget_activate (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x53039CD: gtk_menu_shell_activate_item (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5303CA2: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)==1315253== by 0x5483EB7: ??? (in /usr/lib/x86_64-linux-gnu/libgtk-3.so.0.2404.29)
I tried running gdb on the binary but for some reason GNC crashed while running inside of GDB.Thread 1 "gnucash" received signal SIGSEGV, Segmentation fault.0x00007ffff5bb68f2 in GC_find_limit_with_bound () from /lib/x86_64-linux-gnu/libgc.so.1
(gdb) bt#0 0x00007ffff5bb68f2 in GC_find_limit_with_bound () at /lib/x86_64-linux-gnu/libgc.so.1#1 0x00007ffff5bb69da in GC_init_linux_data_start () at /lib/x86_64-linux-gnu/libgc.so.1#2 0x00007ffff5bb7f67 in GC_init () at /lib/x86_64-linux-gnu/libgc.so.1#3 0x00007ffff7c7ac8e in () at /lib/x86_64-linux-gnu/libguile-3.0.so.1#4 0x00007ffff7cde90f in () at /lib/x86_64-linux-gnu/libguile-3.0.so.1#5 0x00007ffff7cdecde in () at /lib/x86_64-linux-gnu/libguile-3.0.so.1#6 0x00007ffff5bb680b in GC_call_with_stack_base () at /lib/x86_64-linux-gnu/libgc.so.1#7 0x00007ffff7cd9dbc in scm_with_guile () at /lib/x86_64-linux-gnu/libguile-3.0.so.1#8 0x00007ffff7c7abd9 in scm_boot_guile () at /lib/x86_64-linux-gnu/libguile-3.0.so.1#9 0x000055555558bd62 in Gnucash::Gnucash::start(int, char**) (this=0x7fffffffe340, argc=1, argv=0x7fffffffe708) at /home/dong/src/gnucash.git/gnucash/gnucash/gnucash.cpp:333#10 0x000055555558bf46 in main(int, char**) (argc=1, argv=0x7fffffffe708) at /home/dong/src/gnucash.git/gnucash/gnucash/gnucash.cpp:357
info on my environment:
; lsb_release -aNo LSB modules are available.Distributor ID: UbuntuDescription: Ubuntu 22.04.1 LTSRelease: 22.04Codename: jammy; ; git log -1
ebd340674e Sat Sep 24 14:06:53 2022 -0700 John Ralls Release GnuCash 4.12
I am unfamiliar with scm or guile, if there is a way to avoid the segv in startup, I can look into this further.
Is there a way I can make a statically linked debug binary?
More information about the gnucash-user
mailing list