Bug 166840 – crash with MALLOC_CHECK_=2

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 166840 - crash with MALLOC_CHECK_=2


Summary:	crash with MALLOC_CHECK_=2


Status:	VERIFIED FIXED

Product:	GnuCash
Classification:	Other
Component:	General
Version:	git-master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Chris Lyttle
QA Contact:	Chris Lyttle

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2005-02-09 19:07 UTC by Bill Nottingham
Modified:	2018-06-29 20:49 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Bill Nottingham 2005-02-09 19:07:28 UTC

Version details: 1.8.11
Distribution/Version: Fedora Core Development tree

Originally reported by Tim Waugh at:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72823

...
Description of Problem: 
I saw gnucash crash, when MALLOC_CHECK_ was set to 2.  This means that there 
is some dodgy memory handling going on of some sort. 
 
Version-Release number of selected component (if applicable): 
gnucash-1.6.6-7 
 
How Reproducible: 
Seems to be consistent. 
 
Here's one way of getting it to crash that I've found: 
1. Set MALLOC_CHECK_=2 
2. In a register window, tab over to the withdrawal column. 
3. Type '1', then backspace. 
4. Shift-tab. 
...

It persists on 1.8.11. Here's the backtrace:

 
Here's the backtrace: 
Program received signal SIGABRT, Aborted.

+ Trace 55518

Thread NaN (LWP 29484)

#0 _dl_sysinfo_int80
from /lib/ld-linux.so.2
#1 raise
from /lib/tls/libc.so.6
#2 abort
from /lib/tls/libc.so.6
#3 free_check
from /lib/tls/libc.so.6
#4 free
from /lib/tls/libc.so.6
#5 g_free
at gmem.c line 411
#6 exit_parser
at expression_parser.c line 515
#7 gnc_exp_parser_parse_separate_vars
at gnc-exp-parser.c line 630
#8 gnc_exp_parser_parse
at gnc-exp-parser.c line 507
#9 gnc_price_cell_parse
at pricecell.c line 133
#10 gnc_table_leave_update
at table-allgui.c line 1147
#11 gnucash_sheet_deactivate_cursor_cell
at gnucash-sheet.c line 203
#12 gnucash_sheet_cursor_move
at gnucash-sheet.c line 280
#13 gnucash_sheet_key_press_event
at gnucash-sheet.c line 1759
#14 gtk_marshal_BOOL__POINTER
at gtkmarshal.c line 28
#15 gtk_signal_real_emit
at gtksignal.c line 1492
#16 gtk_signal_emit
at gtksignal.c line 552
#17 gtk_widget_event
at gtkwidget.c line 2864
#18 gtk_window_key_press_event
at gtkwindow.c line 1306
#19 gtk_marshal_BOOL__POINTER
at gtkmarshal.c line 28
#20 gtk_signal_real_emit
at gtksignal.c line 1492
#21 gtk_signal_emit
at gtksignal.c line 552
#22 gtk_widget_event
at gtkwidget.c line 2864
#23 gtk_propagate_event
at gtkmain.c line 1360
#24 gtk_main_do_event
at gtkmain.c line 818
#25 gdk_event_dispatch
at gdkevents.c line 2152
#26 g_main_dispatch
at gmain.c line 656
#27 g_main_iterate
at gmain.c line 877
#28 g_main_run
at gmain.c line 935
#29 gtk_main
at gtkmain.c line 524
#30 gnc_ui_start_event_loop
at top-level.c line 538
#31 gw__tmp797_gnc_ui_start_event_loop_wrapper
at gw-gnc.c line 276
#32 scm_ceval
at eval.c line 2732
#33 scm_ceval
at eval.c line 2017
#34 scm_ceval
at eval.c line 2017
#35 scm_ceval
at eval.c line 1987
#36 scm_i_eval_x
at eval.c line 4062
#37 scm_primitive_eval_x
at eval.c line 4080
#38 inner_eval_x
at eval.c line 4127
#39 scm_internal_dynamic_wind
at dynwind.c line 168
#40 scm_eval_x
at eval.c line 4136
#41 scm_shell
at script.c line 676
#42 scm_boot_guile
at init.c line 636
#43 main
at guile.c line 94

Comment 1 Derek Atkins 2005-02-09 22:28:54 UTC

This backtrace seems somewhat weird.  For example, frame #5 seems to imply that
g_free() is being called with a NULL value, but in that case it shouldn't be
calling free().  So this backtrace clearly isn't showing what's going on.

I'm not at all surprised that there are memory issues with GnuCash -- there are
certainly errors in Guile ;)  That notwithstanding, if someone wants to submit a
patch to correct this I'll gladly apply it.  Otherwise, I think I'll wait until
the g2 port and see if we can get that to run mostly-clean under valgrind.

Comment 2 Christian Stimming 2006-01-18 13:03:29 UTC

Is this still existing in SVN, the upcoming 1.9/2.0? That branch has been checked by valgrind several times now, so this is likely to be fixed.

Comment 3 Bill Nottingham 2006-01-18 16:11:39 UTC

Still happens. Here's the backtrace from svn12369 (it's what I have ATM built.)

+ Trace 65335

#0 __kernel_vsyscall
#1 raise
from /lib/libc.so.6
#2 abort
from /lib/libc.so.6
#3 free_check
from /lib/libc.so.6
#4 free
from /lib/libc.so.6
#5 g_free
from /usr/lib/libglib-2.0.so.0
#6 exit_parser
at expression_parser.c line 513
#7 gnc_exp_parser_parse_separate_vars
at gnc-exp-parser.c line 604
#8 gnc_exp_parser_parse
at gnc-exp-parser.c line 481
#9 gnc_price_cell_parse
at pricecell.c line 136
#10 gnc_table_leave_update
at table-allgui.c line 1170
#11 gnucash_sheet_deactivate_cursor_cell
at gnucash-sheet.c line 209
#12 gnucash_sheet_cursor_move
at gnucash-sheet.c line 285
#13 gnucash_sheet_key_press_event
at gnucash-sheet.c line 1700
#14 gtk_marshal_VOID__UINT_STRING
from /usr/lib/libgtk-x11-2.0.so.0
#15 g_value_set_boxed
from /usr/lib/libgobject-2.0.so.0
#16 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#17 g_signal_connect_closure_by_id
from /usr/lib/libgobject-2.0.so.0
#18 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#19 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#20 gtk_widget_activate
from /usr/lib/libgtk-x11-2.0.so.0
#21 gtk_window_propagate_key_event
from /usr/lib/libgtk-x11-2.0.so.0
#22 gtk_window_activate_key
from /usr/lib/libgtk-x11-2.0.so.0
#23 gtk_marshal_VOID__UINT_STRING
from /usr/lib/libgtk-x11-2.0.so.0
#24 g_value_set_boxed
from /usr/lib/libgobject-2.0.so.0
#25 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#26 g_signal_connect_closure_by_id
from /usr/lib/libgobject-2.0.so.0
#27 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#28 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#29 gtk_widget_activate
from /usr/lib/libgtk-x11-2.0.so.0
#30 gtk_propagate_event
from /usr/lib/libgtk-x11-2.0.so.0
#31 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#32 gdk_screen_get_setting
from /usr/lib/libgdk-x11-2.0.so.0
#33 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#34 g_main_context_check
from /usr/lib/libglib-2.0.so.0
#35 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#36 gtk_main
from /usr/lib/libgtk-x11-2.0.so.0
#37 gnc_ui_start_event_loop
at top-level.c line 442
#38 gw__tmp813_gnc_ui_start_event_loop_wrapper
at gw-gnc.c line 248
#39 scm_deval
from /usr/lib/libguile.so.12
#40 scm_deval
from /usr/lib/libguile.so.12
#41 scm_deval
from /usr/lib/libguile.so.12
#42 scm_i_eval_x
from /usr/lib/libguile.so.12
#43 scm_primitive_eval_x
from /usr/lib/libguile.so.12
#44 scm_read_0str
from /usr/lib/libguile.so.12
#45 scm_c_with_fluids
from /usr/lib/libguile.so.12
#46 scm_c_with_fluid
from /usr/lib/libguile.so.12
#47 scm_c_call_with_current_module
from /usr/lib/libguile.so.12
#48 scm_eval_string
from /usr/lib/libguile.so.12
#49 scm_c_eval_string
from /usr/lib/libguile.so.12
#50 scm_boot_guile
from /usr/lib/libguile.so.12
#51 main
at gnucash-bin.c line 56

Comment 4 Chris Shoemaker 2006-02-12 20:34:22 UTC

With backtrace and clear steps for reproduction, this was easy to fix.  Thanks for the good report.  Fixed in svn 13243.

Comment 5 Christian Stimming 2006-02-14 16:03:14 UTC

Marking the version where this has been fixed.

Comment 6 John Ralls 2018-06-29 20:49:51 UTC

GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=166840. Please update any external references or bookmarks.