Very odd. The problem comes from here:

+ Trace 230372

Here's the relevant call at gncEntryLedgerLayout.c:156
    for (i = 0; i < (sizeof(cells) / sizeof(*cells)); i++)
        gnc_register_add_cell (layout, cells[i].cell_name,
                               cells[i].cell_type_name,
                               cells[i].sample_text, cells[i].alignment,
                               cells[i].expandable, cells[i].span);

Note that the cell_type_name is out of bounds, but it's created on the stack in gnc_entry_ledger_layout_add_cells as a string constant.

Fixed in 2.4.10-4

Thanks!

I'm experiencing the same crashing behaviour described above, running GnuCash 2.4.11 from r22264M under Gentoo. Filling out the 'New Invoice' form works fine until I click 'Ok', at which point it immediate segfaults.

Attaching backtrace.

Created attachment 234366 [details]
2.4.11 invoice creation backtrace

Reopening this bug because a possible regression was detected in 2.4.11. Needs to be investigated further.

(In reply to comment #3)
> I'm experiencing the same crashing behaviour described above, running GnuCash
> 2.4.11 from r22264M under Gentoo. Filling out the 'New Invoice' form works fine
> until I click 'Ok', at which point it immediate segfaults.

I'd like to reproduce the problem here, but on my Ubuntu and with current SVN-trunk (gnucash 2.5.2) it does not crash. Is there any chance for you to test also a 2.5.1 or 2.5.2 version of gnucash, or even SVN trunk? If I send you some changed source code, is it possible for you to compile this and check whether the crash might go away?

Created attachment 246858 [details] [review]
Does this change fix the bug?

I can't reproduce the crash on my system. I can only guess from the backtrace that there might be some problem with the loop termination due to the sizeof() operator, maybe due to unexpected optimizations. If that's indeed the reason, the attached patch might fix this: The loop termination is done by an explicit NULL element.

@Danny: Any chance you can test whether the shown modification in the gnucash source code fixes this bug? It concerns only four lines in the file 
src/business/business-ledger/gncEntryLedgerLayout.c . You can unpack the source code, modify that file, then pack this into a tarball again and let your system compile this modified version. The patch will probably work with any 2.4 or 2.5 version of gnucash.

I'm afraid I can't evaluate this. The crash never happened on my system so there's no way for me to say if the patch will fix this bug.

A have set the status to NEEDINFO. Hopefully Danny can give feedback here ?

I had a quick recheck prior to checking out the code for patching but I can no longer replicate the issue here with any of the accounts that were causing problems previously.

It looks like Gnucash has been updated through my package manager on Gentoo to 2.4.12 r22850M.

I'll try to keep an eye on it now that I know it's working and let you know if I can replicate it, but it looks Ok for the time being. Apologies for not noticing earlier.. Thanks for looking into it.

Is there any place where I can look up the compile options used by the package manager when the buggy version 2.4.11 r22264M (which is just the SVN revision number of the 2.4.11 release) was built?

@Geert: Sure, that's what I expected. Neither you nor me could reproduce the bug so far, so we can't tell whether it's fixed. 

@Danny: If the bug has disappeared with 2.4.12, that's good, but I'd still like to be able to reproduce the bug because the relevant code was unchanged between 2.4.11 and 2.4.12 (and trunk).

The gentoo ebuild file for 2.4.11-r1 is here:

http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-office/gnucash/

Maybe it is possible to build the 2.4.11 version again and try to reproduce this bug? However, I don't run gentoo so I can't do this myself. Anyone being able to do this?

I received feedback from another user who compiled gnucash-2.4.11 on Sabayon (which is supposed to be a "binary version of gentoo", whatever that is). That user cannot reproduce the crash reported above.

Unless someone else can reproduce the crash (and subsequently test whether the attached patch fixes the problem) we will have to close this bug and hope it has vanished by itself. The good report about 2.4.12 on gentoo sounds good enough.

Reassign version to 2.4.x so that individual 2.4 versions can be retired.

GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=678103. Please update any external references or bookmarks.