After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 742624 - [patch] Scheduled Transaction Editor results in immediate segfault
[patch] Scheduled Transaction Editor results in immediate segfault
Status: RESOLVED FIXED
Product: GnuCash
Classification: Other
Component: Scheduled Transactions
2.6.4
Other FreeBSD
: Normal major
: ---
Assigned To: gnucash-core-maint
gnucash-core-maint
Depends on:
Blocks:
 
 
Reported: 2015-01-09 01:52 UTC by G. Paul Ziemba
Modified: 2018-06-29 23:37 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
fix "success" argument to gdk_colormap_alloc_colors() (1005 bytes, text/plain)
2015-01-09 01:52 UTC, G. Paul Ziemba 		Details

Description G. Paul Ziemba 2015-01-09 01:52:33 UTC 
Created attachment 294132 [details]
fix "success" argument to gdk_colormap_alloc_colors()

Looks as if this bug has been present since 2002, but I did not experience it until 2014.

I start gnucash, then select Actions > Scheduled Transactions > Scheduled Transaction Editor. Gnucash immediately stops with a segmentation fault.

The problem is an incorrect call to

gdk_colormap_alloc_colors(GdkColormap *colormap,
                          GdkColor *colors,
                          gint n_colors,
                          gboolean writeable,
                          gboolean best_match,
                          gboolean *success);

[See https://developer.gnome.org/gdk2/stable/gdk2-Colormaps-and-Colors.html#gdk-colormap-alloc-colors]

The final argument is supposed to be an array of gboolean with n_colors elements.
However, in gnc-dense-cal.c'gnc_dense_cal_init(), we have:

static void
gnc_dense_cal_init(GncDenseCal *dcal)
{
    gboolean colorAllocSuccess;
    [...]
    if (gdk_colormap_alloc_colors(gdk_colormap_get_system(),
                                  dcal->weekColors,
                                  MAX_COLORS, TRUE, TRUE,
                                  &colorAllocSuccess) > 0)

On my system, this error caused dcal to get overwritten (gdk_colormap_alloc_colors() expected colorAllocSuccess to be bigger) and the subsequent call

    layout = gtk_widget_create_pango_layout(GTK_WIDGET(dcal), NULL);

caused a segmentation fault because dcal was no longer valid.

The attached patch changes colorAllocSuccess to an array of size MAX_COLORS.
Comment 1 Geert Janssens 2015-01-24 16:35:42 UTC 
That is a sneaky bug!

Well done in discovering it and thank you for creating a patch.

I have applied it to our maint branch so the fix will
appear in the next version of gnucash (2.6.6).
Comment 2 John Ralls 2018-06-29 23:37:32 UTC 
GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=742624. Please update any external references or bookmarks.