On Fri, Sep 17, 2004 at 10:13:11AM -0400, Derek Atkins wrote: > Chris Shoemaker <[EMAIL PROTECTED]> writes: > > > >> > Why does removing/commenting out "gtk_container_add(GTK_CONTAINER(box), > >> > GTK_WIDGET(dlg->relatedView));" from category_dialog_create(), prevent > >> > the consistent SEGV upon closing the dialog? > >> > >> Perhaps it's double-freed? I dont know, you tell me. > > > > I suspected double-free, but I don't know either. It dies in the > > library, but I'll keep digging. > > Where in the library does it die? > Did you try running with valgrind?
I did now. Looks kinda like use-after-free: Creating dummy category. Budget 0x1e316bd8 Adding inflow category... Adding outflow category... NumCols: 8 Editing Category... Druid: 0x1e2e1468 Budget: 0x1e316bd8 Category Selected: Inflow (gnucash:12885): Gtk-CRITICAL **: file gtkentry.c: line 3643 (gtk_entry_set_text): assertion `text != NULL' failed Related Accouts: 0 (gnucash:12885): GLib-GObject-WARNING **: invalid cast from `GncTreeModelAccount' to `GtkTreeModelSort' (gnucash:12885): Gtk-CRITICAL **: file gtktreemodelsort.c: line 2016 (gtk_tree_model_sort_get_model): assertion `GTK_IS_TREE_MODEL_SORT (tree_model)' failed ==12885== ==12885== Invalid read of size 4 ==12885== at 0x1C523312: gtk_widget_get_toplevel (in /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== by 0x1C522474: (within /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== by 0x1C5225E4: gtk_widget_has_screen (in /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== by 0x1C3BAE64: (within /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== Address 0x1E23F0D8 is 56 bytes inside a block of size 100 free'd ==12885== at 0x1B907460: free (vg_replace_malloc.c:153) ==12885== by 0x1BCF02A3: g_free (in /usr/lib/libglib-2.0.so.0.400.6) ==12885== by 0x1BCAD13A: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.400.6) ==12885== by 0x1BC963B0: (within /usr/lib/libgobject-2.0.so.0.400.6) ==12885== ==12885== Invalid read of size 1 ==12885== at 0x1C522475: (within /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== by 0x1C5225E4: gtk_widget_has_screen (in /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== by 0x1C3BAE64: (within /usr/lib/libgtk-x11-2.0.so.0.400.9) ==12885== by 0x1BCECCF2: (within /usr/lib/libglib-2.0.so.0.400.6) ==12885== Address 0x1E23F0AC is 12 bytes inside a block of size 100 free'd ==12885== at 0x1B907460: free (vg_replace_malloc.c:153) ==12885== by 0x1BCF02A3: g_free (in /usr/lib/libglib-2.0.so.0.400.6) ==12885== by 0x1BCAD13A: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.400.6) Later, I'll rerun with larger --num-callers. Oddly, it doesn't SEGV under valgrind. Is that normal? Oh, and is all this kind of noise also normal:? ==12885== Use of uninitialised value of size 4 ==12885== at 0x1BCDF3EB: g_hash_table_lookup (in /usr/lib/libglib-2.0.so.0.40 0.6) ==12885== by 0x1BE61084: qof_collection_lookup_entity (qofid.c:210) ==12885== by 0x1BE60C33: qof_entity_init (qofid.c:71) ==12885== by 0x1BE612B9: qof_instance_init (qofinstance.c:58) ==12885== ==12885== Use of uninitialised value of size 4 ==12885== at 0x1BCDF8ED: g_hash_table_remove (in /usr/lib/libglib-2.0.so.0.40 0.6) ==12885== by 0x1BE60F15: qof_collection_remove_entity (qofid.c:189) ==12885== by 0x1BE60FCB: qof_collection_insert_entity (qofid.c:199) ==12885== by 0x1BE60CA1: qof_entity_init (qofid.c:78) -chris _______________________________________________ gnucash-devel mailing list [EMAIL PROTECTED] https://lists.gnucash.org/mailman/listinfo/gnucash-devel
