798229 – GncDate::c_formats is being created and destroyed twice resulting in a double free crash on every exit

Bug 798229 - GncDate::c_formats is being created and destroyed twice resulting in a double free crash on every exit

Summary: GncDate::c_formats is being created and destroyed twice resulting in a double...

Status:	RESOLVED FIXED

Alias:	None

Product:	GnuCash
Classification:	Unclassified
Component:	Engine (show other bugs)
Version:	4.6
Hardware:	PC Linux

Importance:	Normal normal
Target Milestone:	---
Assignee:	core
QA Contact:	core

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-07-04 10:08 EDT by Simon Arlott
Modified:	2021-07-06 15:05 EDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Simon Arlott 2021-07-04 10:08:03 EDT

Every time I run gnucash it crashes on exit with a double free of GncDate::c_formats:

Here's it being constructed twice:

Breakpoint 1, std::vector<GncDateFormat, std::allocator<GncDateFormat> >::vector (this=0x7ffff4002110 <GncDate::c_formats>, __l=..., __a=...) at /usr/include/c++/7/bits/stl_vector.h:383
383	      vector(initializer_list<value_type> __l,
(gdb) bt
#0  std::vector<GncDateFormat, std::allocator<GncDateFormat> >::vector(std::initializer_list<GncDateFormat>, std::allocator<GncDateFormat> const&)
    (this=0x7ffff4002110 <GncDate::c_formats>, __l=..., __a=...) at /usr/include/c++/7/bits/stl_vector.h:383
#1  0x00007ffff3ca957e in __static_initialization_and_destruction_0(int, int) (__initialize_p=1, __priority=65535) at /home/simon/src/gnucash/libgnucash/engine/gnc-datetime.cpp:90
#2  0x00007ffff3ca971f in _GLOBAL__sub_I_gnc_datetime.cpp(void) () at /home/simon/src/gnucash/libgnucash/engine/gnc-datetime.cpp:752
#3  0x00007ffff7de38d3 in call_init (env=0x7fffffffdc10, argv=0x7fffffffdbf8, argc=2, l=<optimised out>) at dl-init.c:72
#4  _dl_init (main_map=0x7ffff7ffe170, argc=2, argv=0x7fffffffdbf8, env=0x7fffffffdc10) at dl-init.c:119
#5  0x00007ffff7dd40ca in _dl_start_user () at /lib64/ld-linux-x86-64.so.2
#6  0x0000000000000002 in  ()
#7  0x00007fffffffe00d in  ()
#8  0x00007fffffffe032 in  ()
#9  0x0000000000000000 in  ()

Thread 1 "gnucash" hit Breakpoint 1, std::vector<GncDateFormat, std::allocator<GncDateFormat> >::vector (this=0x7ffff4002110 <GncDate::c_formats>, __l=..., __a=...)
    at /usr/include/c++/7/bits/stl_vector.h:383
383	      vector(initializer_list<value_type> __l,
(gdb) bt
#0  std::vector<GncDateFormat, std::allocator<GncDateFormat> >::vector(std::initializer_list<GncDateFormat>, std::allocator<GncDateFormat> const&)
    (this=0x7ffff4002110 <GncDate::c_formats>, __l=..., __a=...) at /usr/include/c++/7/bits/stl_vector.h:383
#1  0x00007fffd33c9c5e in __static_initialization_and_destruction_0(int, int) () at /home/simon/inst/gnucash/lib/gnucash/libgncmod-engine.so
#2  0x00007fffd33c9e62 in _GLOBAL__sub_I_gnc_datetime.cpp () at /home/simon/inst/gnucash/lib/gnucash/libgncmod-engine.so
#3  0x00007ffff7de38d3 in call_init (env=0x5555557f14e0, argv=0x7fffffffdbf8, argc=2, l=<optimised out>) at dl-init.c:72
#4  _dl_init (main_map=main_map@entry=0x555555bd5200, argc=2, argv=0x7fffffffdbf8, env=0x5555557f14e0) at dl-init.c:119
#5  0x00007ffff7de839f in dl_open_worker (a=a@entry=0x7fffffffd130) at dl-open.c:522
#6  0x00007ffff2fe31ef in __GI__dl_catch_exception (exception=0x7fffffffd110, operate=0x7ffff7de7f60 <dl_open_worker>, args=0x7fffffffd130) at dl-error-skeleton.c:196
#7  0x00007ffff7de796a in _dl_open
    (file=0x555555a29320 "/home/simon/inst/gnucash/lib/gnucash/libgncmod-app-utils.so", mode=-2147483391, caller_dlopen=0x7ffff2c796d9 <g_module_open+265>, nsid=<optimised out>, argc=2, argv=<optimised out>, env=0x5555557f14e0) at dl-open.c:605
#8  0x00007fffee67ef96 in dlopen_doit (a=a@entry=0x7fffffffd360) at dlopen.c:66
#9  0x00007ffff2fe31ef in __GI__dl_catch_exception (exception=exception@entry=0x7fffffffd300, operate=0x7fffee67ef40 <dlopen_doit>, args=0x7fffffffd360) at dl-error-skeleton.c:196
#10 0x00007ffff2fe327f in __GI__dl_catch_error (objname=0x5555557da380, errstring=0x5555557da388, mallocedp=0x5555557da378, operate=<optimised out>, args=<optimised out>) at dl-error-skeleton.c:215
#11 0x00007fffee67f745 in _dlerror_run (operate=operate@entry=0x7fffee67ef40 <dlopen_doit>, args=args@entry=0x7fffffffd360) at dlerror.c:162
#12 0x00007fffee67f051 in __dlopen (file=<optimised out>, mode=<optimised out>) at dlopen.c:87
#13 0x00007ffff2c796d9 in g_module_open () at /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0
#14 0x00007ffff7bd093c in gnc_module_get_info (fullpath=0x555555a91bd0 "/home/simon/inst/gnucash/lib/gnucash/libgncmod-app-utils.so") at /home/simon/src/gnucash/libgnucash/gnc-module/gnc-module.c:300
#15 0x00007ffff7bd0709 in gnc_module_system_refresh () at /home/simon/src/gnucash/libgnucash/gnc-module/gnc-module.c:208
#16 0x00007ffff7bd061d in gnc_module_system_init () at /home/simon/src/gnucash/libgnucash/gnc-module/gnc-module.c:153
#17 0x000055555558eb48 in Gnucash::Gnucash::start(int, char**) (this=0x7fffffffd860, argc=2, argv=0x7fffffffdbf8) at /home/simon/src/gnucash/gnucash/gnucash.cpp:377
#18 0x000055555558edaf in main(int, char**) (argc=2, argv=0x7fffffffdbf8) at /home/simon/src/gnucash/gnucash/gnucash.cpp:408

And then destroyed twice:

Thread 1 "gnucash" hit Breakpoint 2, std::vector<GncDateFormat, std::allocator<GncDateFormat> >::~vector (this=0x7ffff4002110 <GncDate::c_formats>, __in_chrg=<optimised out>)
    at /usr/include/c++/7/bits/stl_vector.h:435
435			      _M_get_Tp_allocator()); }
(gdb) bt
#0  std::vector<GncDateFormat, std::allocator<GncDateFormat> >::~vector() (this=0x7ffff4002110 <GncDate::c_formats>, __in_chrg=<optimised out>) at /usr/include/c++/7/bits/stl_vector.h:435
#1  0x00007ffff2ebf161 in __run_exit_handlers (status=0, listp=0x7ffff3267718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#2  0x00007ffff2ebf25a in __GI_exit (status=<optimised out>) at exit.c:139
#3  0x00007ffff54b919c in gnc_shutdown (exit_status=0) at /home/simon/src/gnucash/gnucash/gnome-utils/gnc-gnome-utils.c:881
#4  0x000055555558e3a4 in scm_run_gnucash(void*, int, char**) (data=0x7fffffffd540, argc=2, argv=0x7fffffffdbf8) at /home/simon/src/gnucash/gnucash/gnucash.cpp:270
#5  0x00007ffff6a66412 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#6  0x00007ffff6a32209 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#7  0x00007ffff6ae2458 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#8  0x00007ffff6ab4353 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#9  0x00007ffff6aeca14 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#10 0x00007ffff6b0cbf1 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#11 0x00007ffff6a3ccc9 in scm_call_4 () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#12 0x00007ffff6ae22ae in scm_catch_with_pre_unwind_handler () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#13 0x00007ffff6ae2530 in scm_c_catch () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#14 0x00007ffff6a32058 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#15 0x00007ffff6a32321 in scm_c_with_continuation_barrier () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#16 0x00007ffff6adf224 in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#17 0x00007ffff1623c42 in GC_call_with_stack_base () at /usr/lib/x86_64-linux-gnu/libgc.so.1
#18 0x00007ffff6adf30d in  () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#19 0x00007ffff6adf34d in scm_with_guile () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#20 0x00007ffff6a663a3 in scm_boot_guile () at /usr/lib/x86_64-linux-gnu/libguile-2.0.so.22
#21 0x000055555558ebdc in Gnucash::Gnucash::start(int, char**) (this=0x7fffffffd860, argc=2, argv=0x7fffffffdbf8) at /home/simon/src/gnucash/gnucash/gnucash.cpp:384
#22 0x000055555558edaf in main(int, char**) (argc=2, argv=0x7fffffffdbf8) at /home/simon/src/gnucash/gnucash/gnucash.cpp:408

Thread 1 "gnucash" hit Breakpoint 2, std::vector<GncDateFormat, std::allocator<GncDateFormat> >::~vector (this=0x7ffff4002110 <GncDate::c_formats>, __in_chrg=<optimised out>)
    at /usr/include/c++/7/bits/stl_vector.h:435
435			      _M_get_Tp_allocator()); }
(gdb) bt
#0  std::vector<GncDateFormat, std::allocator<GncDateFormat> >::~vector() (this=0x7ffff4002110 <GncDate::c_formats>, __in_chrg=<optimised out>) at /usr/include/c++/7/bits/stl_vector.h:435
#1  0x00007ffff2ebf735 in __cxa_finalize (d=0x7ffff3ffd220) at cxa_finalize.c:83
#2  0x00007ffff3c39023 in __do_global_dtors_aux () at /home/simon/inst/gnucash/lib/libgnc-engine.so
#3  0x00007fffffffc180 in  ()
#4  0x00007ffff7de3d13 in _dl_fini () at dl-fini.c:138

Resulting in this crash:

Thread 1 "gnucash" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff2ebc921 in __GI_abort () at abort.c:79
#2  0x00007ffff2f05967 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff3032b0d "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff2f0c9da in malloc_printerr (str=str@entry=0x7ffff3034818 "double free or corruption (out)") at malloc.c:5342
#4  0x00007ffff2f13f6a in _int_free (have_lock=0, p=0x555555a71fe0, av=0x7ffff3267c40 <main_arena>) at malloc.c:4308
#5  __GI___libc_free (mem=0x555555a71ff0) at malloc.c:3134
#6  0x0000555555595d90 in __gnu_cxx::new_allocator<char>::deallocate(char*, unsigned long) (this=0x555555994ab0, __p=0x555555a71ff0 "") at /usr/include/c++/7/ext/new_allocator.h:125
#7  0x0000555555593fcd in std::allocator_traits<std::allocator<char> >::deallocate(std::allocator<char>&, char*, unsigned long) (__a=..., __p=0x555555a71ff0 "", __n=430258859386)
    at /usr/include/c++/7/bits/alloc_traits.h:462
#8  0x00005555555922e0 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_destroy(unsigned long) (this=0x555555994ab0, __size=430258859385)
    at /usr/include/c++/7/bits/basic_string.h:226
#9  0x0000555555591ab0 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_dispose() (this=0x555555994ab0) at /usr/include/c++/7/bits/basic_string.h:221
#10 0x000055555559053a in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() (this=0x555555994ab0, __in_chrg=<optimised out>)
    at /usr/include/c++/7/bits/basic_string.h:647
#11 0x00007ffff3cabb56 in GncDateFormat::~GncDateFormat() (this=0x555555994ab0, __in_chrg=<optimised out>) at /home/simon/src/gnucash/libgnucash/engine/gnc-datetime.hpp:174
#12 0x00007ffff3ccd681 in std::_Destroy<GncDateFormat>(GncDateFormat*) (__pointer=0x555555994ab0) at /usr/include/c++/7/bits/stl_construct.h:98
#13 0x00007ffff3ccbfdc in std::_Destroy_aux<false>::__destroy<GncDateFormat*>(GncDateFormat*, GncDateFormat*) (__first=0x555555994ab0, __last=0x555555994bf0) at /usr/include/c++/7/bits/stl_construct.h:108
#14 0x00007ffff3cca01e in std::_Destroy<GncDateFormat*>(GncDateFormat*, GncDateFormat*) (__first=0x555555994ab0, __last=0x555555994bf0) at /usr/include/c++/7/bits/stl_construct.h:137
#15 0x00007ffff3cd8474 in std::_Destroy<GncDateFormat*, GncDateFormat>(GncDateFormat*, GncDateFormat*, std::allocator<GncDateFormat>&) (__first=0x555555994ab0, __last=0x555555994bf0)
    at /usr/include/c++/7/bits/stl_construct.h:206
#16 0x00007ffff3cd7609 in std::vector<GncDateFormat, std::allocator<GncDateFormat> >::~vector() (this=0x7ffff4002110 <GncDate::c_formats>, __in_chrg=<optimised out>)
    at /usr/include/c++/7/bits/stl_vector.h:434
#17 0x00007ffff2ebf735 in __cxa_finalize (d=0x7ffff3ffd220) at cxa_finalize.c:83
#18 0x00007ffff3c39023 in __do_global_dtors_aux () at /home/simon/inst/gnucash/lib/libgnc-engine.so
#19 0x00007fffffffc180 in  ()
#20 0x00007ffff7de3d13 in _dl_fini () at dl-fini.c:138

Comment 1 Simon Arlott 2021-07-04 13:11:50 EDT

This is caused by installing 3.8b and then 4.6 to the same location.

There are older versions of libraries present:
 lib/gnucash/libgnc-bi-import.so
 lib/gnucash/libgnc-csv-export.so
 lib/gnucash/libgnc-csv-import.so
 lib/gnucash/libgnc-customer-import.so
 lib/gnucash/libgnc-gnome-search.so
 lib/gnucash/libgnc-gnome-utils.so
 lib/gnucash/libgnc-html.so
 lib/gnucash/libgnc-ledger-core.so
 lib/gnucash/libgnc-log-replay.so
+lib/gnucash/libgncmod-app-utils.so
 lib/gnucash/libgncmod-aqbanking.so
 lib/gnucash/libgncmod-backend-dbi.so
 lib/gnucash/libgncmod-backend-xml.so
+lib/gnucash/libgncmod-bi-import.so
+lib/gnucash/libgncmod-csv-export.so
+lib/gnucash/libgncmod-csv-import.so
+lib/gnucash/libgncmod-customer-import.so
+lib/gnucash/libgncmod-engine.so
+lib/gnucash/libgncmod-generic-import.so
+lib/gnucash/libgncmod-gnome-search.so
+lib/gnucash/libgncmod-gnome-utils.so
+lib/gnucash/libgncmod-html.so
+lib/gnucash/libgncmod-ledger-core.so
+lib/gnucash/libgncmod-locale-reports-us.so
+lib/gnucash/libgncmod-log-replay.so
 lib/gnucash/libgncmod-ofx.so
 lib/gnucash/libgncmod-python.so
+lib/gnucash/libgncmod-qif-import.so
+lib/gnucash/libgncmod-register-core.so
+lib/gnucash/libgncmod-register-gnome.so
+lib/gnucash/libgncmod-report-gnome.so
+lib/gnucash/libgncmod-report-system.so
+lib/gnucash/libgncmod-stylesheets.so
+lib/gnucash/libgncmod-tax-us.so
 lib/gnucash/libgnc-qif-import.so
 lib/gnucash/libgnc-register-core.so
 lib/gnucash/libgnc-register-gnome.so
 lib/gnucash/libgnc-report.so
 lib/libgnc-app-utils.so
 lib/libgnc-backend-sql.so
 lib/libgnc-backend-xml-utils.so
 lib/libgnc-core-utils.so
 lib/libgnc-engine.so
 lib/libgnc-generic-import.so
 lib/libgnc-gnome.so
 lib/libgnc-locale-tax.so
 lib/libgnc-module.so
 lib/libgnucash-guile.so
+lib/libgwengui-gtk3.so

Comment 2 John Ralls 2021-07-04 14:15:18 EDT

Which you shouldn't do, but we should make GnuCash crash with a good error message instead of something obscure that needs debugging.

Comment 3 John Ralls 2021-07-04 16:43:47 EDT

Instead of crashing ignore the modules during initialization: https://github.com/Gnucash/gnucash/pull/1066

Comment 4 John Ralls 2021-07-06 15:05:09 EDT

That PR is merged.

Note You need to log in before you can comment on or make changes to this bug.