IntenseFinance/gnucash
3
0
Fork 0
mirror of https://github.com/Gnucash/gnucash.git synced 2025-02-25 18:55:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Fix two use-after-free issues found by address sanitizer."

Browse Source 
This reverts commit 4dbf803041.

The use-after free errors are caused by the compiler reordering the
steps in xaccSplitFree and Transaction's do_destroy. Unfortunately the
corrections here caused trouble in other places, leading to test failures.
This commit is contained in:
John Ralls 2024-02-19 21:11:54 -08:00
parent 4dbf803041
commit 8546aa975e
2 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libgnucash/engine/Split.cpp
View File

@ -706,13 +706,7 @@ xaccFreeSplit (Split *split)
}
CACHE_REMOVE(split->memo);
CACHE_REMOVE(split->action);
if (GNC_IS_ACCOUNT (split->acc) && !qof_instance_get_destroying (QOF_INSTANCE (split->acc)))
gnc_account_remove_split (split->acc, split);
if (GNC_IS_LOT (split->lot) && !qof_instance_get_destroying (QOF_INSTANCE (split->lot)))
gnc_lot_remove_split (split->lot, split);
/* We should do the same for split->parent but we might be getting
* called from xaccFreeTransactiob abd tgat would cause trouble.
*/
/* Just in case someone looks up freed memory ... */
split->memo = (char *) 1;
split->action = NULL;

9
libgnucash/engine/Transaction.cpp
View File

@ -1509,11 +1509,7 @@ do_destroy (Transaction *trans)
done for the next split, then a split will still be on the split list after it
has been freed. This can cause other parts of the code (e.g. in xaccSplitDestroy())
to reference the split after it has been freed. */
auto splits = trans->splits;
trans->splits = NULL;
for (node = splits; node; node = node->next)
for (node = trans->splits; node; node = node->next)
{
Split *s = GNC_SPLIT(node->data);
if (s && s->parent == trans)
@ -1521,7 +1517,7 @@ do_destroy (Transaction *trans)
xaccSplitDestroy(s);
}
}
for (node = splits; node; node = node->next)
for (node = trans->splits; node; node = node->next)
{
Split *s = GNC_SPLIT(node->data);
if (s && s->parent == trans)
@ -1530,6 +1526,7 @@ do_destroy (Transaction *trans)
}
}
g_list_free (trans->splits);
trans->splits = NULL;
xaccFreeTransaction (trans);
}