[Originally reported as http://bugs.debian.org/204895]

From: Jan 'Miernik' Macek <miernik@ctnet.pl>
Subject: when removing n sheets from my n+4 spreadsheet, segfaults or ends up
	in "stopped" state
Date: Thu, 22 May 2003 08:15:33 +0200

Package: gnumeric
Version: 1.1.17-3
Severity: normal

I have a multi-sheet spreadsheet here: http://www.miernik.ctnet.pl/a.gnumeric
This file is anonymized a little. 

I go to "Manage sheets", and select all but the last 4 sheets for 
deletion. Press OK.

I have 64 MB RAM + 128 MB swap. First I tried this when I had many 
other programs running, so the whole 192 MB might had ended up. It 
worked for 10-30 minutes (didn't measure exactly) and then ended up 
with a segmentation fault.

Then I closed almost all other programs, started gnumeric and attached 
gdb to it with "gdb gnumeric 1071" command.

It worked very long, so I left it and went to sleep. In the morning I 
saw gnumeric in a "stopped" state (gnumeric window was just filled 
with white and grey boxes, no menus or anything).

top showed this:
top - 08:09:30 up 11:40,  5 users,  load average: 1.11, 1.21, 1.13
Tasks:  63 total,   3 running,  59 sleeping,   1 stopped,   0 zombie
Cpu(s):   2.6% user,   2.3% system,   0.0% nice,  95.1% idle,   0.0% IO-wait
Mem:     62104k total,    59160k used,     2944k free,      868k buffers
Swap:   128480k total,    77872k used,    50608k free,    13316k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  Command
 1071 miernik   24   0 58704 7636  15m T  0.0 12.3  11:32.98 gnumeric
 1598 miernik   15   0 16928 6244 4696 S  0.0 10.1   0:04.82 gdb

When I typed "bt" in gdb it showed this:

(gdb) bt

+ Trace 39985

This is exactly the same "bt" showed when I run "bt" just after 
starting gnumeric (before lading the file).

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux szrenica 2.5.62-ac1 #1 Mon Feb 24 12:51:46 CET 2003 i586
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8

Date: Thu, 22 May 2003 19:09:50 +0200
From: Miernik <miernik@ctnet.pl>
Subject: Program received signal SIGSEGV, Segmentation fault.

Here is more info:

I've done the 'deleting all but last 4' sheets operation once more. It 
ended after 2 hours, and ended with a segfault.

I've had gdb attached to it. During the run I've hadthis line apprear 
many thousand times:

** (gnumeric:641): CRITICAL **: file ../../src/expr.c: line 1544
(gnm_expr_rewrite): assertion `expr != NULL' failed

And at the end I got:

(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 641)]
0x08090829 in dependent_queue_recalc ()
(gdb) 

In top:

top - 12:51:39 up  4:20,  7 users,  load average: 1.38, 1.15, 1.14
Tasks:  66 total,   1 running,  64 sleeping,   1 stopped,   0 zombie
Cpu(s):   3.3% user,   5.6% system,   0.0% nice,  82.7% idle,   8.5% IO-wait
Mem:     62104k total,    60244k used,     1860k free,      492k buffers
Swap:   128480k total,    94596k used,    33884k free,     8556k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  Command
  641 miernik   25   0 73512  19m  15m T  0.0 32.5  55:24.25 gnumeric
  385 miernik   15   0 12980 6084 5216 S  0.0  9.8  32:19.75 xterm

The file http://www.miernik.ctnet.pl/a.gnumeric is exactly the file on 
which this operation was performed.