After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 477410 - Crash when quitting Gnumeric after adding a scenario
Crash when quitting Gnumeric after adding a scenario
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: General
unspecified
Other All
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2007-09-16 07:37 UTC by sum1
Modified: 2007-09-17 00:23 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description sum1 2007-09-16 07:37:36 UTC
Version: r1874 (goffice), r15893 (Gnumeric)
OS: Ubuntu Gutsy

Steps to reproduce:
- Run Gnumeric
- Tools > Scenarios > Add
- Name the scenario "a" and press OK
- File > Quit
- Press Discard to crash Gnumeric

Backtrace:
Program received signal SIGSEGV, Segmentation fault.

Thread NaN (LWP 6115)

  • #0 go_list_free_custom
    at go-glib-extras.c line 186
  • #1 scenarios_free
    at scenarios.c line 299
  • #2 go_list_free_custom
    at go-glib-extras.c line 186
  • #3 scenarios_free
    at scenarios.c line 299
  • #4 go_list_free_custom
    at go-glib-extras.c line 186
  • #5 scenarios_free
    at scenarios.c line 299
  • #6 go_list_free_custom
    at go-glib-extras.c line 186
  • #7 scenarios_free
    at scenarios.c line 299
  • #8 go_list_free_custom
    at go-glib-extras.c line 186
  • #9 scenarios_free
    at scenarios.c line 299
  • #10 gnm_sheet_finalize
    at sheet.c line 3542
  • #11 g_object_unref
    from /usr/lib/libgobject-2.0.so.0
  • #12 workbook_sheet_delete
    at workbook.c line 927
  • #13 workbook_dispose
    at workbook.c line 127
  • #14 g_object_unref
    from /usr/lib/libgobject-2.0.so.0
  • #15 dialog_quit
    at dialog-quit.c line 386
  • #16 cb_file_quit
    at wbc-gtk-actions.c line 175
  • #17 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0
  • #18 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #19 ??
    from /usr/lib/libgobject-2.0.so.0
  • #20 ??
  • #21 ??

Valgrind output:
==6062== Conditional jump or move depends on uninitialised value(s)
==6062==    at 0x45D9943: go_list_free_custom (go-glib-extras.c:185)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x4103E5C: gnm_sheet_finalize (sheet.c:3542)
==6062==    by 0x4CA5AEB: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x4147D36: workbook_sheet_delete (workbook.c:927)
==6062==    by 0x4145944: workbook_dispose (workbook.c:127)
==6062==    by 0x4CA5A4A: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x41AF8AA: dialog_quit (dialog-quit.c:386)
==6062== 
==6062== Use of uninitialised value of size 4
==6062==    at 0x45D992C: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x4103E5C: gnm_sheet_finalize (sheet.c:3542)
==6062==    by 0x4CA5AEB: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x4147D36: workbook_sheet_delete (workbook.c:927)
==6062==    by 0x4145944: workbook_dispose (workbook.c:127)
==6062==    by 0x4CA5A4A: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x41AF8AA: dialog_quit (dialog-quit.c:386)
==6062== 
==6062== Invalid read of size 4
==6062==    at 0x45D992C: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x4103E5C: gnm_sheet_finalize (sheet.c:3542)
==6062==    by 0x4CA5AEB: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x4147D36: workbook_sheet_delete (workbook.c:927)
==6062==    by 0x4145944: workbook_dispose (workbook.c:127)
==6062==    by 0x4CA5A4A: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x41AF8AA: dialog_quit (dialog-quit.c:386)
==6062==  Address 0xFFC60298 is not stack'd, malloc'd or (recently) free'd
==6062== 
==6062== Process terminating with default action of signal 11 (SIGSEGV)
==6062==  Access not within mapped region at address 0xFFC60298
==6062==    at 0x45D992C: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x45D9935: go_list_free_custom (go-glib-extras.c:186)
==6062==    by 0x41E4A07: scenarios_free (scenarios.c:299)
==6062==    by 0x4103E5C: gnm_sheet_finalize (sheet.c:3542)
==6062==    by 0x4CA5AEB: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x4147D36: workbook_sheet_delete (workbook.c:927)
==6062==    by 0x4145944: workbook_dispose (workbook.c:127)
==6062==    by 0x4CA5A4A: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.0)
==6062==    by 0x41AF8AA: dialog_quit (dialog-quit.c:386)
Comment 1 Morten Welinder 2007-09-17 00:23:34 UTC
This bug exists in 1.7.12, but not in 1.7.11.  It's all my fault.

This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.