Bug 492158 – Invalid reads in make_path_spline()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 492158 - Invalid reads in make_path_spline()


Summary:	Invalid reads in make_path_spline()


Status:	RESOLVED FIXED

Product:	Gnumeric
Classification:	Applications
Component:	Charting
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Emmanuel Pacaud
QA Contact:	Jody Goldberg

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2007-10-31 20:33 UTC by sum1
Modified:	2007-11-01 15:12 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
potential patch (427 bytes, patch) 2007-10-31 21:26 UTC, sum1	none	Details \| Review

Description sum1 2007-10-31 20:33:39 UTC

Version: r16042 (gnumeric), r1942 (goffice)
OS: Ubuntu Gutsy

Steps to reproduce:
- From gnumeric/src/, convert chart-smooth-fit-tests.gnumeric to Excel format:

../libtool --mode=execute valgrind -q --freelist-vol=50000000 --suppressions=../test/common.supp ./ssconvert ../samples/chart-smooth-fit-tests.gnumeric /tmp/foo.xls


Valgrind output:
==16113== Invalid read of size 8
==16113==    at 0x460063B: make_path_spline (gog-chart-map.c:253)
==16113==    by 0x460111E: xy_make_path (gog-chart-map.c:398)
==16113==    by 0x460254C: gog_chart_map_make_path (gog-chart-map.c:879)
==16113==    by 0x4628A93: gog_reg_curve_view_render (gog-reg-curve.c:331)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5E5F: gog_xy_series_view_render (gog-xy.c:1249)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5C3A: gog_xy_view_render (gog-xy.c:1204)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45FF87A: gog_chart_view_render (gog-chart.c:912)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45F9213: gog_view_render_real (gog-view.c:561)
==16113==  Address 0x8A69648 is 0 bytes after a block of size 808 alloc'd
==16113==    at 0x4022765: malloc (vg_replace_malloc.c:149)
==16113==    by 0x4750AF5: g_malloc (in /usr/lib/libglib-2.0.so.0.1400.1)
==16113==    by 0x46289E0: gog_reg_curve_view_render (gog-reg-curve.c:324)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5E5F: gog_xy_series_view_render (gog-xy.c:1249)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5C3A: gog_xy_view_render (gog-xy.c:1204)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45FF87A: gog_chart_view_render (gog-chart.c:912)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45F9213: gog_view_render_real (gog-view.c:561)
==16113==    by 0x45F7A03: gog_outlined_view_render (gog-outlined-object.c:157)
==16113== 
==16113== Invalid read of size 8
==16113==    at 0x46006B7: make_path_spline (gog-chart-map.c:260)
==16113==    by 0x460111E: xy_make_path (gog-chart-map.c:398)
==16113==    by 0x460254C: gog_chart_map_make_path (gog-chart-map.c:879)
==16113==    by 0x4628A93: gog_reg_curve_view_render (gog-reg-curve.c:331)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5E5F: gog_xy_series_view_render (gog-xy.c:1249)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5C3A: gog_xy_view_render (gog-xy.c:1204)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45FF87A: gog_chart_view_render (gog-chart.c:912)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45F9213: gog_view_render_real (gog-view.c:561)
==16113==  Address 0x8A692F0 is 0 bytes after a block of size 808 alloc'd
==16113==    at 0x4022765: malloc (vg_replace_malloc.c:149)
==16113==    by 0x4750AF5: g_malloc (in /usr/lib/libglib-2.0.so.0.1400.1)
==16113==    by 0x46289C9: gog_reg_curve_view_render (gog-reg-curve.c:323)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5E5F: gog_xy_series_view_render (gog-xy.c:1249)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x6CF5C3A: gog_xy_view_render (gog-xy.c:1204)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45FF87A: gog_chart_view_render (gog-chart.c:912)
==16113==    by 0x45F9CB2: gog_view_render (gog-view.c:787)
==16113==    by 0x45F9213: gog_view_render_real (gog-view.c:561)
==16113==    by 0x45F7A03: gog_outlined_view_render (gog-outlined-object.c:157)

Comment 1 sum1 2007-10-31 21:26:33 UTC

Created attachment 98272 [details] [review]
potential patch

Comment 2 Morten Welinder 2007-10-31 23:58:19 UTC

Fix looks obvious.

This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.

Comment 3 Emmanuel Pacaud 2007-11-01 14:04:57 UTC

It looks obvious, but it's wrong.

I'll have a look.

Comment 4 Emmanuel Pacaud 2007-11-01 14:45:42 UTC

It should be ok now.

Comment 5 sum1 2007-11-01 15:12:42 UTC

Sorry about that.  Thanks for fixing it.