Bug 498846 – Crash in gog_dropbar_view_render()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 498846 - Crash in gog_dropbar_view_render()


Summary:	Crash in gog_dropbar_view_render()


Status:	RESOLVED FIXED

Product:	libgoffice
Classification:	Other
Component:	Graphing / Charting
Version:	unspecified
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Jean Bréfort
QA Contact:	Jody Goldberg

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2007-11-21 21:57 UTC by sum1
Modified:	2007-11-22 13:54 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description sum1 2007-11-21 21:57:18 UTC

Version: r1980
OS: Ubuntu Gutsy

Steps to reproduce:
- Run Gnumeric
- Import gnumeric/samples/ttest.xls
- Select the "Paired-One" sheet
- Edit > Select > Select All
- Insert > Chart
- Click on the DropBar type
- Press the Show sample button to crash Gnumeric

Backtrace:
Program received signal SIGSEGV, Segmentation fault.

+ Trace 179166

Thread NaN (LWP 12458)

#0 gog_dropbar_view_render
at gog-dropbar.c line 262
#1 gog_view_render
at gog-view.c line 782
#2 gog_chart_view_render
at gog-chart.c line 912
#3 gog_view_render
at gog-view.c line 787
#4 gog_view_render_real
at gog-view.c line 561
#5 gog_outlined_view_render
at gog-outlined-object.c line 157
#6 gog_graph_view_render
at gog-graph.c line 794
#7 gog_view_render
at gog-view.c line 782
#8 gog_renderer_update
at gog-renderer.c line 1302
#9 gog_control_foocanvas_update
at gog-control-foocanvas.c line 191
#10 foo_canvas_item_invoke_update
at foo-canvas.c line 428
#11 foo_canvas_group_update
at foo-canvas.c line 1379
#12 foo_canvas_item_invoke_update
at foo-canvas.c line 428
#13 foo_canvas_group_update
at foo-canvas.c line 1379
#14 foo_canvas_item_invoke_update
at foo-canvas.c line 428
#15 do_update
at foo-canvas.c line 2931
#16 idle_handler
at foo-canvas.c line 2966




Valgrind output:
==12400== Use of uninitialised value of size 4
==12400==    at 0xBB42FDE: gog_dropbar_view_render (gog-dropbar.c:262)
==12400==    by 0x460788D: gog_view_render (gog-view.c:782)
==12400==    by 0x460D47A: gog_chart_view_render (gog-chart.c:912)
==12400==    by 0x46078B2: gog_view_render (gog-view.c:787)
==12400==    by 0x4606E13: gog_view_render_real (gog-view.c:561)
==12400==    by 0x4605603: gog_outlined_view_render (gog-outlined-object.c:157)
==12400==    by 0x460A1B6: gog_graph_view_render (gog-graph.c:794)
==12400==    by 0x460788D: gog_view_render (gog-view.c:782)
==12400==    by 0x463BD86: gog_renderer_update (gog-renderer.c:1302)
==12400==    by 0x463D974: gog_control_foocanvas_update (gog-control-foocanvas.c:191)
==12400==    by 0x4687335: foo_canvas_item_invoke_update (foo-canvas.c:428)
==12400==    by 0x468966A: foo_canvas_group_update (foo-canvas.c:1379)
==12400== 
==12400== Process terminating with default action of signal 11 (SIGSEGV)
==12400==  Bad permissions for mapped region at address 0x38000000
==12400==    at 0xBB42FDE: gog_dropbar_view_render (gog-dropbar.c:262)
==12400==    by 0x460788D: gog_view_render (gog-view.c:782)
==12400==    by 0x460D47A: gog_chart_view_render (gog-chart.c:912)
==12400==    by 0x46078B2: gog_view_render (gog-view.c:787)
==12400==    by 0x4606E13: gog_view_render_real (gog-view.c:561)
==12400==    by 0x4605603: gog_outlined_view_render (gog-outlined-object.c:157)
==12400==    by 0x460A1B6: gog_graph_view_render (gog-graph.c:794)
==12400==    by 0x460788D: gog_view_render (gog-view.c:782)
==12400==    by 0x463BD86: gog_renderer_update (gog-renderer.c:1302)
==12400==    by 0x463D974: gog_control_foocanvas_update (gog-control-foocanvas.c:191)
==12400==    by 0x4687335: foo_canvas_item_invoke_update (foo-canvas.c:428)
==12400==    by 0x468966A: foo_canvas_group_update (foo-canvas.c:1379)
Segmentation fault (core dumped)

Comment 1 Jon Kåre Hellan 2007-11-22 08:42:21 UTC

Also in HEAD

Comment 2 Jean Bréfort 2007-11-22 09:32:41 UTC

with goffice HEAD too? Strange, I can't reproduce. Seems I fixed it last week.

Comment 3 Jean Bréfort 2007-11-22 09:47:59 UTC

I xan't reproduce the crash, but the plot looks weird. I'll have a look at that ASAP.

Comment 4 Jon Kåre Hellan 2007-11-22 12:56:57 UTC

Yes, also with HEAD. Actually, I misunderstood sum1 - he's also on HEAD.
And we're both on gutsy.

Comment 5 Jean Bréfort 2007-11-22 13:09:04 UTC

Seen it, I needed to update. I could fix the crash, but now, I found an infinite loop issue that I don't understand at the moment.

Comment 6 Jean Bréfort 2007-11-22 13:54:51 UTC

Fixed in trunk.