GNOME Bugzilla – Bug 501656
Chart-related valgrind errors
Last modified: 2007-12-07 14:16:12 UTC
Version: r1997 OS: Ubuntu Gutsy Steps to reproduce: - Download http://parrenin.frederic.free.fr/download/bugzilla/EDMLDC100yrsOCT07.xls (the 2MB sample from Bug 492754) - From gnumeric/src, import the file inside of valgrind: G_SLICE=always-malloc ../libtool --mode=execute valgrind -q --freelist-vol=50000000 --suppressions=../test/gui.supp ./gnumeric EDMLDC100yrsOCT07.xls Partial valgrind output: ==6426== Invalid read of size 4 ==6426== at 0x7058A88: ms_excel_chart_read (ms-chart.c:3484) ==6426== by 0x7058CDA: ms_excel_chart_read_BOF (ms-chart.c:3539) ==6426== by 0x704E3F3: ms_read_OBJ (ms-obj.c:1268) ==6426== by 0x701E8FF: ms_escher_read_ClientData (ms-escher.c:1985) ==6426== by 0x701EEB3: ms_escher_read_container (ms-escher.c:2089) ==6426== by 0x701CA84: ms_escher_read_SpContainer (ms-escher.c:500) ==6426== by 0x701EEB3: ms_escher_read_container (ms-escher.c:2089) ==6426== by 0x701E532: ms_escher_read_SpgrContainer (ms-escher.c:1926) ==6426== by 0x701EEB3: ms_escher_read_container (ms-escher.c:2089) ==6426== by 0x701E55C: ms_escher_read_DgContainer (ms-escher.c:1931) ==6426== by 0x701EEB3: ms_escher_read_container (ms-escher.c:2089) ==6426== by 0x701F114: ms_escher_parse (ms-escher.c:2156) ==6426== Address 0xB0FA004 is 4 bytes inside a block of size 8 free'd ==6426== at 0x402237F: free (vg_replace_malloc.c:233) ==6426== by 0x4CE2960: g_free (in /usr/lib/libglib-2.0.so.0.1400.1) ==6426== by 0x4CF7196: g_slice_free1 (in /usr/lib/libglib-2.0.so.0.1400.1) ==6426== by 0x4CF88C8: g_slist_free_1 (in /usr/lib/libglib-2.0.so.0.1400.1) ==6426== by 0x4CF8962: g_slist_remove (in /usr/lib/libglib-2.0.so.0.1400.1) ==6426== by 0x4615EE1: gog_axis_del_contributor (gog-axis.c:2088) ==6426== by 0x462D6B7: gog_plot_set_axis (gog-plot.c:890) ==6426== by 0x7058A84: ms_excel_chart_read (ms-chart.c:3483) ==6426== by 0x7058CDA: ms_excel_chart_read_BOF (ms-chart.c:3539) ==6426== by 0x704E3F3: ms_read_OBJ (ms-obj.c:1268) ==6426== by 0x701E8FF: ms_escher_read_ClientData (ms-escher.c:1985) ==6426== by 0x701EEB3: ms_escher_read_container (ms-escher.c:2089) ... ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D60E9: go_path_move_to (go-path.c:252) ==6426== by 0x45D6F70: go_path_rectangle (go-path.c:434) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D6106: go_path_move_to (go-path.c:252) ==6426== by 0x45D6F70: go_path_rectangle (go-path.c:434) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D61D7: go_path_line_to (go-path.c:262) ==6426== by 0x45D6F8C: go_path_rectangle (go-path.c:435) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D61F4: go_path_line_to (go-path.c:262) ==6426== by 0x45D6F8C: go_path_rectangle (go-path.c:435) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D61D7: go_path_line_to (go-path.c:262) ==6426== by 0x45D6FAD: go_path_rectangle (go-path.c:436) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D61F4: go_path_line_to (go-path.c:262) ==6426== by 0x45D6FAD: go_path_rectangle (go-path.c:436) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D61D7: go_path_line_to (go-path.c:262) ==6426== by 0x45D6FC9: go_path_rectangle (go-path.c:437) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157) ==6426== ==6426== Conditional jump or move depends on uninitialised value(s) ==6426== at 0x45D61F4: go_path_line_to (go-path.c:262) ==6426== by 0x45D6FC9: go_path_rectangle (go-path.c:437) ==6426== by 0x463AF3F: _draw_rectangle (gog-renderer.c:864) ==6426== by 0x463AFB4: gog_renderer_draw_rectangle (gog-renderer.c:874) ==6426== by 0x462089F: gog_text_view_render (gog-label.c:498) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x4616DE7: gog_axis_view_render (gog-axis.c:2378) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x460DB62: gog_chart_view_render (gog-chart.c:914) ==6426== by 0x4607F82: gog_view_render (gog-view.c:787) ==6426== by 0x46074E3: gog_view_render_real (gog-view.c:561) ==6426== by 0x4605CD3: gog_outlined_view_render (gog-outlined-object.c:157)
I don't see anything wrong at the given lines.
I'm not able to reproduce the go_path warnings. Which version of gnumeric did you use ?
(In reply to comment #2) > I'm not able to reproduce the go_path warnings. Which version of gnumeric did > you use ? > I was using the SVN version, but I'm not sure about the exact revision number. With r16225 (gnumeric) and r2007 (goffice), I no longer see the go_path problems, just the ms_escher one: ==8030== Invalid read of size 4 ==8030== at 0x7259A88: ms_excel_chart_read (ms-chart.c:3484) ==8030== by 0x7259CDA: ms_excel_chart_read_BOF (ms-chart.c:3539) ==8030== by 0x724F3F3: ms_read_OBJ (ms-obj.c:1268) ==8030== by 0x721F8FF: ms_escher_read_ClientData (ms-escher.c:1985) ==8030== by 0x721FEB3: ms_escher_read_container (ms-escher.c:2089) ==8030== by 0x721DA84: ms_escher_read_SpContainer (ms-escher.c:500) ==8030== by 0x721FEB3: ms_escher_read_container (ms-escher.c:2089) ==8030== by 0x721F532: ms_escher_read_SpgrContainer (ms-escher.c:1926) ==8030== by 0x721FEB3: ms_escher_read_container (ms-escher.c:2089) ==8030== by 0x721F55C: ms_escher_read_DgContainer (ms-escher.c:1931) ==8030== by 0x721FEB3: ms_escher_read_container (ms-escher.c:2089) ==8030== by 0x7220114: ms_escher_parse (ms-escher.c:2156) ==8030== Address 0xB26548C is 4 bytes inside a block of size 8 free'd ==8030== at 0x402237F: free (vg_replace_malloc.c:233) ==8030== by 0x4CE3960: g_free (in /usr/lib/libglib-2.0.so.0.1400.1) ==8030== by 0x4CF8196: g_slice_free1 (in /usr/lib/libglib-2.0.so.0.1400.1) ==8030== by 0x4CF98C8: g_slist_free_1 (in /usr/lib/libglib-2.0.so.0.1400.1) ==8030== by 0x4CF9962: g_slist_remove (in /usr/lib/libglib-2.0.so.0.1400.1) ==8030== by 0x4615F53: gog_axis_del_contributor (gog-axis.c:2088) ==8030== by 0x462D8AF: gog_plot_set_axis (gog-plot.c:890) ==8030== by 0x7259A84: ms_excel_chart_read (ms-chart.c:3483) ==8030== by 0x7259CDA: ms_excel_chart_read_BOF (ms-chart.c:3539) ==8030== by 0x724F3F3: ms_read_OBJ (ms-obj.c:1268) ==8030== by 0x721F8FF: ms_escher_read_ClientData (ms-escher.c:1985) ==8030== by 0x721FEB3: ms_escher_read_container (ms-escher.c:2089)
I get both or only some. This seems to change after each compilation. Very strange. However, I'm certain there is no bug at the given places. Might be a valgrind issue?
The list from gog_axis_contributors is getting changed underneath you. You might need to copy it. If I change to... GSList const *l1 = gog_axis_contributors (hidden), *cur1 = l1; while (cur1) { GSList *next = cur1->next; if (IS_GOG_PLOT (cur1->data)) gog_plot_set_axis (GOG_PLOT (cur1->data), visible); cur1 = next; } ...the valgrind things go away, but now I get (gnumeric:13851): GLib-GObject-CRITICAL **: g_object_set: assertion `G_IS_OBJECT (object)' failed
Created attachment 100493 [details] [review] Proposed patch This patch copies the list to avoid trouble. Please review.
I don't understand why it is a better idea to copy the list, otherwise, it (the patch) seems harmless. I also have the go-path related messages, but no idea of why valgrind complains about them.
Just understood. The patch is OK for me.
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.