After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 514513 - Null pointer crash in gog_error_bar_render()
Null pointer crash in gog_error_bar_render()
Status: RESOLVED DUPLICATE of bug 515343
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other All
: Normal critical
: ---
Assigned To: Jean Bréfort
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2008-02-05 11:52 UTC by sum1
Modified: 2008-02-15 14:29 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
fuzzed chart-tests-excel.xls (173.50 KB, application/vnd.ms-excel)
2008-02-05 11:54 UTC, sum1
  Details
proposed patch (1.96 KB, patch)
2008-02-08 15:43 UTC, Jean Bréfort
none Details | Review

Description sum1 2008-02-05 11:52:06 UTC
Version: r2035 (goffice), r16350 (gnumeric)
OS: Ubuntu Gutsy

The upcoming sample is a fuzzed version of chart-tests-excel.xls.

Steps to reproduce:
- ssconvert fuzzed_chart-tests-excel.xls /tmp/foo.xls

Backtrace:

Program received signal SIGSEGV, Segmentation fault.

Thread NaN (LWP 23041)

  • #0 gog_error_bar_render
    at gog-error-bar.c line 691
  • #1 gog_xy_view_render
    at gog-xy.c line 1132
  • #2 gog_view_render
    at gog-view.c line 787
  • #3 gog_chart_view_render
    at gog-chart.c line 912
  • #4 gog_view_render
    at gog-view.c line 787
  • #5 gog_view_render_real
    at gog-view.c line 561
  • #6 gog_outlined_view_render
    at gog-outlined-object.c line 157
  • #7 gog_graph_view_render
    at gog-graph.c line 794
  • #8 gog_view_render
    at gog-view.c line 782
  • #9 gog_renderer_update
    at gog-renderer.c line 1302
  • #10 ms_excel_chart_write
    at ms-chart.c line 5210
  • #11 excel_write_chart_v8
    at ms-excel-write.c line 3939
  • #12 excel_write_objs_v8
    at ms-excel-write.c line 4771
  • #13 excel_write_sheet
    at ms-excel-write.c line 4856
  • #14 excel_write_workbook
    at ms-excel-write.c line 5609
  • #15 excel_write_v8
    at ms-excel-write.c line 5659
  • #16 excel_save
    at boot.c line 256
  • #17 excel_dsf_file_save
    at boot.c line 291
  • #18 go_plugin_loader_module_func_file_save
  • #19 go_plugin_file_saver_save
    at go-plugin-service.c line 749
  • #20 go_file_saver_save
    at file.c line 700
  • #21 wbv_save_to_output
    at workbook-view.c line 839
  • #22 wbv_save_to_uri
    at workbook-view.c line 874
  • #23 wb_view_save_as
    at workbook-view.c line 910
  • #24 convert
    at ssconvert.c line 333
  • #25 main
    at ssconvert.c line 394

Comment 1 sum1 2008-02-05 11:54:28 UTC
Created attachment 104477 [details]
fuzzed chart-tests-excel.xls
Comment 2 Jean Bréfort 2008-02-08 15:43:53 UTC
Created attachment 104716 [details] [review]
proposed patch
Comment 3 Morten Welinder 2008-02-08 19:52:42 UTC
--> Gnumeric.
Comment 4 Morten Welinder 2008-02-09 01:23:48 UTC
-	if (NULL == parent || NULL == parent->series)
-		return;
+	XL_CHECK_CONDITION (parent != NULL && parent->series != NULL);

I am not sure about the above, although it probably does not really matter.
If the condition is the result of a previously-reported error, there is no
need to complain again.

Nevertheless, go ahead and commit.  (trunk and 1.8, please).
Comment 5 sum1 2008-02-09 02:20:50 UTC
(In reply to comment #2)
> Created an attachment (id=104716) [edit]
> proposed patch
> 

+printf("pop state=%x\n",popped_state);
 	switch (popped_state) {

Should the printf be left in?
Comment 6 Morten Welinder 2008-02-09 02:50:44 UTC
Good catch.  No.  (And any such print statements that should stay, should
be g_printerr.)
Comment 7 Morten Welinder 2008-02-15 14:29:15 UTC
Solution incorporated into 515343.


*** This bug has been marked as a duplicate of 515343 ***