GNOME Bugzilla – Bug 514513
Null pointer crash in gog_error_bar_render()
Last modified: 2008-02-15 14:29:15 UTC
Version: r2035 (goffice), r16350 (gnumeric) OS: Ubuntu Gutsy The upcoming sample is a fuzzed version of chart-tests-excel.xls. Steps to reproduce: - ssconvert fuzzed_chart-tests-excel.xls /tmp/foo.xls Backtrace: Program received signal SIGSEGV, Segmentation fault.
+ Trace 188156
Thread NaN (LWP 23041)
Created attachment 104477 [details] fuzzed chart-tests-excel.xls
Created attachment 104716 [details] [review] proposed patch
--> Gnumeric.
- if (NULL == parent || NULL == parent->series) - return; + XL_CHECK_CONDITION (parent != NULL && parent->series != NULL); I am not sure about the above, although it probably does not really matter. If the condition is the result of a previously-reported error, there is no need to complain again. Nevertheless, go ahead and commit. (trunk and 1.8, please).
(In reply to comment #2) > Created an attachment (id=104716) [edit] > proposed patch > +printf("pop state=%x\n",popped_state); switch (popped_state) { Should the printf be left in?
Good catch. No. (And any such print statements that should stay, should be g_printerr.)
Solution incorporated into 515343. *** This bug has been marked as a duplicate of 515343 ***