GNOME Bugzilla – Bug 514630
Crash in xl_chart_import_error_bar()
Last modified: 2008-02-07 23:28:29 UTC
Version: r16354 OS: Ubuntu Gutsy The upcoming sample is a fuzzed version of chart-tests-excel.xls. Steps to reproduce: - Load the upcoming attachment in Gnumeric to trigger a crash Backtrace: Program received signal SIGSEGV, Segmentation fault.
+ Trace 188216
Thread NaN (LWP 10439)
Created attachment 104518 [details] fuzzed chart-tests-excel.xls
Created attachment 104537 [details] [review] proposed patch
(In reply to comment #2) > Created an attachment (id=104537) [edit] > proposed patch > + g_return_if_fail (pspec); + state->plot = parent->series->plot; It looks like the following if statement will always be false due to the g_return_if_fail call above. if (pspec == NULL) { pspec = g_object_class_find_property (
You are right, I did that in a hurry before leaving to work. The solution is to check parent&&parent->series before any attempt to set pspec. Something as: GParamSpec *pspec; g_return_if_fail (parent && parent->series); pspec = g_object_class_find_property ( G_OBJECT_GET_CLASS (parent->series), prop_name); or use the same test as in xl_chart_import_trend_line anyway as it is clearly a file consistency issue, I'm fealing that the use of g_return_if_fail is better (for both functions).
Created attachment 104572 [details] [review] enhanced patch In the end, my preference goes to g_return_if_fail since this is not a normal situation at all, may be we should issue a report to the user when we encounter such situations instead of that.
I have a fix in my tree for this. We should not use g_return_if_fail since that causes a "CRITICAL". XL_CHECK_CONDITION or some variant is it for now. At some point it might be redirected at the gui.
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.