After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 515343 - Null pointer crash in gog_grid_line_init_style()
Null pointer crash in gog_grid_line_init_style()
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other All
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
: 514513 515873 515876 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-02-09 03:14 UTC by sum1
Modified: 2008-02-15 14:36 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
fuzzed chart-tests-excel.xls (173.50 KB, application/vnd.ms-excel)
2008-02-09 03:16 UTC, sum1 		  Details
fixes various issues (3.26 KB, patch)
2008-02-10 14:49 UTC, Jean Bréfort 		none Details | Review

Description sum1 2008-02-09 03:14:26 UTC 
Version: r16368
OS: Ubuntu Gutsy

The upcoming sample is a fuzzed version of chart-tests-excel.xls.

Steps to reproduce:
- Load the upcoming attachment in Gnumeric to trigger a crash

Backtrace:

Program received signal SIGSEGV, Segmentation fault.

+ Trace 188610

Thread NaN (LWP 13628)

  • #3 xl_chart_read_axislineformat
    at ms-chart.c line 639
  • #0 gog_grid_line_init_style
    at gog-grid-line.c line 73
  • #1 gog_styled_object_apply_theme
    at gog-styled-object.c line 259
  • #2 gog_styled_object_set_style
    at gog-styled-object.c line 201
  • #3 xl_chart_read_axislineformat
    at ms-chart.c line 639
  • #4 ms_excel_chart_read
    at ms-chart.c line 3397
  • #5 ms_excel_chart_read_BOF
    at ms-chart.c line 3610
  • #6 ms_read_OBJ
    at ms-obj.c line 1269
  • #7 excel_read_sheet
    at ms-excel-read.c line 6176
  • #8 excel_read_BOF
    at ms-excel-read.c line 6503
  • #9 excel_read_workbook
    at ms-excel-read.c line 6582
  • #10 excel_file_open
    at boot.c line 191
  • #11 go_plugin_loader_module_func_file_open
    at go-plugin-loader-module.c line 239
  • #12 go_plugin_file_opener_open
    at go-plugin-service.c line 476
  • #13 go_file_opener_open
    at file.c line 294
  • #14 wb_view_new_from_input
    at workbook-view.c line 1212
  • #15 wb_view_new_from_uri
    at workbook-view.c line 1264
  • #16 main
    at main-application.c line 417 






Comment 1


sum1





          2008-02-09 03:16:23 UTC
        



Created attachment 104766 [details]
fuzzed chart-tests-excel.xls






Comment 2


Jean Bréfort





          2008-02-10 14:49:25 UTC
        



Created attachment 104847 [details] [review]
fixes various issues

This patch also contains the fixes proposed for #514513.
I am not sure about at least two issues:
- is the check_style function correct?
- much more importantly, the line:
+		XL_CHECK_CONDITION_VAL (h->min_size <= q->length, TRUE);
might be somewhat too rough. The point is that the sample file is truncated and we can't read data that do not exist.

Morten, Jody, any comment?






Comment 3


Morten Welinder





          2008-02-15 14:27:16 UTC
        



*** Bug 515873 has been marked as a duplicate of this bug. ***






Comment 4


Morten Welinder





          2008-02-15 14:27:30 UTC
        



*** Bug 515876 has been marked as a duplicate of this bug. ***






Comment 5


Morten Welinder





          2008-02-15 14:29:15 UTC
        



*** Bug 514513 has been marked as a duplicate of this bug. ***






Comment 6


Morten Welinder





          2008-02-15 14:36:59 UTC
        



This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.