After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 572354 - Crash when adding series to bar chart
Crash when adding series to bar chart
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: Charting
git master
Other Linux
: Normal critical
: ---
Assigned To: Jean Bréfort
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2009-02-19 00:34 UTC by Stephen Guzik
Modified: 2009-02-19 19:29 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Test spreadsheet for reproducing the bug (3.21 KB, application/x-gnumeric)
2009-02-19 00:35 UTC, Stephen Guzik
Details

Description Stephen Guzik 2009-02-19 00:34:10 UTC
1) Double click chart in test case
2) Select PlotBarCol1
3) Add new series.

*** glibc detected *** gnumeric: free(): invalid next size (fast): 0x000000000203d9b0 ***

Same result in 1.8.3, 1.8.4, and 1.9.3.
Comment 1 Stephen Guzik 2009-02-19 00:35:38 UTC
Created attachment 129023 [details]
Test spreadsheet for reproducing the bug
Comment 2 Jody Goldberg 2009-02-19 00:56:15 UTC
==28734==
==28734== Invalid write of size 4
==28734==    at 0x6BEDD9C: gog_plot1_5d_update (gog-1.5d.c:239)
==28734==    by 0x46060A4: gog_object_update (gog-object.c:1481)
==28734==    by 0x460600B: gog_object_update (gog-object.c:1474)
==28734==    by 0x460600B: gog_object_update (gog-object.c:1474)
==28734==    by 0x460E83A: gog_graph_force_update (gog-graph.c:685)
==28734==    by 0x4605EC3: gog_object_get_editor (gog-object.c:1424)
==28734==    by 0x464A635: cb_attr_tree_selection_change (gog-guru.c:628)
==28734==    by 0x4B54CBD: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==28734==    by 0x4B46E3B: g_closure_invoke (gclosure.c:767)
==28734==    by 0x4B5E391: signal_emit_unlocked_R (gsignal.c:3244)
==28734==    by 0x4B5F8D6: g_signal_emit_valist (gsignal.c:2977)
==28734==    by 0x4B5FE0C: g_signal_emit (gsignal.c:3034)
==28734==  Address 0x684f4d8 is 0 bytes after a block of size 24 alloc'd
==28734==    at 0x40220D2: calloc (vg_replace_malloc.c:397)
==28734==    by 0x4BBDCDC: g_malloc0 (gmem.c:151)
==28734==    by 0x6BEDD52: gog_plot1_5d_update (gog-1.5d.c:232)
==28734==    by 0x46060A4: gog_object_update (gog-object.c:1481)
==28734==    by 0x460600B: gog_object_update (gog-object.c:1474)
==28734==    by 0x460600B: gog_object_update (gog-object.c:1474)
==28734==    by 0x460E83A: gog_graph_force_update (gog-graph.c:685)
==28734==    by 0x4605EC3: gog_object_get_editor (gog-object.c:1424)
==28734==    by 0x464A635: cb_attr_tree_selection_change (gog-guru.c:628)
==28734==    by 0x4B54CBD: g_cclosure_marshal_VOID__VOID (gmarshal.c:77)
==28734==    by 0x4B46E3B: g_closure_invoke (gclosure.c:767)
==28734==    by 0x4B5E391: signal_emit_unlocked_R (gsignal.c:3244)
Comment 3 Jean Bréfort 2009-02-19 19:29:05 UTC
Fixed, both branches.