After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 629302 - crash in Gnumeric: Trying to move a large s...
crash in Gnumeric: Trying to move a large s...
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: General
1.10.x
Other All
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2010-09-10 16:37 UTC by lereg
Modified: 2010-09-21 18:14 UTC
See Also:
GNOME target: ---
GNOME version: 2.29/2.30

Attachments
File that causes the crash. (165.18 KB, application/x-gnumeric)
2010-09-18 09:12 UTC, lereg 		Details

Description lereg 2010-09-10 16:37:54 UTC 
Version: 1.10.6

What were you doing when the application crashed?
Trying to move a large sheet of data (including one graph) by doing C^A C^C and C^V into another gnumeric documnt.


Distribution: Gentoo Base System release 1.12.13
Gnome Release: 2.30.2 2010-08-22 (Gentoo)
BugBuddy Version: 2.30.0

System: Linux 2.6.31-gentoo-r10 #5 SMP PREEMPT Sun Apr 4 00:33:50 CEST 2010 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10707000
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: gnome
GTK+ Modules: canberra-gtk-module, gnomebreakpad

Memory status: size: 434417664 vsize: 434417664 resident: 156622848 share: 17735680 rss: 156622848 rss_rlim: 18446744073709551615
CPU usage: start_time: 1284143046 rtime: 419 utime: 404 stime: 15 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/gnumeric-1.10.6'

[Thread debugging using libthread_db enabled]
0x00007fdaafde0b8e in waitpid () from /lib/libpthread.so.0

+ Trace 223636

Thread 1 (Thread 0x7fdab25cc880 (LWP 4573))

  • #0 waitpid
    from /lib/libpthread.so.0
  • #1 g_spawn_sync
    from /usr/lib/libglib-2.0.so.0
  • #2 g_spawn_command_line_sync
    from /usr/lib/libglib-2.0.so.0
  • #3 bugbuddy_segv_handle(int)
    from /usr/lib64/gtk-2.0/modules/libgnomebreakpad.so
  • #4 <signal handler called>
  • #5 ??
  • #6 yylex
    from /usr/lib/libspreadsheet-1.10.6.so
  • #7 yyparse
    from /usr/lib/libspreadsheet-1.10.6.so
  • #8 gnm_expr_parse_str
    from /usr/lib/libspreadsheet-1.10.6.so
  • #9 gnm_go_data_unserialize
    from /usr/lib/libspreadsheet-1.10.6.so
  • #10 gnm_go_data_set_sheet
    from /usr/lib/libspreadsheet-1.10.6.so
  • #11 gnm_sog_set_sheet
    from /usr/lib/libspreadsheet-1.10.6.so
  • #12 sheet_object_set_sheet
    from /usr/lib/libspreadsheet-1.10.6.so
  • #13 paste_object
    from /usr/lib/libspreadsheet-1.10.6.so
  • #14 clipboard_paste_region
    from /usr/lib/libspreadsheet-1.10.6.so
  • #15 cmd_paste_copy_impl
    from /usr/lib/libspreadsheet-1.10.6.so
  • #16 gnm_command_push_undo
    from /usr/lib/libspreadsheet-1.10.6.so
  • #17 table_content_received
    from /usr/lib/libspreadsheet-1.10.6.so
  • #18 selection_received
    from /usr/lib/libgtk-x11-2.0.so.0
  • #19 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #20 signal_emit_unlocked_R
    from /usr/lib/libgobject-2.0.so.0
  • #21 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #22 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #23 gtk_selection_retrieval_report
    from /usr/lib/libgtk-x11-2.0.so.0
  • #24 _gtk_selection_property_notify
    from /usr/lib/libgtk-x11-2.0.so.0
  • #25 _gtk_marshal_BOOLEAN__BOXED
    from /usr/lib/libgtk-x11-2.0.so.0
  • #26 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #27 signal_emit_unlocked_R
    from /usr/lib/libgobject-2.0.so.0
  • #28 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #29 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #30 gtk_widget_event_internal
    from /usr/lib/libgtk-x11-2.0.so.0
  • #31 gtk_main_do_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #32 gdk_event_dispatch
    from /usr/lib/libgdk-x11-2.0.so.0
  • #33 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #34 g_main_context_iterate
    from /usr/lib/libglib-2.0.so.0
  • #35 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #36 bonobo_main
    from /usr/lib/libbonobo-2.so.0
  • #37 main 
A debugging session is active.

	Inferior 1 [process 4573] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]


---- Critical and fatal warnings logged during execution ----

** gnumeric **: gnm_cell_set_value: assertion `v != NULL' failed 
** gnumeric **: gnm_cell_set_value: assertion `v != NULL' failed 


----------- .xsession-errors ---------------------
(polkit-gnome-authentication-agent-1:4515): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
Unable to open desktop file epiphany.desktop for panel launcher
Unable to open desktop file evolution.desktop for panel launcher
Initializing nautilus-gdu extension
** Message: Initializing gksu extension...
(gnome-panel:4498): Gdk-WARNING **: gdkdrawable-x11.c:952 drawable is not a pixmap or window
Unable to open desktop file epiphany.desktop for panel launcher
Unable to open desktop file evolution.desktop for panel launcher
** (gnumeric:4573): CRITICAL **: gnm_cell_set_value: assertion `v != NULL' failed
** (gnumeric:4573): CRITICAL **: gnm_cell_set_value: assertion `v != NULL' failed
warning: Can not parse XML syscalls information; XML support was disabled at compile time.
--------------------------------------------------
Comment 1 Morten Welinder 2010-09-10 18:33:08 UTC 
It would be very useful to have a sample file for which this happened.
Comment 2 lereg 2010-09-18 09:12:44 UTC 
Created attachment 170531 [details]
File that causes the crash.

Steps to reproduce crash on my system:
1) Open sample.gnumeric
2) Open a new gnumeric session in parallel.
3) In sample.gnumeric enter the commands: C^A C^C 
4) In the new gnumeric session, enter: C^V
5) Crash.
Comment 3 Morten Welinder 2010-09-21 00:38:22 UTC 
Confirmed.

First critical is this:

+ Trace 223834

  • #0 IA__g_log
    at gmessages.c line 565
  • #1 IA__g_return_if_fail_warning
    at gmessages.c line 584
  • #2 gnm_cell_set_value
    at cell.c line 156
  • #3 paste_cell
    at clipboard.c line 262
  • #4 cb_paste_cell
    at clipboard.c line 328
  • #5 IA__g_hash_table_foreach
    at ghash.c line 1325
  • #6 clipboard_paste_region
    at clipboard.c line 569 






Comment 4


Morten Welinder





          2010-09-21 17:24:35 UTC
        



** gnumeric **: gnm_cell_set_value: assertion `v != NULL' failed 
** gnumeric **: gnm_cell_set_value: assertion `v != NULL' failed 

These have been fixed.  They are not the main problem, though.






Comment 5


Morten Welinder





          2010-09-21 17:35:54 UTC
        



The main problem is a life-cycle issue for GnmConventions.  We'll need to
make this ref-counted, maybe even a GObject.

==23401== Invalid read of size 4
==23401==    at 0x4F58DF1: setup_state (parser.y:1458)
==23401==    by 0x4F5902D: gnm_expr_parse_str (parser.y:1527)
==23401==    by 0x4F037F2: gnm_go_data_unserialize (graph.c:230)
==23401==    by 0x4F038E7: gnm_go_data_set_sheet (graph.c:265)
==23401==    by 0x4F9DFC0: sog_data_set_sheet (sheet-object-graph.c:106)
==23401==    by 0x4F9E0A3: sog_datas_set_sheet (sheet-object-graph.c:134)
==23401==    by 0x4F9F34D: gnm_sog_set_sheet (sheet-object-graph.c:492)
==23401==    by 0x4F95076: sheet_object_set_sheet (sheet-object.c:467)
==23401==    by 0x4EBBBE6: paste_object (clipboard.c:294)
==23401==    by 0x4EBC930: clipboard_paste_region (clipboard.c:575)
==23401==    by 0x4ECAF26: cmd_paste_copy_impl (commands.c:2959)
==23401==    by 0x4ECB336: cmd_paste_copy_redo (commands.c:3036)
==23401==  Address 0x183973ec is 44 bytes inside a block of size 144 free'd
==23401==    at 0x4C23DD8: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23401==    by 0x4F5C8D6: gnm_conventions_free (parse-util.c:1390)
==23401==    by 0x4FF5966: read_file_free_state (xml-sax-read.c:3099)
==23401==    by 0x4FF6402: xml_cellregion_read (xml-sax-read.c:3343)
==23401==    by 0x4F07B29: table_content_received (gui-clipboard.c:483)
==23401==    by 0x6C1DFE8: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.1800.6)
==23401==    by 0x892663D: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.2200.4)
==23401==    by 0x893BA12: ??? (in /usr/lib64/libgobject-2.0.so.0.2200.4)
==23401==    by 0x893CDC8: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.2200.4)
==23401==    by 0x893D133: g_signal_emit_by_name (in /usr/lib64/libgobject-2.0.so.0.2200.4)






Comment 6


Morten Welinder





          2010-09-21 18:14:03 UTC
        



This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.