After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 312794 - Crash involving intersheet deps in sheet objects
Crash involving intersheet deps in sheet objects
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: Main System
git master
Other All
: Normal major
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2005-08-07 05:46 UTC by Drew.Parsons
Modified: 2005-08-12 20:18 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Drew.Parsons 2005-08-07 05:46:11 UTC 
Distribution: Debian testing/unstable
Package: Gnumeric
Severity: normal
Version: GNOME2.10.2 1.5.x
Gnome-Distributor: Debian
Synopsis: crashes when removing worksheet linked from another worksheet
Bugzilla-Product: Gnumeric
Bugzilla-Component: Main System
Bugzilla-Version: 1.5.x
BugBuddy-GnomeVersion: 2.0 (2.10.1)
Description:
Description of the crash:

I have a worksheet with which I have made a graph.  I copy the graph to
a second worksheet. I then decide I don't need the first worksheet and
go to remove it. Gnumeric crashes.

Steps to reproduce the crash:
1. Open Gnumeric (default empty worksheet)
2. Enter some data (e.g. 0,1,2.... in column A, =A1*A1, =A2*A2,... in
column B)
3, Make a graph of the data (e.g X-Y plot)
4. Copy the graph to a second sheet (Ctrl-C in one, Ctrl-V in the
other)
5. Remove the first sheet (right click on the tab at the bottom)

Expected Results:

Gnumeric should either give a warning that the data to be removed is
being used, or the copied graph in the second sheet should go blank.

How often does this happen?

Every time (reproducible by hand using the prescription above)

Additional Information:

Debian gnumeric package 1.5.2-1


Debugging Information:

Backtrace was generated from '/usr/bin/gnumeric'

(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(no debugging symbols found)
`system-supplied DSO at 0xffffe000' has disappeared; keeping its
symbols.
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1226657664 (LWP 7957)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
0x410c23ae in waitpid () from /lib/tls/libc.so.6

+ Trace 62261

Thread 1 (Thread -1226657664 (LWP 7957))

  • #0 waitpid
    from /lib/tls/libc.so.6
  • #1 libgnomeui_module_info_get
    from /usr/lib/libgnomeui-2.so.0
  • #2 <signal handler called>
  • #3 dependents_relocate
    from /usr/lib/libspreadsheet.so.0
  • #4 g_hash_table_foreach
    from /usr/lib/libglib-2.0.so.0
  • #5 dependents_relocate
    from /usr/lib/libspreadsheet.so.0
  • #6 dependents_relocate
    from /usr/lib/libspreadsheet.so.0
  • #7 dependents_invalidate_sheets
    from /usr/lib/libspreadsheet.so.0
  • #8 dependents_invalidate_sheet
    from /usr/lib/libspreadsheet.so.0
  • #9 workbook_sheet_delete
    from /usr/lib/libspreadsheet.so.0
  • #10 scg_delete_sheet_if_possible
    from /usr/lib/libspreadsheet.so.0
  • #11 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0
  • #12 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #13 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #14 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #15 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #16 gtk_widget_activate
    from /usr/lib/libgtk-x11-2.0.so.0
  • #17 gtk_menu_shell_activate_item
    from /usr/lib/libgtk-x11-2.0.so.0
  • #18 _gtk_menu_shell_activate
    from /usr/lib/libgtk-x11-2.0.so.0
  • #19 gtk_menu_reorder_child
    from /usr/lib/libgtk-x11-2.0.so.0
  • #20 _gtk_marshal_BOOLEAN__BOXED
    from /usr/lib/libgtk-x11-2.0.so.0
  • #21 g_cclosure_new_swap
    from /usr/lib/libgobject-2.0.so.0
  • #22 g_closure_invoke
    from /usr/lib/libgobject-2.0.so.0
  • #23 g_signal_emit_by_name
    from /usr/lib/libgobject-2.0.so.0
  • #24 g_signal_emit_valist
    from /usr/lib/libgobject-2.0.so.0
  • #25 g_signal_emit
    from /usr/lib/libgobject-2.0.so.0
  • #26 gtk_widget_send_expose
    from /usr/lib/libgtk-x11-2.0.so.0
  • #27 gtk_propagate_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #28 gtk_main_do_event
    from /usr/lib/libgtk-x11-2.0.so.0
  • #29 _gdk_events_queue
    from /usr/lib/libgdk-x11-2.0.so.0
  • #30 g_main_depth
    from /usr/lib/libglib-2.0.so.0
  • #31 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #32 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #33 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #34 bonobo_main
    from /usr/lib/libbonobo-2.so.0
  • #35 main
  • #0 waitpid
    from /lib/tls/libc.so.6 




------- Bug moved to this database by unknown@gnome.bugs 2005-08-07 05:46 UTC -------


The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, unknown@gnome.bugs.
   Previous reporter was Drew.Parsons@anu.edu.au.
Comment 1 Jean Bréfort 2005-08-07 16:28:05 UTC 
Confirmed. I get this trace with gdb:

+ Trace 62265

  • #0 cb_dep_hash_destroy
    at dependent.c line 1711
  • #1 g_hash_table_foreach
    from /usr/lib/libglib-2.0.so.0
  • #2 dep_hash_destroy
    at dependent.c line 1760
  • #3 dependents_invalidate_sheets
    at dependent.c line 2030
  • #4 dependents_invalidate_sheet
    at dependent.c line 2100
  • #5 workbook_sheet_dele te
    at workbook.c line 1069
  • #6 scg_delete_sheet_if_possible
    at workbook-control-gui.c line 485
  • #7 g_cclosure_marshal_VOID__VOID
    from /usr/lib/libgobject-2.0.so.0 






Comment 2


Morten Welinder





          2005-08-12 18:08:57 UTC
        



This is the problem:

      FMR: Free memory read (2 times)
      This is occurring while in:
            cb_dep_hash_destroy [dependent.c:1711 pc=0xfb49c510]
            g_hash_table_foreach [ghash.c:563 pc=0xf9aa7ee4]
            dep_hash_destroy [dependent.c:1760 pc=0xfb49c81c]
            do_deps_invalidate [dependent.c:2030 pc=0xfb49d3b8]
            dependents_invalidate_sheets [dependent.c:2136 pc=0xfb49d7b8]
            dependents_invalidate_sheet [dependent.c:2100 pc=0xfb49d6a0]
            workbook_sheet_delete [workbook.c:1062 pc=0xfb59be84]
            scg_delete_sheet_if_possible [workbook-control-gui.c:485 pc=0xfb5a67f8]
            g_cclosure_marshal_VOID__VOID [gmarshal.c:77 pc=0xf9f9a490]
            g_closure_invoke [gclosure.c:492 pc=0xf9f6f734]
            signal_emit_unlocked_R [gsignal.c:2485 pc=0xf9f97e58]
            g_signal_emit_valist [gsignal.c:2244 pc=0xf9f94b24]
            g_signal_emit  [gsignal.c:2288 pc=0xf9f95058]
            gtk_widget_activate [gtkwidget.c:3680 pc=0xfa79fe6c]
            gtk_menu_shell_activate_item [gtkmenushell.c:944 pc=0xfa600c80]
            gtk_menu_shell_button_release [gtkmenushell.c:556 pc=0xfa5ff7a8]
            gtk_menu_button_release [gtkmenu.c:2551 pc=0xfa5f2454]
            _gtk_marshal_BOOLEAN__BOXED [gtkmarshalers.c:83 pc=0xfa5e6588]
            g_type_class_meta_marshal [gclosure.c:569 pc=0xf9f6fbac]
            g_closure_invoke [gclosure.c:492 pc=0xf9f6f734]
            signal_emit_unlocked_R [gsignal.c:2523 pc=0xf9f98930]
            g_signal_emit_valist [gsignal.c:2254 pc=0xf9f94ba8]
            g_signal_emit  [gsignal.c:2288 pc=0xf9f95058]
            gtk_widget_event_internal [gtkwidget.c:3649 pc=0xfa79fcf0]
            gtk_widget_event [gtkwidget.c:3437 pc=0xfa79f6c0]
      Reading 4 bytes from 0xd31de4 in the heap.
      Address 0xd31de4 is 4 bytes into a freed  block at 0xd31de0 of 8 bytes.
      This block was allocated from:
            malloc         [rtlib.o pc=0x2d400]
            calloc         [rtlib.o pc=0x2e584]
            g_malloc0      [gmem.c:154 pc=0xf9ac863c]
            g_slist_alloc  [gslist.c:204 pc=0xf9ae154c]
            g_slist_prepend [gslist.c:259 pc=0xf9ae1654]
            micro_hash_insert [dependent.c:386 pc=0xfb497e58]
            link_range_dep [dependent.c:608 pc=0xfb498a24]
            link_cellrange_dep [dependent.c:676 pc=0xfb498ed8]
            link_expr_dep  [dependent.c:736 pc=0xfb499248]
            dependent_link [dependent.c:1018 pc=0xfb499fd4]
            dependent_set_sheet [dependent.c:201 pc=0xfb4977cc]
            gnm_go_data_set_sheet [graph.c:151 pc=0xfb4bf68c]
            sog_data_set_sheet [sheet-object-graph.c:126 pc=0xfb568d84]
            sog_datas_set_sheet [sheet-object-graph.c:146 pc=0xfb568e50]
            sheet_object_graph_set_sheet [sheet-object-graph.c:466 pc=0xfb569f7c]
            sheet_object_set_sheet [sheet-object.c:330 pc=0xfb55d5c4]
            paste_object   [clipboard.c:228 pc=0xfb473a80]
            clipboard_paste_region [clipboard.c:266 pc=0xfb473ba4]
            cmd_paste_copy_impl [commands.c:2778 pc=0xfb484e9c]
            cmd_paste_copy_redo [commands.c:2827 pc=0xfb4850f8]
            command_push_undo [commands.c:719 pc=0xfb47d158]
            cmd_paste_copy [commands.c:2942 pc=0xfb485988]
            cmd_paste      [cmd-edit.c:357 pc=0xfb476d5c]
            cmd_paste_to_selection [cmd-edit.c:386 pc=0xfb476ebc]
            cb_edit_paste  [wbcg-actions.c:295 pc=0xfb5b4260]
      There have been 1 frees since this block was freed from:
            free           [rtlib.o pc=0x2d734]
            g_free         [gmem.c:187 pc=0xf9ac879c]
            g_slist_free_1 [gslist.c:226 pc=0xf9ae15c8]
            micro_hash_remove [dependent.c:408 pc=0xfb497fb4]
            unlink_range_dep [dependent.c:635 pc=0xfb498c64]
            unlink_cellrange_dep [dependent.c:708 pc=0xfb4990b8]
            unlink_expr_dep [dependent.c:823 pc=0xfb4996a4]
            dependent_unlink [dependent.c:1043 pc=0xfb49a160]
            dependent_set_expr [dependent.c:155 pc=0xfb4975ec]
            cb_dep_hash_destroy [dependent.c:1729 pc=0xfb49c500]
            g_hash_table_foreach [ghash.c:563 pc=0xf9aa7ee4]
            dep_hash_destroy [dependent.c:1760 pc=0xfb49c81c]
            do_deps_invalidate [dependent.c:2030 pc=0xfb49d3b8]
            dependents_invalidate_sheets [dependent.c:2136 pc=0xfb49d7b8]
            dependents_invalidate_sheet [dependent.c:2100 pc=0xfb49d6a0]
            workbook_sheet_delete [workbook.c:1062 pc=0xfb59be84]
            scg_delete_sheet_if_possible [workbook-control-gui.c:485 pc=0xfb5a67f8]
            g_cclosure_marshal_VOID__VOID [gmarshal.c:77 pc=0xf9f9a490]
            g_closure_invoke [gclosure.c:492 pc=0xf9f6f734]
            signal_emit_unlocked_R [gsignal.c:2485 pc=0xf9f97e58]
            g_signal_emit_valist [gsignal.c:2244 pc=0xf9f94b24]
            g_signal_emit  [gsignal.c:2288 pc=0xf9f95058]
            gtk_widget_activate [gtkwidget.c:3680 pc=0xfa79fe6c]
            gtk_menu_shell_activate_item [gtkmenushell.c:944 pc=0xfa600c80]
            gtk_menu_shell_button_release [gtkmenushell.c:556 pc=0xfa5ff7a8]







Comment 3


Morten Welinder





          2005-08-12 20:18:28 UTC
        



Fixed in cvs.