GNOME Bugzilla – Bug 490479
Crash when pasting from OpenOffice.org Calc
Last modified: 2009-05-16 19:20:35 UTC
Open the attached file in OpenOffice.org Calc. Mark A1:F21. Copy. Paste into gnumeric. Gnumeric segfaults. Seen on Ubuntu Gutsy with both gnumeric HEAD and gnumeric 1.7.11. Version of OpenCalc is 2.3.0 (1:2.3.0-1ubuntu5)
Created attachment 97910 [details] Spreadsheet to reproduce the crash
Warnings/Criticals from Gnumeric: Unexpected element 'chart:categories' in state : document-content -> body -> chart -> chart -> plot-area -> axis Unexpected element 'chart:data-point' in state : document-content -> body -> chart -> chart -> plot-area -> series ** (gnumeric:21523): CRITICAL **: gog_object_add_by_role: assertion `role != NULL' failed Unexpected element 'chart:floor' in state : document-content -> body -> chart -> chart -> plot-area Unexpected element 'table:table' in state : document-content -> body -> chart -> chart ** (gnumeric:21523): CRITICAL **: dependent_link: assertion `IS_SHEET (dep->sheet)' failed ** (gnumeric:21523): CRITICAL **: dependent_link: assertion `IS_SHEET (dep->sheet)' failed Segmentation fault (core dumped) Backtrace:
+ Trace 173003
> ** (gnumeric:21523): CRITICAL **: gog_object_add_by_role: assertion `role != NULL' failed Fixed: 2007-10-27 Morten Welinder <terra@gnome.org> * openoffice-read.c (od_chart_wall): Grid got renamed to Backplane, so change here. > ** (gnumeric:21523): CRITICAL **: dependent_link: assertion `IS_SHEET (dep->sheet)' failed Not yet fixed. We are somehow referring to a deleted sheet. Unsurprisingly things go downhill from there. ==6782== Invalid read of size 4 ==6782== at 0x4096D8C: dependent_link (dependent.c:1311) ==6782== by 0x40970FF: dependent_set_sheet (dependent.c:418) ==6782== by 0x40B11EC: gnm_go_data_dup (graph.c:58) ==6782== by 0x433B896: go_data_dup (go-data.c:107) ==6782== by 0x433FFEA: gog_object_dup (gog-object.c:962) ==6782== by 0x433FF57: gog_object_dup (gog-object.c:1018) ==6782== by 0x433FF57: gog_object_dup (gog-object.c:1018) ==6782== by 0x433FF57: gog_object_dup (gog-object.c:1018) ==6782== by 0x43483E2: gog_graph_dup (gog-graph.c:462) ==6782== by 0x410B165: gnm_sog_copy (sheet-object-graph.c:382) ==6782== by 0x41049BF: sheet_object_dup (sheet-object.c:868) ==6782== by 0x432D3F7: go_slist_map (go-glib-extras.c:132) ==6782== by 0x408D1EA: cmd_paste_copy (commands.c:2930) ==6782== by 0x40B3402: table_content_received (gui-clipboard.c:317) ==6782== by 0x4866F44: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x472DA50: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x538A918: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539D9EC: (within /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539F63E: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539F8FF: g_signal_emit_by_name (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== Address 0xCB651C8 is 0 bytes inside a block of size 300 free'd ==6782== at 0x402243F: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==6782== by 0x53F2BD0: g_free (in /usr/lib/libglib-2.0.so.0.1400.1) ==6782== by 0x53A8EE2: g_type_free_instance (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x4129101: workbook_sheet_delete (workbook.c:927) ==6782== by 0x4129D1C: workbook_dispose (workbook.c:127) ==6782== by 0x538CB5B: g_object_unref (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x40B317D: table_cellregion_read (gui-clipboard.c:245) ==6782== by 0x40B33D0: table_content_received (gui-clipboard.c:294) ==6782== by 0x4866F44: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x472DA50: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x538A918: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539D9EC: (within /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539F63E: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539F8FF: g_signal_emit_by_name (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x478F6E1: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x478F8A4: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x472F8A3: (within /usr/lib/libgtk-x11-2.0.so.0.1200.0) ==6782== by 0x53891F8: (within /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x538A918: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1400.1) ==6782== by 0x539DB81: (within /usr/lib/libgobject-2.0.so.0.1400.1)
The patch for this was in the last release. 1.7.14. It wasn't that we were pointing at a deleted sheet. Rather we were treating a relative reference as if it was absolute, and pulling up cells in col -1. The key was to parse the ranges relative to A1 rather than the cell containing the chart.
This still crashes here.
The problems of just loading the file directly are fixed. This crash is as morten described, related to deleted sheets. For 1.9 it is time to rework the way sheet links are handled.
Time has gone by, but this copy-paste problem still persists!
I understand the problems here.
Crash fixed. This was not OOO related per se. The graph doesn't survive the paste very well, but that is an unrelated problem. This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.