GNOME Bugzilla – Bug 498347
Crash undoing/redoing delete row that changes named range with dependents
Last modified: 2007-11-21 03:15:55 UTC
I've manage to get gnumeric (built from svn trunk) to segfault a few times when playing around with deleting parts of named ranges and then undoing and redoing the deletion. I haven't been able to come up with a consistent set of steps to trigger this crash -- it sometimes works, sometimes doesn't. Here's what I've been doing (starting off with a new spreadsheet): 1. Enter random values in the range $A$1:$B$6 2. Define the name 'range1' to refer to $A$1:$A$6 3. Define the name 'range2' to refer to $B$1:$B$6 4. Enter the expression "=range1+range2" in $C$1 5. Copy this down through the range $C$1:$C$6 6. Delete row 4 7. Hit ^Z (undo) 8. Hit ^Y (redo) 9. GOTO 7 Eventually gnumeric will crash. Unless it doesn't; if it doesn't, then restart gnumeric and try again. Looking at the backtraces, the problem is in the call to g_hash_table_foreach from dependents_relocate (line 2065 of dependent.c). The names hash table has got corrupted, causing the call to cb_relocate_name to segfault. Bug 312120 may be related to this one; I came across the crash when trying to debug that problem.
Created attachment 99363 [details] Backtrace from crash in dependents_relocate
Created attachment 99364 [details] Another backtrace of crash
Created attachment 99365 [details] Backtrace from crash when inserting row This may or may not be the same problem as the other two backtraces. I can't remember exactly what I how I triggered this one (it was a couple of days ago); I think I might have inserted a row instead of deleting one and got the crash in the undo/redo cycle as before.
Created attachment 99401 [details] [review] Patch This patch fixes two different issues with that operation.
Comment on attachment 99401 [details] [review] Patch Looks good.
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.