GNOME Bugzilla – Bug 698424
Crash on broken xls file
Last modified: 2013-04-24 15:55:00 UTC
Created attachment 241959 [details] Deliberately broken file ... (/home/welinder/gnome/gnumeric/src/.libs/lt-ssconvert:7448): GLib-ERROR **: /build/buildd/glib2.0-2.34.1/./glib/gmem.c:165: failed to allocate 34359738377 bytes Trace/breakpoint trap (core dumped) Exit code 133
Created attachment 241960 [details] Deliberately broken file Segmentation fault (core dumped)
Created attachment 241961 [details] Deliberately broken file Segmentation fault (core dumped)
Initial item fixed in my tree.
Created attachment 242008 [details] Deliberately broken file Valgrind errors in gsf for this one. ==15771== Conditional jump or move depends on uninitialised value(s) ==15771== at 0x56F17BF: gsf_infile_msole_read (gsf-infile-msole.c:711) ==15771== by 0x56EC25C: gsf_input_read (gsf-input.c:375) ==15771== by 0x1218D405: ms_biff_query_next (ms-biff.c:442) ==15771== by 0x121A95DB: excel_read_sheet (ms-excel-read.c:6523) ==15771== by 0x121A9F87: excel_read_BOF (ms-excel-read.c:6976) ==15771== by 0x121AA6D7: excel_read_workbook (ms-excel-read.c:7066) ==15771== by 0x1218C46E: excel_enc_file_open (boot.c:192) ==15771== by 0x539A812: go_plugin_file_opener_open (go-plugin-service.c:685) ==15771== by 0x4F82A54: workbook_view_new_from_input (workbook-view.c:1273) ==15771== by 0x4F82C20: workbook_view_new_from_uri (workbook-view.c:1333) ==15771== by 0x403772: convert (ssconvert.c:696) ==15771== by 0x4047EE: main (ssconvert.c:855) ==15771== Uninitialised value was created by a heap allocation ==15771== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==15771== by 0x4C2B472: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==15771== by 0x5BB177E: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==15771== by 0x5B811C2: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==15771== by 0x5B812A3: g_array_sized_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==15771== by 0x56F05A8: ole_make_bat (gsf-infile-msole.c:158) ==15771== by 0x56F10D6: gsf_infile_msole_new_child (gsf-infile-msole.c:810) ==15771== by 0x56F001D: gsf_infile_child_by_name (gsf-infile.c:112) ==15771== by 0x1218C3F5: excel_enc_file_open (boot.c:87) ==15771== by 0x539A812: go_plugin_file_opener_open (go-plugin-service.c:685) ==15771== by 0x4F82A54: workbook_view_new_from_input (workbook-view.c:1273) ==15771== by 0x4F82C20: workbook_view_new_from_uri (workbook-view.c:1333)
Comment on attachment 242008 [details] Deliberately broken file Problem fixed in gsf
Comment on attachment 241959 [details] Deliberately broken file Problem fixed
Created attachment 242034 [details] Deliberately broken file ==19594== Conditional jump or move depends on uninitialised value(s) ==19594== at 0x59B50C8: ??? (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3400.1) ==19594== by 0x59B3DA6: g_param_value_validate (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3400.1) ==19594== by 0x59AEA47: g_object_newv (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3400.1) ==19594== by 0x59AF03F: g_object_new_valist (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3400.1) ==19594== by 0x59AF373: g_object_new (in /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.3400.1) ==19594== by 0x1245F63A: xls_read_SXVD (xls-read-pivot.c:681) ==19594== by 0x124337C1: excel_read_sheet (ms-excel-read.c:6755) ==19594== by 0x1243420F: excel_read_BOF (ms-excel-read.c:6977) ==19594== by 0x1243495F: excel_read_workbook (ms-excel-read.c:7067) ==19594== by 0x1241646E: excel_enc_file_open (boot.c:192) ==19594== by 0x541D812: go_plugin_file_opener_open (go-plugin-service.c:685) ==19594== by 0x4FEF1BB: workbook_view_new_from_input (workbook-view.c:1273) ==19594== by 0x4FEF37D: workbook_view_new_from_uri (workbook-view.c:1333) ==19594== by 0x404789: convert (ssconvert.c:696) ==19594== by 0x404E56: main (ssconvert.c:855) ==19594== Uninitialised value was created by a heap allocation ==19594== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19594== by 0x5C346E0: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==19594== by 0x1242770C: gnm_xl_importer_new (ms-excel-read.c:3403) ==19594== by 0x124344E9: excel_read_workbook (ms-excel-read.c:7041) ==19594== by 0x1241646E: excel_enc_file_open (boot.c:192) ==19594== by 0x541D812: go_plugin_file_opener_open (go-plugin-service.c:685) ==19594== by 0x4FEF1BB: workbook_view_new_from_input (workbook-view.c:1273) ==19594== by 0x4FEF37D: workbook_view_new_from_uri (workbook-view.c:1333) ==19594== by 0x404789: convert (ssconvert.c:696) ==19594== by 0x404E56: main (ssconvert.c:855)
Created attachment 242035 [details] Deliberately broken file Unknown script 64 ==19935== Use of uninitialised value of size 8 ==19935== at 0x5C1EA23: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==19935== by 0x4FC992F: sh_lookup (sheet-style.c:85) ==19935== by 0x4FC9B31: sheet_style_find (sheet-style.c:198) ==19935== by 0x4FC9C5B: rstyle_ctor_style (sheet-style.c:251) ==19935== by 0x4FCBED7: sheet_style_set_range (sheet-style.c:1356) ==19935== by 0x12432A25: excel_read_sheet (ms-excel-read.c:6520) ==19935== by 0x1243420F: excel_read_BOF (ms-excel-read.c:6977) ==19935== by 0x1243495F: excel_read_workbook (ms-excel-read.c:7067) ==19935== by 0x1241646E: excel_enc_file_open (boot.c:192) ==19935== by 0x541D812: go_plugin_file_opener_open (go-plugin-service.c:685) ==19935== by 0x4FEF1BB: workbook_view_new_from_input (workbook-view.c:1273) ==19935== by 0x4FEF37D: workbook_view_new_from_uri (workbook-view.c:1333) ==19935== by 0x404789: convert (ssconvert.c:696) ==19935== by 0x404E56: main (ssconvert.c:855) ==19935== Uninitialised value was created by a heap allocation ==19935== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==19935== by 0x5C346E0: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==19935== by 0x12422620: excel_read_FONT (ms-excel-read.c:1614) ==19935== by 0x124349A5: excel_read_workbook (ms-excel-read.c:7076) ==19935== by 0x1241646E: excel_enc_file_open (boot.c:192) ==19935== by 0x541D812: go_plugin_file_opener_open (go-plugin-service.c:685) ==19935== by 0x4FEF1BB: workbook_view_new_from_input (workbook-view.c:1273) ==19935== by 0x4FEF37D: workbook_view_new_from_uri (workbook-view.c:1333) ==19935== by 0x404789: convert (ssconvert.c:696) ==19935== by 0x404E56: main (ssconvert.c:855)
Created attachment 242041 [details] Deliberately broken file ==22169== 34 (16 direct, 18 indirect) bytes in 1 blocks are definitely lost in loss record 1,373 of 3,038 ==22169== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==22169== by 0x5C346E0: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==22169== by 0x5C497D2: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==22169== by 0x5C1B3A0: g_error_new_valist (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==22169== by 0x5C1B4C0: g_error_new (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==22169== by 0x5774B31: gsf_infile_msole_new (gsf-infile-msole.c:639) ==22169== by 0x124163CD: excel_enc_file_open (boot.c:157) ==22169== by 0x541D812: go_plugin_file_opener_open (go-plugin-service.c:685) ==22169== by 0x4FEF1BB: workbook_view_new_from_input (workbook-view.c:1273) ==22169== by 0x4FEF37D: workbook_view_new_from_uri (workbook-view.c:1333) ==22169== by 0x404789: convert (ssconvert.c:696) ==22169== by 0x404E56: main (ssconvert.c:855)
Comment on attachment 241961 [details] Deliberately broken file Problem fixed
Comment on attachment 242035 [details] Deliberately broken file Fixed
Comment on attachment 242034 [details] Deliberately broken file Problem fixed
Comment on attachment 242041 [details] Deliberately broken file Problem solved
Comment on attachment 241960 [details] Deliberately broken file Worked around in goffice
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.