After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 703625 - Segfault in go_image_set_name on a corrupted (fuzzed) gnumeric file
Segfault in go_image_set_name on a corrupted (fuzzed) gnumeric file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export other
git master
Other Linux
: Normal critical
: ---
Assigned To: Morten Welinder
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2013-07-04 18:28 UTC by jutaky
Modified: 2013-07-04 19:29 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2013-07-04 18:28:26 UTC 
Segfault in go_image_set_name on a corrupted (fuzzed) gnumeric file.

Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_2122_27732.gnumeric


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff75469a1 in go_image_set_name (image=0x0, name=0x7c2610 "Image") at utils/go-image.c:722
722		g_free (image->name);
(gdb) bt

+ Trace 232188

  • #0 go_image_set_name
    at utils/go-image.c line 722
  • #1 go_doc_image_fetch
    at app/go-doc.c line 677
  • #2 gnm_soi_assign_to_sheet
    at sheet-object-image.c line 564
  • #3 sheet_object_set_sheet
    at sheet-object.c line 546
  • #4 gnm_xml_finish_obj
    at xml-sax-read.c line 436
  • #5 xml_sax_object_end
    at xml-sax-read.c line 2428
  • #6 gsf_xml_in_end_element
    at gsf-libxml.c line 844
  • #7 xmlParseEndTag1
    at parser.c line 8683
  • #8 xmlParseElement__internal_alias
    at parser.c line 10086
  • #9 xmlParseContent__internal_alias
    at parser.c line 9885
  • #10 xmlParseElement__internal_alias
    at parser.c line 10058
  • #11 xmlParseContent__internal_alias
    at parser.c line 9885
  • #12 xmlParseElement__internal_alias
    at parser.c line 10058
  • #13 xmlParseContent__internal_alias
    at parser.c line 9885
  • #14 xmlParseElement__internal_alias
    at parser.c line 10058
  • #15 xmlParseContent__internal_alias
    at parser.c line 9885
  • #16 xmlParseElement__internal_alias
    at parser.c line 10058
  • #17 xmlParseDocument__internal_alias
    at parser.c line 10742
  • #18 gsf_xml_in_doc_parse
    at gsf-libxml.c line 1289
  • #19 read_file_common
    at xml-sax-read.c line 3350
  • #20 gnm_xml_file_open
    at xml-sax-read.c line 3479
  • #21 go_file_opener_open_real
    at app/file.c line 159
  • #22 go_file_opener_open
    at app/file.c line 417
  • #23 workbook_view_new_from_input
    at workbook-view.c line 1272
  • #24 workbook_view_new_from_uri
    at workbook-view.c line 1332
  • #25 main
    at main-application.c line 321 

--
Juha Kylmänen
Research Assistant, OUSPG
Comment 1 Andreas J. Guelzow 2013-07-04 19:29:01 UTC 
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.