After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 705637 - R1C1 parsing problems
R1C1 parsing problems
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export other
git master
Other Linux
: Normal critical
: ---
Assigned To: Morten Welinder
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2013-08-07 18:53 UTC by jutaky
Modified: 2013-08-08 14:53 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2013-08-07 18:53:46 UTC 
Segfault in link_range_dep on a fuzzed slk file.

Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_30945_13552.slk


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff78d072d in link_range_dep (deps=0x874bc0, dep=0x7efa00, r=0x7fffffffe060) at dependent.c:951
951			if (deps->range_hash[i] == NULL)
(gdb) bt

+ Trace 232355

  • #0 link_range_dep
    at dependent.c line 951
  • #1 link_unlink_range_dep
    at dependent.c line 1009
  • #2 link_unlink_cellrange_dep
    at dependent.c line 1050
  • #3 link_unlink_expr_dep
    at dependent.c line 1076
  • #4 link_unlink_expr_dep
    at dependent.c line 1100
  • #5 dependent_link
    at dependent.c line 1512
  • #6 gnm_cell_set_expr_and_value
    at cell.c line 194
  • #7 sylk_rtd_c_parse
    at sylk.c line 327
  • #8 sylk_parse_line
    at sylk.c line 761
  • #9 sylk_parse_sheet
    at sylk.c line 794
  • #10 sylk_file_open
    at sylk.c line 840
  • #11 go_plugin_loader_module_func_file_open
    at app/go-plugin-loader-module.c line 282
  • #12 go_plugin_file_opener_open
    at app/go-plugin-service.c line 685
  • #13 go_file_opener_open
    at app/file.c line 417
  • #14 workbook_view_new_from_input
    at workbook-view.c line 1277
  • #15 workbook_view_new_from_uri
    at workbook-view.c line 1337
  • #16 main
    at main-application.c line 321 

--
Juha Kylmänen
Research Assistant, OUSPG
Comment 1 Morten Welinder 2013-08-07 20:42:52 UTC 
==20522== Process terminating with default action of signal 11 (SIGSEGV)
==20522==  Bad permissions for mapped region at address 0x1372A188
==20522==    at 0x4EE6E86: link_range_dep (dependent.c:951)
==20522==    by 0x4EE8323: link_unlink_cellrange_dep (dependent.c:1009)
==20522==    by 0x4EE8760: link_unlink_expr_dep (dependent.c:1076)
==20522==    by 0x4EE882A: link_unlink_expr_dep (dependent.c:1100)
==20522==    by 0x4EE8DA9: dependent_link (dependent.c:1512)
==20522==    by 0x14A4D0F8: sylk_file_open (sylk.c:327)
==20522==    by 0x53EAC82: go_plugin_file_opener_open (go-plugin-service.c:685)
==20522==    by 0x4FC2DCE: workbook_view_new_from_input (workbook-view.c:1277)
==20522==    by 0x4FC301C: workbook_view_new_from_uri (workbook-view.c:1337)
==20522==    by 0x404756: convert (ssconvert.c:696)
==20522==    by 0x403A2C: main (ssconvert.c:856)
Comment 2 Morten Welinder 2013-08-08 14:53:18 UTC 
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.