Bug 749069 – Null pointer crash in crypt-md4.c on .gnumeric to xls conversion

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 749069 - Null pointer crash in crypt-md4.c on .gnumeric to xls conversion


Summary:	Null pointer crash in crypt-md4.c on .gnumeric to xls conversion


Status:	RESOLVED FIXED

Product:	Gnumeric
Classification:	Applications
Component:	import/export MS Excel (tm)
Version:	git master
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Jody Goldberg
QA Contact:	Jody Goldberg

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-05-07 14:10 UTC by jutaky
Modified:	2015-05-07 16:44 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description jutaky 2015-05-07 14:10:19 UTC

Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_24050_10624.2xls.gnumeric

ssconvert gnumeric_case_24050_10624.2xls.gnumeric /tmp/out.xls

==27729==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f895a8ef6ee sp 0x7ffe5e779080 bp 0x7ffe5e7790a0 T0)
    #0 0x7f895a8ef6ed in copy64 gnumeric/gnumeric/plugins/excel/crypt-md4.c:146
    #1 0x7f895a8efaf2 in mdfour gnumeric/gnumeric/plugins/excel/crypt-md4.c:172
    #2 0x7f895a88500e in excel_write_blip gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6297
    #3 0x7f895a88578e in excel_write_blips gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6338
    #4 0x7f895a887be5 in excel_write_workbook gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6507
    #5 0x7f895a8887e5 in excel_write_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6577
    #6 0x7f895a7e31c3 in excel_save gnumeric/gnumeric/plugins/excel/boot.c:304
    #7 0x7f895a7e366b in excel_biff8_file_save gnumeric/gnumeric/plugins/excel/boot.c:350
    #8 0x7f89808b30f8 in go_plugin_loader_module_func_file_save app/go-plugin-loader-module.c:366
    #9 0x7f89808ba50a in go_plugin_file_saver_save app/go-plugin-service.c:948
    #10 0x7f89808c33ec in go_file_saver_save app/file.c:848
    #11 0x7f898179c7bc in wbv_save_to_output gnumeric/gnumeric/src/workbook-view.c:1059
    #12 0x7f898179cc76 in wb_view_save_to_uri gnumeric/gnumeric/src/workbook-view.c:1093
    #13 0x7f898179d1e8 in wb_view_save_as gnumeric/gnumeric/src/workbook-view.c:1129
    #14 0x408c24 in convert gnumeric/gnumeric/src/ssconvert.c:831
    #15 0x409439 in main gnumeric/gnumeric/src/ssconvert.c:903
    #16 0x7f8979ed87ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #17 0x4040f8 in _start (apps/bin/ssconvert+0x4040f8)

--
Juha Kylmänen

Comment 1 Morten Welinder 2015-05-07 16:44:14 UTC

This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.