Bug 749395 – Large leak from utils/go-pixbuf.c on a fuzzed .gnumeric file

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 749395 - Large leak from utils/go-pixbuf.c on a fuzzed .gnumeric file


Summary:	Large leak from utils/go-pixbuf.c on a fuzzed .gnumeric file


Status:	RESOLVED FIXED

Product:	Gnumeric
Classification:	Applications
Component:	import/export MS Excel (tm)
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Jody Goldberg
QA Contact:	Jody Goldberg

URL:	http://jutaky.com/fuzzing/gnumeric_ca...
Whiteboard:

Depends on:
Blocks:

Reported:	2015-05-14 20:46 UTC by jutaky
Modified:	2015-05-14 21:43 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description jutaky 2015-05-14 20:46:23 UTC

Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_9398_85.gnumeric

$ ssconvert gnumeric_case_9398_85.gnumeric /tmp/out.gnumeric

==22558==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4503628 byte(s) in 3 object(s) allocated from:
    #0 0x4bf952 in __interceptor_malloc (apps/bin/ssconvert+0x4bf952)
    #1 0x7f3b72443d3f in g_try_malloc gnumeric/glib/glib/gmem.c:244
    #2 0x7f3b7a2cdba5 in go_pixbuf_load_data gnumeric/goffice/goffice/utils/go-pixbuf.c:164:26
    #3 0x7f3b7a2b83ba in go_image_load_data gnumeric/goffice/goffice/utils/go-image.c:794:20
    #4 0x7f3b79905c72 in load_image_data gnumeric/goffice/goffice/app/go-doc.c:574:2
    #5 0x7f3b7896341a in gsf_xml_in_end_element gnumeric/libgsf/gsf/gsf-libxml.c:863:3
    #6 0x7f3b76b0d660 in xmlParseEndTag1 gnumeric/libxml2/parser.c:8747:9
    #7 0x7f3b76b29601 in xmlParseElement__internal_alias gnumeric/libxml2/parser.c:10191:2
    #8 0x7f3b76b1d14a in xmlParseContent__internal_alias gnumeric/libxml2/parser.c:9990:6
    #9 0x7f3b76b27c97 in xmlParseElement__internal_alias gnumeric/libxml2/parser.c:10163:5
    #10 0x7f3b76b1d14a in xmlParseContent__internal_alias gnumeric/libxml2/parser.c:9990:6
    #11 0x7f3b76b27c97 in xmlParseElement__internal_alias gnumeric/libxml2/parser.c:10163:5
    #12 0x7f3b76b7a4ce in xmlParseDocument__internal_alias gnumeric/libxml2/parser.c:10849:2
    #13 0x7f3b789402c3 in gsf_xml_in_doc_parse gnumeric/libgsf/gsf/gsf-libxml.c:1338:2
    #14 0x7f3b7cb78ccf in read_file_common gnumeric/gnumeric/src/xml-sax-read.c:3401:7
    #15 0x7f3b7cb83d00 in gnm_xml_file_open gnumeric/gnumeric/src/xml-sax-read.c:3530:7
    #16 0x7f3b799aacd8 in go_file_opener_open_real gnumeric/goffice/goffice/app/file.c:159:4
    #17 0x7f3b7998f56b in go_file_opener_open gnumeric/goffice/goffice/app/file.c:417:2
    #18 0x7f3b7ca076f7 in workbook_view_new_from_input gnumeric/gnumeric/src/workbook-view.c:1278:3
    #19 0x7f3b7ca082e0 in workbook_view_new_from_uri gnumeric/gnumeric/src/workbook-view.c:1337:9
    #20 0x4e7171 in convert gnumeric/gnumeric/src/ssconvert.c:715:9
    #21 0x4e49fc in main gnumeric/gnumeric/src/ssconvert.c:903:9
    #22 0x7f3b71a2a7ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)

SUMMARY: AddressSanitizer: 4503628 byte(s) leaked in 3 allocation(s).

--
Juha Kylmänen

Comment 1 Morten Welinder 2015-05-14 21:43:33 UTC

This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.