Bug 749917 – Hang / undefined-behavior, division by zero print.c:827

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 749917 - Hang / undefined-behavior, division by zero print.c:827


Summary:	Hang / undefined-behavior, division by zero print.c:827


Status:	RESOLVED FIXED

Product:	Gnumeric
Classification:	Applications
Component:	import/export MS Excel (tm)
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Jody Goldberg
QA Contact:	Jody Goldberg

URL:	http://jutaky.com/fuzzing/gnumeric_ca...
Whiteboard:

Depends on:
Blocks:

Reported:	2015-05-26 17:04 UTC by jutaky
Modified:	2015-05-27 20:27 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description jutaky 2015-05-26 17:04:20 UTC

Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_26652_123801.2pdf.xls

$ ssconvert gnumeric_case_26652_123801.2pdf.xls /tmp/out.pdf

print.c:827:55: runtime error: division by zero
SUMMARY: AddressSanitizer: undefined-behavior print.c:827

Also, when the test case is opened using Gnumeric, it complains "Invalid MS property stream header or file truncated" and on closing the dialog Gnumeric appears to hang.

CPU usage is constant 100% until killed.

--
Juha Kylmänen

Comment 1 Morten Welinder 2015-05-27 20:21:47 UTC

fixed, I think.

This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.

Comment 2 Morten Welinder 2015-05-27 20:27:18 UTC

The hang is just gtk+ sweating over a box with 40k+ buttons in it, I
think.  I don't think I want to do anything over that.