GNOME Bugzilla – Bug 751577
Out-of-bounds read in stf.c:477 on a fuzzed csv file
Last modified: 2015-06-28 17:18:55 UTC
Git versions of glib, goffice, gnumeric, libgsf and libxml2. Test case: http://jutaky.com/fuzzing/gnumeric_case_001-stf.c.477.csv $ ssconvert gnumeric_case_001-stf.c.477.csv /tmp/out.gnumeric ==11801==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7fc4658b0d1d bp 0x7ffe1643f3d0 sp 0x7ffe1643ed80 T0) #0 0x7fc4658b0d1c in stf_read_workbook_auto_csvtab gnumeric/gnumeric/src/stf.c:477:9 #1 0x7fc464030d53 in go_file_opener_open_real gnumeric/goffice/goffice/app/file.c:156:34 #2 0x7fc46401e1c8 in go_file_opener_open gnumeric/goffice/goffice/app/file.c:417:2 #3 0x7fc4659a971a in workbook_view_new_from_input gnumeric/gnumeric/src/workbook-view.c:1278:3 #4 0x7fc4659aa310 in workbook_view_new_from_uri gnumeric/gnumeric/src/workbook-view.c:1337:9 #5 0x4e1031 in convert gnumeric/gnumeric/src/ssconvert.c:721:9 #6 0x4ded93 in main gnumeric/gnumeric/src/ssconvert.c:913:9 #7 0x7fc45e43778f in __libc_start_main (/usr/lib/libc.so.6+0x2078f) #8 0x437c58 in _start (apps/bin/ssconvert+0x437c58) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV gnumeric/gnumeric/src/stf.c:477 stf_read_workbook_auto_csvtab -- Juha Kylmänen
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.