After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 554848 - ole_info_read_metabat critical
ole_info_read_metabat critical
Status: RESOLVED FIXED
Product: libgsf
Classification: Core
Component: MS OLE2 & Properties
unspecified
Other All
: Normal normal
: ---
Assigned To: Stepan Kasal
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2008-10-03 12:47 UTC by sum1
Modified: 2008-10-05 17:57 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
fuzzed .doc file (28.00 KB, application/msword)
2008-10-03 12:49 UTC, sum1 		Details

Description sum1 2008-10-03 12:47:51 UTC 
Version: r1008
OS: Ubuntu Hardy

Note: The upcoming .doc file was fuzzed.


Steps to reproduce:
- gsf list upcoming_file.doc


Console output:

libgsf:msole-CRITICAL **: ole_info_read_metabat: assertion `*bats < max_bat || *bats >= BAT_MAGIC_METABAT' failed


Backtrace:

(gdb) bt

+ Trace 207698

  • #0 IA__g_log
    at /build/buildd/glib2.0-2.16.4/glib/gmessages.c line 516
  • #1 IA__g_return_if_fail_warning
    at /build/buildd/glib2.0-2.16.4/glib/gmessages.c line 532
  • #2 ole_info_read_metabat
    at gsf-infile-msole.c line 208
  • #3 ole_init_info
    at gsf-infile-msole.c line 545
  • #4 gsf_infile_msole_new
    at gsf-infile-msole.c line 932
  • #5 open_archive
    at gsf.c line 56
  • #6 gsf_list
    at gsf.c line 166
  • #7 main
    at gsf.c line 394
  • #2 ole_info_read_metabat 
    metabat_end=0x8056a0c) at gsf-infile-msole.c:208
208					g_return_val_if_fail (*bats < max_bat ||
(gdb) p max_bat
$1 = 128
(gdb) p *bats
$2 = 131075
Comment 1 sum1 2008-10-03 12:49:09 UTC 
Created attachment 119859 [details]
fuzzed .doc file
Comment 2 Morten Welinder 2008-10-05 17:57:33 UTC 
Apart from throwing a critical, this worked just fine.  I changing the
error reporting to using g_warning.

This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.