Bug 555161 – Invalid write in gog_probability_plot_series_update()

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 555161 - Invalid write in gog_probability_plot_series_update()


Summary:	Invalid write in gog_probability_plot_series_update()


Status:	RESOLVED FIXED

Product:	libgoffice
Classification:	Other
Component:	Graphing / Charting
Version:	unspecified
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Jean Bréfort
QA Contact:	Jody Goldberg

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2008-10-05 22:47 UTC by sum1
Modified:	2008-10-06 06:04 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description sum1 2008-10-05 22:47:16 UTC

Version: r2228
OS: Ubuntu Hardy


Steps to reproduce:
- Enter "0" in A1 (no quotes)
- Press the up key to make A1 the active cell
- Insert > Chart
- Choose the "Statistics" plot type
- Click on the bottom subtype (the "Probability plot") to trigger the invalid write


Valgrind output:

==18368== Invalid write of size 8
==18368==    at 0x802A942: gog_probability_plot_series_update (gog-probability-plot.c:438)
==18368==    by 0x45EE6EE: gog_object_update (gog-object.c:1488)
==18368==    by 0x45EE655: gog_object_update (gog-object.c:1481)
==18368==    by 0x45EE655: gog_object_update (gog-object.c:1481)
==18368==    by 0x45EE655: gog_object_update (gog-object.c:1481)
==18368==    by 0x45F6D4C: cb_graph_idle (gog-graph.c:647)
==18368==    by 0x4CDF1E0: g_idle_dispatch (gmain.c:4090)
==18368==    by 0x4CE0DD5: g_main_context_dispatch (gmain.c:2012)
==18368==    by 0x4CE4192: g_main_context_iterate (gmain.c:2645)
==18368==    by 0x4CE4576: g_main_loop_run (gmain.c:2853)
==18368==    by 0x4C30A92: bonobo_main (in /usr/lib/libbonobo-2.so.0.0.0)
==18368==    by 0x804C484: main (main-application.c:473)
==18368==  Address 0x8d381a8 is 0 bytes after a block of size 8 alloc'd
==18368==    at 0x4021BDE: calloc (vg_replace_malloc.c:397)
==18368==    by 0x4CE8D54: g_malloc0 (gmem.c:151)
==18368==    by 0x802A8A5: gog_probability_plot_series_update (gog-probability-plot.c:434)
==18368==    by 0x45EE6EE: gog_object_update (gog-object.c:1488)
==18368==    by 0x45EE655: gog_object_update (gog-object.c:1481)
==18368==    by 0x45EE655: gog_object_update (gog-object.c:1481)
==18368==    by 0x45EE655: gog_object_update (gog-object.c:1481)
==18368==    by 0x45F6D4C: cb_graph_idle (gog-graph.c:647)
==18368==    by 0x4CDF1E0: g_idle_dispatch (gmain.c:4090)
==18368==    by 0x4CE0DD5: g_main_context_dispatch (gmain.c:2012)
==18368==    by 0x4CE4192: g_main_context_iterate (gmain.c:2645)
==18368==    by 0x4CE4576: g_main_loop_run (gmain.c:2853)

Comment 1 Jean Bréfort 2008-10-06 06:04:03 UTC

Thanks for the report. Fixed.