After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 704004 - Segfault in gnm_style_cmp when exporting to xls
Segfault in gnm_style_cmp when exporting to xls
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other Linux
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2013-07-11 13:44 UTC by jutaky
Modified: 2013-07-16 03:05 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2013-07-11 13:44:54 UTC 
Segfault in gnm_style_cmp when exporting to xls.

Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_29268_4774_2xls.gnumeric

Segfault triggered by opening the test case with gnumeric and using Save As and saving as xls.

Alternatively running "ssconvert gnumeric_case_29268_4774_2xls.gnumeric out.xls".

Backtrace from ssconvert:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff794b6bb in gnm_style_cmp (a=0x8a0530, b=0x2563890) at mstyle.c:1033
1033			CMP_TRY_NUMBER_RAW(ba->line_type, bb->line_type);
(gdb) bt

+ Trace 232225

  • #0 gnm_style_cmp
    at mstyle.c line 1033
  • #1 g_slist_sort_merge
    at gslist.c line 1014
  • #2 g_slist_sort_real
    at gslist.c line 1056
  • #3 g_slist_sort_real
    at gslist.c line 1056
  • #4 g_slist_sort_real
    at gslist.c line 1056
  • #5 g_slist_sort_real
    at gslist.c line 1056
  • #6 g_slist_sort_real
    at gslist.c line 1056
  • #7 g_slist_sort_real
    at gslist.c line 1056
  • #8 g_slist_sort_real
    at gslist.c line 1056
  • #9 g_slist_sort
    at gslist.c line 1079
  • #10 sheet_style_foreach
    at sheet-style.c line 3098
  • #11 gather_styles
    at ms-excel-write.c line 2596
  • #12 pre_pass
    at ms-excel-write.c line 5642
  • #13 excel_write_state_new
    at ms-excel-write.c line 6491
  • #14 excel_save
    at boot.c line 266
  • #15 excel_biff8_file_save
    at boot.c line 322
  • #16 go_plugin_loader_module_func_file_save
    at app/go-plugin-loader-module.c line 366
  • #17 go_plugin_file_saver_save
    at app/go-plugin-service.c line 948
  • #18 go_file_saver_save
    at app/file.c line 848
  • #19 wbv_save_to_output
    at workbook-view.c line 1050
  • #20 wb_view_save_to_uri
    at workbook-view.c line 1087
  • #21 wb_view_save_as
    at workbook-view.c line 1123
  • #22 convert
    at ssconvert.c line 788
  • #23 main
    at ssconvert.c line 855 

--
Juha Kylmänen
Research Assistant, OUSPG

ps. I would greatly appreciate, if I could get my name with the OUSPG note in the release announcement of 1.12.4. And of course, thanks for the credit!
Comment 1 Morten Welinder 2013-07-16 03:05:07 UTC 
> name
Done.

This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.