After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 706413 - Out-of-bounds read on a fuzzed .pln file
Out-of-bounds read on a fuzzed .pln file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export other
git master
Other Linux
: Normal critical
: ---
Assigned To: Morten Welinder
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2013-08-20 15:31 UTC by jutaky
Modified: 2013-08-20 17:26 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2013-08-20 15:31:05 UTC 
Out-of-bounds read on a fuzzed .pln file.

Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_6844_1122.pln

==4562== Invalid read of size 1
==4562==    at 0x1872ECB1: pln_convert_expr (pln.c:326)
==4562==    by 0x1872FA3B: pln_parse_sheet (pln.c:625)
==4562==    by 0x1872FC17: pln_file_open (pln.c:675)
==4562==    by 0x5451959: go_plugin_loader_module_func_file_open (go-plugin-loader-module.c:282)
==4562==    by 0x5453860: go_plugin_file_opener_open (go-plugin-service.c:685)
==4562==    by 0x54564E1: go_file_opener_open (file.c:417)
==4562==    by 0x4FF1EC2: workbook_view_new_from_input (workbook-view.c:1277)
==4562==    by 0x4FF208C: workbook_view_new_from_uri (workbook-view.c:1337)
==4562==    by 0x4048BB: convert (ssconvert.c:696)
==4562==    by 0x404F87: main (ssconvert.c:860)
==4562==  Address 0x41d8000 is not stack'd, malloc'd or (recently) free'd

--
Juha Kylmänen
Research Assistant, OUSPG

ps. thanks for the credit again!
Comment 1 Morten Welinder 2013-08-20 17:26:05 UTC 
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.

Not a widely used plugin.