GNOME Bugzilla – Bug 706526
Null pointer segfault on an invalid UTF8 character on html2tex
Last modified: 2013-08-22 06:07:29 UTC
Null pointer segfault on an invalid UTF8 character on html2tex conversion. Git versions of glib, goffice, gnumeric, libgsf and libxml2. Test case: http://jutaky.com/fuzzing/gnumeric_case_19784_236614.2tex.min.html "ssconvert gnumeric_case_19784_236614.2tex.min.html out.tex": ==23416== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4e2db1595a sp 0x7fffc2fdc7c0 bp 0x7fffc2fdc7f0 T0) AddressSanitizer can not provide additional info. #0 0x7f4e2db15959 in latex_fputs_latin /gnumeric/plugins/html/latex.c:330 (discriminator 1) #1 0x7f4e2db15b7c in latex_fputs /gnumeric/plugins/html/latex.c:415 #2 0x7f4e2db1a60f in latex2e_table_write_cell /gnumeric/plugins/html/latex.c:1528 #3 0x7f4e2db1a850 in latex_table_file_save /gnumeric/plugins/html/latex.c:1600 #4 0x7f4e4da0c0f7 in go_plugin_loader_module_func_file_save /goffice/goffice/app/go-plugin-loader-module.c:366 #5 0x7f4e4da10e6b in go_plugin_file_saver_save /goffice/goffice/app/go-plugin-service.c:948 (discriminator 1) #6 0x7f4e4da16e33 in go_file_saver_save /goffice/goffice/app/file.c:848 #7 0x7f4e4e3862ad in wbv_save_to_output /gnumeric/src/workbook-view.c:1055 #8 0x7f4e4e38650f in wb_view_save_to_uri /gnumeric/src/workbook-view.c:1092 #9 0x7f4e4e38681d in wb_view_save_as /gnumeric/src/workbook-view.c:1128 #10 0x406473 in convert /gnumeric/src/ssconvert.c:788 #11 0x406893 in main /gnumeric/src/ssconvert.c:860 #12 0x7f4e495dca14 in __libc_start_main ??:? #13 0x403708 in _start ??:? ==23416== ABORTING -- Juha Kylmänen Research Assistant, OUSPG
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.