After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 748477 - Crash (SIGABRT) on exporting to .xlsx
Crash (SIGABRT) on exporting to .xlsx
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other Linux
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2015-04-26 08:53 UTC by jutaky
Modified: 2015-04-26 16:10 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2015-04-26 08:53:45 UTC 
Git versions of glib, goffice, gnumeric, libgsf and libxml2.

A fuzzed test case: http://jutaky.com/fuzzing/gnumeric_case_7145_256.gnumeric

Open the file using Gnumeric and save as MS Excel 2010 (.xlsx) and Gnumeric crashes.

Alternatively "ssconvert gnumeric_case_7145_256.gnumeric /tmp/out.xlsx".

Trace from ssconvert:

Program received signal SIGABRT, Aborted.
0x00007ffff07944b7 in raise () from /usr/lib/libc.so.6
(gdb) bt

+ Trace 235002

  • #0 raise
    from /usr/lib/libc.so.6
  • #1 abort
    from /usr/lib/libc.so.6
  • #2 g_assertion_message
    at gtestutils.c line 2356
  • #3 g_assertion_message_expr
    at gtestutils.c line 2371
  • #4 value_get_as_gstring
    at value.c line 989
  • #5 value_get_as_string
    at value.c line 1005
  • #6 value_peek_string
    at value.c line 1028
  • #7 xlsx_write_shared_strings
    at xlsx-write.c line 518
  • #8 xlsx_write_workbook
    at xlsx-write.c line 3097
  • #9 xlsx2_file_save
    at xlsx-write.c line 3259
  • #10 go_plugin_loader_module_func_file_save
    at app/go-plugin-loader-module.c line 366
  • #11 go_plugin_file_saver_save
    at app/go-plugin-service.c line 948
  • #12 go_file_saver_save
    at app/file.c line 848
  • #13 wbv_save_to_output
    at workbook-view.c line 1059
  • #14 wb_view_save_to_uri
    at workbook-view.c line 1093
  • #15 wb_view_save_as
    at workbook-view.c line 1129
  • #16 convert
    at ssconvert.c line 831
  • #17 main
    at ssconvert.c line 903 

--
Juha Kylmänen
Comment 1 Morten Welinder 2015-04-26 15:58:31 UTC 
Confirmed.  First valgrind event is...

==6035== Invalid read of size 8
==6035==    at 0x14D2C094: xlsx_write_shared_strings (xlsx-write.c:514)
==6035==    by 0x14D3C204: xlsx_write_workbook (xlsx-write.c:3097)
==6035==    by 0x14D3CA6B: xlsx2_file_save (xlsx-write.c:3259)
==6035==    by 0x541B875: go_plugin_file_saver_save (go-plugin-service.c:948)
==6035==    by 0x4F9AFEC: wbv_save_to_output (workbook-view.c:1059)
==6035==    by 0x4F9B0F6: wb_view_save_to_uri (workbook-view.c:1093)
==6035==    by 0x4F9B300: wb_view_save_as (workbook-view.c:1129)
==6035==    by 0x4047A9: convert (ssconvert.c:831)
==6035==    by 0x403AD6: main (ssconvert.c:903)
==6035==  Address 0x14966668 is 8 bytes inside a block of size 24 free'd
==6035==    at 0x4C28ADC: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6035==    by 0x8B6B8D4: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
==6035==    by 0x8B6BA26: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
==6035==    by 0x14D2BF97: xlsx_shared_string (xlsx-write.c:481)
==6035==    by 0x14D2F1DC: xlsx_write_cells (xlsx-write.c:1667)
==6035==    by 0x14D39907: xlsx_write_sheet (xlsx-write.c:2892)
==6035==    by 0x14D3C1B4: xlsx_write_workbook (xlsx-write.c:3093)
==6035==    by 0x14D3CA6B: xlsx2_file_save (xlsx-write.c:3259)
==6035==    by 0x541B875: go_plugin_file_saver_save (go-plugin-service.c:948)
==6035==    by 0x4F9AFEC: wbv_save_to_output (workbook-view.c:1059)
==6035==    by 0x4F9B0F6: wb_view_save_to_uri (workbook-view.c:1093)
==6035==    by 0x4F9B300: wb_view_save_as (workbook-view.c:1129)
==6035==    by 0x4047A9: convert (ssconvert.c:831)
==6035==    by 0x403AD6: main (ssconvert.c:903)


There are earlier criticals.  First one is...

+ Trace 235004

  • #0 g_log
    from /usr/lib64/libglib-2.0.so.0
  • #1 go_format_get_markup
    at utils/go-format.c line 587
  • #2 xlsx_write_cells
    at xlsx-write.c line 1710
  • #3 xlsx_write_sheet
    at xlsx-write.c line 2892
  • #4 xlsx_write_workbook
    at xlsx-write.c line 3093
  • #5 xlsx2_file_save
    at xlsx-write.c line 3259 






Comment 2


Morten Welinder





          2015-04-26 16:06:38 UTC
        



Crash fixed; criticals remain.






Comment 3


Morten Welinder





          2015-04-26 16:10:21 UTC
        



This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.