After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 748493 - Crash in ssconvert on a fuzzed .gnumeric file
Crash in ssconvert on a fuzzed .gnumeric file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: General
git master
Other Linux
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2015-04-26 19:34 UTC by jutaky
Modified: 2015-05-06 20:44 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2015-04-26 19:34:24 UTC 
Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2.

Seems to crash in a GTK file, but here's the test case for diagnosis as I don't know the details of the crash.

Test case: http://jutaky.com/fuzzing/gnumeric_4133_908.gnumeric

ssconvert gnumeric_4133_908.gnumeric /tmp/out.gnumeric

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff2764ee0 in _gtk_settings_get_style_cascade (settings=0x0, scale=1) at gtksettings.c:1757
1757	  GtkSettingsPrivate *priv = settings->priv;
(gdb) bt

+ Trace 235005

  • #0 _gtk_settings_get_style_cascade
    at gtksettings.c line 1757
  • #1 gtk_style_context_init
    at gtkstylecontext.c line 340
  • #2 g_type_create_instance
    at gtype.c line 1870
  • #3 g_object_new_internal
    at gobject.c line 1774
  • #4 g_object_newv
    at gobject.c line 1921
  • #5 g_object_new
    at gobject.c line 1614
  • #6 gtk_style_context_new
    at gtkstylecontext.c line 555
  • #7 _gtk_style_new_for_path
    at deprecated/gtkstyle.c line 853
  • #8 gtk_style_new
    at deprecated/gtkstyle.c line 887
  • #9 gtk_widget_get_default_style
    at deprecated/gtkstyle.c line 4057
  • #10 gtk_widget_init
    at gtkwidget.c line 4519
  • #11 g_type_create_instance
    at gtype.c line 1864
  • #12 g_object_new_internal
    at gobject.c line 1774
  • #13 g_object_newv
    at gobject.c line 1921
  • #14 g_object_new
    at gobject.c line 1614
  • #15 go_emf_init
    at utils/go-emf.c line 192
  • #16 g_type_create_instance
    at gtype.c line 1870
  • #17 g_object_new_internal
    at gobject.c line 1774
  • #18 g_object_newv
    at gobject.c line 1921
  • #19 g_object_new
    at gobject.c line 1614
  • #20 go_doc_image_fetch
    at app/go-doc.c line 679
  • #21 gnm_soi_assign_to_sheet
    at sheet-object-image.c line 509
  • #22 sheet_object_set_sheet
    at sheet-object.c line 577
  • #23 gnm_xml_finish_obj
    at xml-sax-read.c line 439
  • #24 xml_sax_object_end
    at xml-sax-read.c line 2455
  • #25 gsf_xml_in_end_element
    at gsf-libxml.c line 863
  • #26 xmlParseEndTag1
    at parser.c line 8747
  • #27 xmlParseElement__internal_alias
    at parser.c line 10191
  • #28 xmlParseContent__internal_alias
    at parser.c line 9990
  • #29 xmlParseElement__internal_alias
    at parser.c line 10163
  • #30 xmlParseContent__internal_alias
    at parser.c line 9990
  • #31 xmlParseElement__internal_alias
    at parser.c line 10163
  • #32 xmlParseContent__internal_alias
    at parser.c line 9990
  • #33 xmlParseElement__internal_alias
    at parser.c line 10163
  • #34 xmlParseContent__internal_alias
    at parser.c line 9990
  • #35 xmlParseElement__internal_alias
    at parser.c line 10163
  • #36 xmlParseDocument__internal_alias
    at parser.c line 10849
  • #37 gsf_xml_in_doc_parse
    at gsf-libxml.c line 1338
  • #38 read_file_common
    at xml-sax-read.c line 3383
  • #39 gnm_xml_file_open
    at xml-sax-read.c line 3512
  • #40 go_file_opener_open_real
    at app/file.c line 159
  • #41 go_file_opener_open
    at app/file.c line 417
  • #42 workbook_view_new_from_input
    at workbook-view.c line 1278
  • #43 workbook_view_new_from_uri
    at workbook-view.c line 1337
  • #44 convert
    at ssconvert.c line 715
  • #45 main
    at ssconvert.c line 903 

--
Juha Kylmänen
Comment 1 Morten Welinder 2015-04-27 02:30:12 UTC 
I don't see the crash, not do I see any valgrind errors.

However, I do see a pile of gtk criticals stemming from the fact we try
to create a widget without a display.  The trace for that is...

+ Trace 235007

  • #0 g_log
    at /build/buildd/glib2.0-2.40.2/./glib/gmessages.c line 1067
  • #1 g_return_if_fail_warning
  • #2 _gtk_style_cascade_get_for_screen
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/gtkstylecascade.c line 318
  • #3 gtk_style_context_init
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/gtkstylecontext.c line 729
  • #4 g_type_create_instance
    at /build/buildd/glib2.0-2.40.2/./gobject/gtype.c line 1868
  • #5 g_object_new_internal
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1724
  • #6 g_object_newv
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1868
  • #7 g_object_new
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1568
  • #8 gtk_style_context_new
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/gtkstylecontext.c line 1126
  • #9 _gtk_style_new_for_path
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/deprecated/gtkstyle.c line 847
  • #10 gtk_style_new
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/deprecated/gtkstyle.c line 881
  • #11 gtk_widget_get_default_style
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/deprecated/gtkstyle.c line 4056
  • #12 gtk_widget_init
    at /tmp/buildd/gtk+3.0-3.10.8~8+qiana/./gtk/gtkwidget.c line 3984
  • #13 g_type_create_instance
    at /build/buildd/glib2.0-2.40.2/./gobject/gtype.c line 1862
  • #14 g_object_new_internal
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1724
  • #15 g_object_newv
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1868
  • #16 g_object_new
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1568
  • #17 go_emf_init
    at utils/go-emf.c line 192
  • #18 g_type_create_instance
    at /build/buildd/glib2.0-2.40.2/./gobject/gtype.c line 1868
  • #19 g_object_new_internal
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1724
  • #20 g_object_newv
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1868
  • #21 g_object_new
    at /build/buildd/glib2.0-2.40.2/./gobject/gobject.c line 1568
  • #22 go_doc_image_fetch
    at app/go-doc.c line 679
  • #23 gnm_soi_assign_to_sheet
    at sheet-object-image.c line 509
  • #24 sheet_object_set_sheet
    at sheet-object.c line 577
  • #25 gnm_xml_finish_obj
    at xml-sax-read.c line 439
  • #26 xml_sax_object_end
    at xml-sax-read.c line 2455 

Jean: should we disable emf when we don't have a display?
Comment 2 Jean Bréfort 2015-04-27 06:27:23 UTC 
It does not crash for me with Gtk+-3.14.5. I still get the criticals. Disabling emf (actually wmf in the present case) does not looks a good idea if you want to export images to, say, PDF format.
The solution might be to have two canvas types, one deriving from a widget, and the other from just GObject, but this looks like an API break.
Comment 3 Morten Welinder 2015-04-27 11:52:37 UTC 
I agree that [ew]mf->pdf ought to work, but given that it currently
doesn't seem to, can we isolate it when we cannot create a canvas, i.e.,
when we don't have a screen.

I would rather say "sorry, that feature only works in the gui for the time
being" than having an avalanche of criticals or, evidently, a crash inside
gtk+.
Comment 4 Jean Bréfort 2015-04-27 13:55:50 UTC 
We can create a canvas without a screen. Just gtk+ emits a lot of criticals.
Comment 5 Morten Welinder 2015-04-27 17:22:26 UTC 
> Just gtk+ emits a lot of criticals.

That's true for my gtk+ and your gtk+.  For git HEAD gtk+ we have a crash.
Comment 6 Jean Bréfort 2015-04-27 17:57:57 UTC 
A crash with Gtk+ HEAD, but not with stable versions looks like a Gtk+ bug.
Comment 7 Morten Welinder 2015-04-27 20:38:18 UTC 
The rules aren't terribly clear, but I think they way we initialize gtk+
in ssconvert means we should not create widgets.  After the first critical
we're on our own.

In any case, the chances of this being fixed in gtk+ are slim.
Comment 8 Jean Bréfort 2015-04-28 06:30:31 UTC 
OK, we need a widgetless canvas, but that will have to wait until goffice-0.12. For now we might disable wmf support and the like.
Comment 9 Jean Bréfort 2015-04-28 11:55:21 UTC 
We still get a critical (from GODoc::load_image_data()), but it is harmless.

This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.
Comment 10 jutaky 2015-04-28 16:03:34 UTC 
While the original case no longer crashes, here is another one which still crashes at gtksettings.c:1757.

http://jutaky.com/fuzzing/gnumeric_case_4206_575.xls

ssconvert gnumeric_case_4206_575.xls /tmp/out.gnumeric

==20698==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7f397a9bc18f sp 0x7ffc33718f80 bp 0x7ffc33718fc0 T0)
    #0 0x7f397a9bc18e in _gtk_settings_get_style_cascade gnumeric/gtk/gtk/gtksettings.c:1757
    #1 0x7f397aa01775 in gtk_style_context_init gnumeric/gtk/gtk/gtkstylecontext.c:340
    #2 0x7f397794bcd6 in g_type_create_instance gnumeric/glib/gobject/gtype.c:1870
    #3 0x7f3977932b81 in g_object_new_internal gnumeric/glib/gobject/gobject.c:1774
    #4 0x7f397793308f in g_object_newv gnumeric/glib/gobject/gobject.c:1921
    #5 0x7f3977932732 in g_object_new gnumeric/glib/gobject/gobject.c:1614
    #6 0x7f397aa02e11 in gtk_style_context_new gnumeric/gtk/gtk/gtkstylecontext.c:555
    #7 0x7f397a20b2b1 in _gtk_style_new_for_path deprecated/gtkstyle.c:853
    #8 0x7f397a20b434 in gtk_style_new deprecated/gtkstyle.c:887
    #9 0x7f397a21a051 in gtk_widget_get_default_style deprecated/gtkstyle.c:4057
    #10 0x7f397ac8ca0a in gtk_widget_init gnumeric/gtk/gtk/gtkwidget.c:4519
    #11 0x7f397794bc94 in g_type_create_instance gnumeric/glib/gobject/gtype.c:1864
    #12 0x7f3977932b81 in g_object_new_internal gnumeric/glib/gobject/gobject.c:1774
    #13 0x7f397793308f in g_object_newv gnumeric/glib/gobject/gobject.c:1921
    #14 0x7f3977932732 in g_object_new gnumeric/glib/gobject/gobject.c:1614
    #15 0x7f397d9d9b19 in go_emf_init utils/go-emf.c:192
    #16 0x7f397794bcd6 in g_type_create_instance gnumeric/glib/gobject/gtype.c:1870
    #17 0x7f3977932b81 in g_object_new_internal gnumeric/glib/gobject/gobject.c:1774
    #18 0x7f397793308f in g_object_newv gnumeric/glib/gobject/gobject.c:1921
    #19 0x7f3977932732 in g_object_new gnumeric/glib/gobject/gobject.c:1614
    #20 0x7f397d9da7d2 in go_emf_new_from_data utils/go-emf.c:271
    #21 0x7f397d9d0103 in go_image_new_from_data utils/go-image.c:662
    #22 0x7f397e630cf2 in sheet_object_image_set_image gnumeric/gnumeric/src/sheet-object-image.c:146
    #23 0x7f39589a9264 in ms_sheet_realize_obj gnumeric/gnumeric/plugins/excel/ms-excel-read.c:665
    #24 0x7f3958992845 in ms_container_realize_objs gnumeric/gnumeric/plugins/excel/ms-container.c:167
    #25 0x7f39589eada3 in excel_read_BOF gnumeric/gnumeric/plugins/excel/ms-excel-read.c:7059
    #26 0x7f39589ec080 in excel_read_workbook gnumeric/gnumeric/plugins/excel/ms-excel-read.c:7164
    #27 0x7f3958985c38 in excel_enc_file_open gnumeric/gnumeric/plugins/excel/boot.c:193
    #28 0x7f3958986517 in excel_file_open gnumeric/gnumeric/plugins/excel/boot.c:273
    #29 0x7f397d7e32df in go_plugin_loader_module_func_file_open app/go-plugin-loader-module.c:282
    #30 0x7f397d7e942a in go_plugin_file_opener_open app/go-plugin-service.c:685
    #31 0x7f397d7f1480 in go_file_opener_open app/file.c:417
    #32 0x7f397e6ce4aa in workbook_view_new_from_input gnumeric/gnumeric/src/workbook-view.c:1278
    #33 0x7f397e6ce944 in workbook_view_new_from_uri gnumeric/gnumeric/src/workbook-view.c:1337
    #34 0x4080cb in convert gnumeric/gnumeric/src/ssconvert.c:715
    #35 0x409439 in main gnumeric/gnumeric/src/ssconvert.c:903
    #36 0x7f3976e107ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #37 0x4040f8 in _start (apps/bin/ssconvert+0x4040f8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV gnumeric/gtk/gtk/gtksettings.c:1757 _gtk_settings_get_style_cascade
==20698==ABORTING
Comment 11 Jean Bréfort 2015-04-28 16:46:22 UTC 
I see. Should be easy to fix.
Comment 12 Jean Bréfort 2015-04-28 16:50:27 UTC 
Hopefully fixed, try again.
Comment 13 jutaky 2015-05-06 17:19:55 UTC 
The second test case is still crashing. But the nature of the crash seems to be different. Only conversion to .gnumeric causes this crash and the trace is different:

ssconvert gnumeric_case_4206_575.xls /tmp/out.gnumeric

==8837==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000009 (pc 0x7f2e39cc520a sp 0x7ffcbbdca0d8 bp 0x7ffcbbdca110 T0)
    #0 0x7f2e39cc5209 in __GI_strlen (/usr/lib/libc.so.6+0x80209)
    #1 0x7f2e41ff29d5 in strlen (/usr/lib/libasan.so.1+0x339d5)
    #2 0x7f2e3a27c41a in g_strdup gnumeric/glib/glib/gstrfuncs.c:355
    #3 0x7f2e3b5c7cb1 (/usr/lib/libgdk_pixbuf-2.0.so.0+0xacb1)
    #4 0x7f2e3b5cb4eb in gdk_pixbuf_save_to_buffer (/usr/lib/libgdk_pixbuf-2.0.so.0+0xe4eb)
    #5 0x7f2e4082f57f in go_pixbuf_save utils/go-pixbuf.c:93
    #6 0x7f2e4082d911 in go_image_save utils/go-image.c:773
    #7 0x7f2e4062baf7 in save_image_cb app/go-doc.c:501
    #8 0x7f2e3a245c2e in g_hash_table_foreach gnumeric/glib/glib/ghash.c:1607
    #9 0x7f2e4062bca9 in go_doc_write app/go-doc.c:511
    #10 0x7f2e415acd9c in gnm_xml_file_save_full gnumeric/gnumeric/src/xml-sax-write.c:1523
    #11 0x7f2e415ad069 in gnm_xml_file_save gnumeric/gnumeric/src/xml-sax-write.c:1555
    #12 0x7f2e4064e754 in go_file_saver_save_real app/file.c:577
    #13 0x7f2e406503ec in go_file_saver_save app/file.c:848
    #14 0x7f2e415297bc in wbv_save_to_output gnumeric/gnumeric/src/workbook-view.c:1059
    #15 0x7f2e41529c76 in wb_view_save_to_uri gnumeric/gnumeric/src/workbook-view.c:1093
    #16 0x7f2e4152a1e8 in wb_view_save_as gnumeric/gnumeric/src/workbook-view.c:1129
    #17 0x408c24 in convert gnumeric/gnumeric/src/ssconvert.c:831
    #18 0x409439 in main gnumeric/gnumeric/src/ssconvert.c:903
    #19 0x7f2e39c657ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #20 0x4040f8 in _start (apps/bin/ssconvert+0x4040f8)


In comparison:

ssconvert gnumeric_case_4206_575.xls /tmp/out.xlsx

Does not crash or misbehave, other than some criticals.
Comment 14 Morten Welinder 2015-05-06 17:43:29 UTC 
==21338== Conditional jump or move depends on uninitialised value(s)
==21338==    at 0x8BA2FDC: g_strdup (in /usr/lib64/libglib-2.0.so.0.3800.2)
==21338==    by 0x836B5A1: ??? (in /usr/lib64/libgdk_pixbuf-2.0.so.0.3000.1)
==21338==    by 0x836E82C: gdk_pixbuf_save_to_buffer (in /usr/lib64/libgdk_pixbuf-2.0.so.0.3000.1)
==21338==    by 0x54A75EC: go_pixbuf_save (go-pixbuf.c:93)
==21338==    by 0x54A6724: go_image_save (go-image.c:773)
==21338==    by 0x8B7650F: g_hash_table_foreach (in /usr/lib64/libglib-2.0.so.0.3800.2)
==21338==    by 0x54177BF: go_doc_write (go-doc.c:511)
==21338==    by 0x4FBD43A: gnm_xml_file_save_full.isra.23 (xml-sax-write.c:1523)
==21338==    by 0x4F9B65C: wbv_save_to_output (workbook-view.c:1059)
==21338==    by 0x4F9B766: wb_view_save_to_uri (workbook-view.c:1093)
==21338==    by 0x4F9B970: wb_view_save_as (workbook-view.c:1129)
==21338==    by 0x4047A9: convert (ssconvert.c:831)
==21338==    by 0x403AD6: main (ssconvert.c:903)
==21338==  Uninitialised value was created by a stack allocation
==21338==    at 0x54A7500: go_pixbuf_save (go-pixbuf.c:86)
Comment 15 Jean Bréfort 2015-05-06 17:47:53 UTC 
Looks like I missed something whe  fixing #745297. Try again.
Comment 16 Morten Welinder 2015-05-06 18:11:01 UTC 
Same issue after goffice update.
Comment 17 jutaky 2015-05-06 18:18:55 UTC 
Goffice updated and compiled. The issue persist.

Also, here is a fresh case which is very close to the original report at gtksettings.c.

Test case: http://jutaky.com/fuzzing/gnumeric_case_29942_165.2pdf.xls

ssconvert gnumeric_case_29942_165.2pdf.xls /tmp/out.pdf

==24697==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7fa13b586296 sp 0x7fffb84b11b0 bp 0x7fffb84b11f0 T0)
    #0 0x7fa13b586295 in _gtk_settings_get_style_cascade gnumeric/gtk/gtk/gtksettings.c:1755
    #1 0x7fa13b5cb87c in gtk_style_context_init gnumeric/gtk/gtk/gtkstylecontext.c:340
    #2 0x7fa138510cd6 in g_type_create_instance gnumeric/glib/gobject/gtype.c:1870
    #3 0x7fa1384f7b81 in g_object_new_internal gnumeric/glib/gobject/gobject.c:1774
    #4 0x7fa1384f808f in g_object_newv gnumeric/glib/gobject/gobject.c:1921
    #5 0x7fa1384f7732 in g_object_new gnumeric/glib/gobject/gobject.c:1614
    #6 0x7fa13b5ccf18 in gtk_style_context_new gnumeric/gtk/gtk/gtkstylecontext.c:555
    #7 0x7fa13f20608f in get_font gnumeric/gnumeric/src/sheet-object-widget.c:599
    #8 0x7fa13f2067ec in draw_cairo_text gnumeric/gnumeric/src/sheet-object-widget.c:665
    #9 0x7fa13f218e7a in sheet_widget_checkbox_draw_cairo gnumeric/gnumeric/src/sheet-object-widget.c:2719
    #10 0x7fa13f1cece8 in sheet_object_draw_cairo gnumeric/gnumeric/src/sheet-object.c:795
    #11 0x7fa13f32b45d in gnm_print_sheet_objects gnumeric/gnumeric/src/print.c:244
    #12 0x7fa13f32b5f4 in print_page_cells gnumeric/gnumeric/src/print.c:262
    #13 0x7fa13f32e92b in print_page gnumeric/gnumeric/src/print.c:651
    #14 0x7fa13f334303 in gnm_draw_page_cb gnumeric/gnumeric/src/print.c:1433
    #15 0x7fa13b35afe5 in _gtk_marshal_VOID__OBJECT_INT gnumeric/gtk/gtk/gtkmarshalers.c:5252
    #16 0x7fa1384ef347 in g_closure_invoke gnumeric/glib/gobject/gclosure.c:801
    #17 0x7fa13850bf34 in signal_emit_unlocked_R gnumeric/glib/gobject/gsignal.c:3551
    #18 0x7fa13850b287 in g_signal_emit_valist gnumeric/glib/gobject/gsignal.c:3307
    #19 0x7fa13850b7c4 in g_signal_emit gnumeric/glib/gobject/gsignal.c:3363
    #20 0x7fa13b48f34b in common_render_page gnumeric/gtk/gtk/gtkprintoperation.c:2689
    #21 0x7fa13b492042 in print_pages_idle gnumeric/gtk/gtk/gtkprintoperation.c:2898
    #22 0x7fa13a1e515f in gdk_threads_dispatch gnumeric/gtk/gdk/gdk.c:717
    #23 0x7fa137fcaf81 in g_idle_dispatch gnumeric/glib/glib/gmain.c:5397
    #24 0x7fa137fc85eb in g_main_dispatch gnumeric/glib/glib/gmain.c:3122
    #25 0x7fa137fc9419 in g_main_context_dispatch gnumeric/glib/glib/gmain.c:3737
    #26 0x7fa137fc95fe in g_main_context_iterate gnumeric/glib/glib/gmain.c:3808
    #27 0x7fa137fc9a25 in g_main_loop_run gnumeric/glib/glib/gmain.c:4002
    #28 0x7fa13b4935c2 in print_pages gnumeric/gtk/gtk/gtkprintoperation.c:3071
    #29 0x7fa13b4941f6 in gtk_print_operation_run gnumeric/gtk/gtk/gtkprintoperation.c:3248
    #30 0x7fa13f337c3e in gnm_print_sheet gnumeric/gnumeric/src/print.c:1869
    #31 0x7fa13f107399 in pdf_write_workbook gnumeric/gnumeric/src/print-info.c:851
    #32 0x7fa13f107957 in pdf_export gnumeric/gnumeric/src/print-info.c:876
    #33 0x7fa13e3be754 in go_file_saver_save_real app/file.c:577
    #34 0x7fa13e3c03ec in go_file_saver_save app/file.c:848
    #35 0x7fa13f2997bc in wbv_save_to_output gnumeric/gnumeric/src/workbook-view.c:1059
    #36 0x7fa13f299c76 in wb_view_save_to_uri gnumeric/gnumeric/src/workbook-view.c:1093
    #37 0x7fa13f29a1e8 in wb_view_save_as gnumeric/gnumeric/src/workbook-view.c:1129
    #38 0x408c24 in convert gnumeric/gnumeric/src/ssconvert.c:831
    #39 0x409439 in main gnumeric/gnumeric/src/ssconvert.c:903
    #40 0x7fa1379d57ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #41 0x4040f8 in _start (apps/bin/ssconvert+0x4040f8)
Comment 18 Jean Bréfort 2015-05-06 18:24:39 UTC 
Fixed now, just one more critical instead.
Comment 19 jutaky 2015-05-06 18:35:17 UTC 
The first and the second test cases are now ok. But the third case, a conversion to PDF in comment 17, still crashes in gtksettings.c:1755.
Comment 20 Jean Bréfort 2015-05-06 20:44:14 UTC 
We probbly should not try to get a GtkStyleContext when using ssconvert, seems it does not work with recent Gtk+