Bug 749919 – Hang / undefined-behavior, signed integer overflow ranges.c:633

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 749919 - Hang / undefined-behavior, signed integer overflow ranges.c:633


Summary:	Hang / undefined-behavior, signed integer overflow ranges.c:633


Status:	RESOLVED FIXED

Product:	Gnumeric
Classification:	Applications
Component:	import/export MS Excel (tm)
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Jody Goldberg
QA Contact:	Jody Goldberg

URL:	http://jutaky.com/fuzzing/gnumeric_ca...
Whiteboard:

Depends on:
Blocks:

Reported:	2015-05-26 17:16 UTC by jutaky
Modified:	2015-05-28 12:26 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description jutaky 2015-05-26 17:16:18 UTC

Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_26652_3899.xls

$ ssconvert gnumeric_case_26652_3899.xls /tmp/out.gnumeric

ranges.c:633:9: runtime error: signed integer overflow: 1759275499 - -1581722716 cannot be represented in type 'int'
SUMMARY: AddressSanitizer: undefined-behavior ranges.c:633 

Also, when the test case is opened using Gnumeric (release version), Gnumeric appears to hang.

CPU usage is constant 100% until killed.

--
Juha Kylmänen

Comment 1 Morten Welinder 2015-05-28 12:26:03 UTC

This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.