Bug 157045 – Crash when undeleting columns in a sheet with a chart object

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 157045 - Crash when undeleting columns in a sheet with a chart object


Summary:	Crash when undeleting columns in a sheet with a chart object


Status:	RESOLVED FIXED

Product:	Gnumeric
Classification:	Applications
Component:	General
Version:	git master
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Jody Goldberg
QA Contact:	Jody Goldberg

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2004-11-01 16:11 UTC by Emmanuel Pacaud
Modified:	2004-12-22 21:47 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Sample file (3.08 KB, application/octet-stream) 2004-11-01 16:11 UTC, Emmanuel Pacaud	Details

Description Emmanuel Pacaud 2004-11-01 16:11:03 UTC

* Open the attached file
* Remove columns C D E
* Undo

-> crash

Sometimes it takes two times before crash.

Program received signal SIGSEGV, Segmentation fault.

+ Trace 51537

Thread 1088607648 (LWP 19522)

#0 dependents_unrelocate
at dependent.c line 1496
#1 cmd_ins_del_colrow_undo
at commands.c line 1263
#2 command_undo
at commands.c line 476
#3 cb_undo_activated
at wbc-gtk.c line 438
#4 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#5 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#6 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#7 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#8 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#9 _gtk_action_emit_activate
from /usr/lib/libgtk-x11-2.0.so.0
#10 gtk_action_activate
from /usr/lib/libgtk-x11-2.0.so.0
#11 cb_tool_popped
at go-action-combo-stack.c line 290
#12 g_cclosure_marshal_VOID__POINTER
from /usr/lib/libgobject-2.0.so.0
#13 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#14 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#15 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#16 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#17 cb_button_clicked
#18 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#19 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#20 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#21 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#22 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#23 gtk_button_clicked
from /usr/lib/libgtk-x11-2.0.so.0
#24 gtk_toggle_button_get_inconsistent
from /usr/lib/libgtk-x11-2.0.so.0
#25 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#26 g_cclosure_new_swap
from /usr/lib/libgobject-2.0.so.0
#27 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#28 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#29 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#30 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#31 gtk_button_released
from /usr/lib/libgtk-x11-2.0.so.0
#32 _gtk_button_paint
from /usr/lib/libgtk-x11-2.0.so.0
#33 _gtk_marshal_BOOLEAN__BOXED
from /usr/lib/libgtk-x11-2.0.so.0
#34 g_cclosure_new_swap
from /usr/lib/libgobject-2.0.so.0
#35 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#36 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#37 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#38 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#39 gtk_widget_send_expose
from /usr/lib/libgtk-x11-2.0.so.0
#40 gtk_propagate_event
from /usr/lib/libgtk-x11-2.0.so.0
#41 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#42 _gdk_events_queue
from /usr/lib/libgdk-x11-2.0.so.0
#43 g_main_depth
from /usr/lib/libglib-2.0.so.0
#44 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#45 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#46 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#47 bonobo_main
from /usr/lib/libbonobo-2.so.0
#48 main
at main-application.c line 358
#0 dependents_unrelocate
at dependent.c line 1496
#1 cmd_ins_del_colrow_undo
at commands.c line 1263
#2 command_undo
at commands.c line 476
#3 cb_undo_activated
at wbc-gtk.c line 438
#4 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#5 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#6 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#7 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#8 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#9 _gtk_action_emit_activate
from /usr/lib/libgtk-x11-2.0.so.0
#10 gtk_action_activate
from /usr/lib/libgtk-x11-2.0.so.0
#11 cb_tool_popped
at go-action-combo-stack.c line 290
#12 g_cclosure_marshal_VOID__POINTER
from /usr/lib/libgobject-2.0.so.0
#13 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#14 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#15 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#16 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#17 cb_button_clicked
#18 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#19 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#20 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#21 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#22 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#23 gtk_button_clicked
from /usr/lib/libgtk-x11-2.0.so.0
#24 gtk_toggle_button_get_inconsistent
from /usr/lib/libgtk-x11-2.0.so.0
#25 g_cclosure_marshal_VOID__VOID
from /usr/lib/libgobject-2.0.so.0
#26 g_cclosure_new_swap
from /usr/lib/libgobject-2.0.so.0
#27 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#28 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#29 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#30 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#31 gtk_button_released
from /usr/lib/libgtk-x11-2.0.so.0
#32 _gtk_button_paint
from /usr/lib/libgtk-x11-2.0.so.0
#33 _gtk_marshal_BOOLEAN__BOXED
from /usr/lib/libgtk-x11-2.0.so.0
#34 g_cclosure_new_swap
from /usr/lib/libgobject-2.0.so.0
#35 g_closure_invoke
from /usr/lib/libgobject-2.0.so.0
#36 g_signal_emit_by_name
from /usr/lib/libgobject-2.0.so.0
#37 g_signal_emit_valist
from /usr/lib/libgobject-2.0.so.0
#38 g_signal_emit
from /usr/lib/libgobject-2.0.so.0
#39 gtk_widget_send_expose
from /usr/lib/libgtk-x11-2.0.so.0
#40 gtk_propagate_event
from /usr/lib/libgtk-x11-2.0.so.0
#41 gtk_main_do_event
from /usr/lib/libgtk-x11-2.0.so.0
#42 _gdk_events_queue
from /usr/lib/libgdk-x11-2.0.so.0
#43 g_main_depth
from /usr/lib/libglib-2.0.so.0
#44 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#45 g_main_context_dispatch
from /usr/lib/libglib-2.0.so.0
#46 g_main_loop_run
from /usr/lib/libglib-2.0.so.0
#47 bonobo_main
from /usr/lib/libbonobo-2.so.0
#48 main
at main-application.c line 358

Comment 1 Emmanuel Pacaud 2004-11-01 16:11:41 UTC

Created attachment 33313 [details]
Sample file

Comment 2 Morten Welinder 2004-11-01 16:25:44 UTC

      UMR: Uninitialized memory read (2 times)
      This is occurring while in:
            dependents_unrelocate [dependent.c:1496 pc=0xd5000]
            cmd_ins_del_colrow_undo [commands.c:1263 pc=0xb1ff0]
            command_undo   [commands.c:476 pc=0xaf4b8]
      Reading 4 bytes from 0xabe0f4 in the heap.
      Address 0xabe0f4 is 12 bytes into a malloc'd block at 0xabe0e8 of 24 bytes.
      This block was allocated from:
            malloc         [rtlib.o pc=0x730f8]
            g_malloc       [gmem.c:137 pc=0xfa3c5a4c]
            dependents_relocate [dependent.c:1666 pc=0xd5cf8]
            sheet_delete_cols [sheet.c:3269 pc=0x1864cc]
            cmd_ins_del_colrow_redo [commands.c:1348 pc=0xb261c]
            command_push_undo [commands.c:762 pc=0xaff9c]
            cmd_ins_del_colrow [commands.c:1441 pc=0xb2b48]

Comment 3 Emmanuel Pacaud 2004-11-01 21:19:01 UTC

Fixed in CVS.