While using Gnumeric 1.7.8 I noticed that when using any of the mean-tests (those functions under Tools->Statistical Tests->Two Means) Gnumeric would crash hard (with a segmentation fault).

I am using Gnumeric for some statistical analysis on a university project, so I needed this to work. Hence, I downloaded the source and debugged (source looks quite tidy by the way, good work Jody, et al. :)).

Anyway, the problem was somewhat tricky to find, but the fix is straightforward. The following is regarding src/dialogs/dialog-analysis-tools.c:
===============================================================
The call to g_object_set_data_full() around line 395 sets the state as object
data and sets a destroy handler as well to release the state again automagically.

The call to g_object_set_data() around line 1484 sets THE SAME state again as
object data which subsequently results in releasing it (trough the destroy handler)
which invalidates the memory pointed to.
===============================================================

I imagine that there are systems in which this problem does not actually lead to a crash (due to the fact that the memory is not overwritten after release). Nevertheless, on my system it crashed consistently because of this.

This bug exists at least from Gnumeric 1.7.8 upwards to 1.7.10. It destabilizes all usage of the two means analysis tools, hence I would regard this as a major, but not a critical issue.

I will attach a patch with a fix for this.