After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 658140 - CRASH when suppressing cells
CRASH when suppressing cells
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: General
git master
Other All
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2011-09-03 18:29 UTC by Frédéric Parrenin
Modified: 2011-09-05 16:44 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
.gnumeric file to reproduce the problem (466.79 KB, application/x-gnumeric)
2011-09-03 18:30 UTC, Frédéric Parrenin
Details

Description Frédéric Parrenin 2011-09-03 18:29:33 UTC
Steps to reproduce the problem:
- open the attached .gnumeric file
- press the SUPPR key
=> CRASH!
Comment 1 Frédéric Parrenin 2011-09-03 18:30:42 UTC
Created attachment 195594 [details]
.gnumeric file to reproduce the problem
Comment 2 Andreas J. Guelzow 2011-09-03 23:48:40 UTC
What is the SUPPR key?

What would you expect it to do?
Comment 3 Morten Welinder 2011-09-04 05:27:46 UTC
The delete key does it for me.

  • #0 __libc_free
    at malloc.c line 3704
  • #1 g_free
    at gmem.c line 263
  • #2 gnumeric_interpolation
    at functions.c line 510
  • #3 function_call_with_exprs
    at func.c line 1750
  • #4 gnm_expr_eval
    at expr.c line 1420
  • #5 gnm_expr_eval
    at expr.c line 1483
  • #6 gnm_expr_top_eval
    at expr.c line 3038
  • #7 gnm_cell_eval_content
    at dependent.c line 1503
  • #8 gnm_expr_eval
    at expr.c line 1511
  • #9 gnm_expr_top_eval
    at expr.c line 3038
  • #10 gnm_cell_eval_content
    at dependent.c line 1503
  • #11 dependent_eval
    at dependent.c line 1599
  • #12 workbook_recalc
    at dependent.c line 2690
  • #13 update_after_action
    at commands.c line 347

Comment 4 Morten Welinder 2011-09-04 05:30:38 UTC
==5404== Conditional jump or move depends on uninitialised value(s)
==5404==    at 0x4F535DB: g_free (gmem.c:262)
==5404==    by 0x40C90E0: function_call_with_exprs (func.c:1750)
==5404==    by 0x40BFA82: gnm_expr_eval (expr.c:1420)
==5404==    by 0x40BFCDE: gnm_expr_eval (expr.c:1483)
==5404==    by 0x40C072D: gnm_expr_top_eval (expr.c:3038)
==5404==    by 0x40B7225: gnm_cell_eval_content (dependent.c:1503)
==5404==    by 0x40C020F: gnm_expr_eval (expr.c:1511)
==5404==    by 0x40C072D: gnm_expr_top_eval (expr.c:3038)
==5404==    by 0x40B7225: gnm_cell_eval_content (dependent.c:1503)
==5404==    by 0x40B96D7: workbook_recalc (dependent.c:1599)
==5404==    by 0x40A10C2: update_after_action (commands.c:347)
Comment 5 Morten Welinder 2011-09-04 20:05:30 UTC
I am thinking that perhaps collect_float_pairs needs to be more agressive
in setting *xs0, *xs1, and *constp.

And the latter needs docs.
Comment 6 Morten Welinder 2011-09-05 16:44:52 UTC
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.