Bug 696569 – Gnumeric crashes when accessing specific sheets

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 696569 - Gnumeric crashes when accessing specific sheets


Summary:	Gnumeric crashes when accessing specific sheets


Status:	RESOLVED FIXED

Product:	libgoffice
Classification:	Other
Component:	Graphing / Charting
Version:	GIT
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Jean Bréfort
QA Contact:	Jody Goldberg

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-03-25 16:58 UTC by fxTW7H5rJ1gh
Modified:	2013-03-25 17:36 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description fxTW7H5rJ1gh 2013-03-25 16:58:17 UTC

Gnumeric 1.12.1 on Archlinux.

I have a spreadsheet created ~6 months ago. Back then everything worked fine. Now I opened it again and clicked through the sheets. When accessing 2 of the sheets Gnumeric will segfault. I tried both directly clicking on the sheet labels and opening an adjacent one, then using the arrows. The other sheets work fine.

Example dmesg line:
traps: gnumeric[6802] general protection ip:7f2ac94babe8 sp:7fff0291a260 error:0 in libgoffice-0.10.so.10.0.1[7f2ac93e5000+173000]

I exported it as xlsx, that worked and the sheets seem fine (no graphs but that is normal I assume) when opened in LibreOffice.

The offending spreadsheet has been mailed to gmorten as I cannot share it publically.

Comment 1 Morten Welinder 2013-03-25 17:02:50 UTC

Workbook received out-of-band.

Comment 2 Morten Welinder 2013-03-25 17:10:32 UTC

Jean: errors[i] is undefined on gog-barcol.c:851

==7546== Conditional jump or move depends on uninitialised value(s)
==7546==    at 0x5415125: gog_error_bar_is_visible (gog-error-bar.c:819)
==7546==    by 0x131D2532: gog_barcol_view_render (gog-barcol.c:851)
==7546==    by 0x53E4291: gog_view_render (gog-view.c:882)
==7546==    by 0x53E74ED: plot_render (gog-chart.c:1368)
==7546==    by 0x53E9EFC: gog_chart_view_render (gog-chart.c:1409)
==7546==    by 0x53E6809: gog_graph_view_render (gog-graph.c:1026)
==7546==    by 0x53E4291: gog_view_render (gog-view.c:882)
==7546==    by 0x541DE41: gog_renderer_update (gog-renderer.c:1392)
==7546==    by 0x53CF05C: _goc_item_update_bounds (goc-item.c:309)
==7546==    by 0x53CF22F: goc_item_maybe_invalidate (goc-item.c:474)
==7546==    by 0x8766BF3: g_object_set_valist (in /usr/lib64/libgobject-2.0.so.0.3200.4)
==7546==    by 0x53CFA59: goc_item_set (goc-item.c:376)
==7546== 
==7546== Use of uninitialised value of size 8
==7546==    at 0x5415127: gog_error_bar_is_visible (gog-error-bar.c:818)
==7546==    by 0x131D2532: gog_barcol_view_render (gog-barcol.c:851)
==7546==    by 0x53E4291: gog_view_render (gog-view.c:882)
==7546==    by 0x53E74ED: plot_render (gog-chart.c:1368)
==7546==    by 0x53E9EFC: gog_chart_view_render (gog-chart.c:1409)
==7546==    by 0x53E6809: gog_graph_view_render (gog-graph.c:1026)
==7546==    by 0x53E4291: gog_view_render (gog-view.c:882)
==7546==    by 0x541DE41: gog_renderer_update (gog-renderer.c:1392)
==7546==    by 0x53CF05C: _goc_item_update_bounds (goc-item.c:309)
==7546==    by 0x53CF22F: goc_item_maybe_invalidate (goc-item.c:474)
==7546==    by 0x8766BF3: g_object_set_valist (in /usr/lib64/libgobject-2.0.so.0.3200.4)
==7546==    by 0x53CFA59: goc_item_set (goc-item.c:376)

Comment 3 Morten Welinder 2013-03-25 17:36:50 UTC

https://git.gnome.org/browse/goffice/commit/?id=92b77ba99041a40d2d54673f36b4e2dc15b675af

This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.