After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 702887 - Segfault in gog_theme_get_name on a corrupted (fuzzed) gnumeric file
Segfault in gog_theme_get_name on a corrupted (fuzzed) gnumeric file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export other
git master
Other Linux
: Normal critical
: ---
Assigned To: Morten Welinder
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2013-06-23 09:43 UTC by jutaky
Modified: 2013-06-24 11:41 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2013-06-23 09:43:41 UTC 
Another one I am not sure if belongs here or to the goffice product:

Segfault in gog_theme_get_name on a corrupted (fuzzed) gnumeric file.

Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_19432_4231.gnumeric


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7505b0a in gog_theme_get_name (theme=0xaaaaaaaaaaaaaaaa) at graph/gog-theme.c:980
980		g_return_val_if_fail (GOG_IS_THEME (theme), "");
(gdb) bt

+ Trace 232130

  • #0 gog_theme_get_name
    at graph/gog-theme.c line 980
  • #1 theme_loaded_cb
    at graph/gog-graph.c line 710
  • #2 g_timeout_dispatch
    at gmain.c line 4443
  • #3 g_main_dispatch
    at gmain.c line 3058
  • #4 g_main_context_dispatch
    at gmain.c line 3634
  • #5 g_main_context_iterate
    at gmain.c line 3705
  • #6 g_main_loop_run
    at gmain.c line 3899
  • #7 gtk_dialog_run
    from /usr/lib/libgtk-3.so.0
  • #8 icg_error_error_info_list
    at io-context-gtk.c line 278
  • #9 go_cmd_context_error_info_list
    at app/go-cmd-context.c line 73
  • #10 go_io_error_display
    at app/io-context.c line 243
  • #11 main
    at main-application.c line 326 

--
Juha Kylmänen
Research Assistant, OUSPG
Comment 1 Jean Bréfort 2013-06-24 11:41:04 UTC 
This one belonged to goffice, and was my bad.

This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.