After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 702899 - Segfault in xaccTransFindCommonCurrency on a corrupted (fuzzed) gnucash file
Segfault in xaccTransFindCommonCurrency on a corrupted (fuzzed) gnucash file
Status: RESOLVED FIXED
Product: GnuCash
Classification: Other
Component: Import - Other
2.4.x
Other Linux
: Normal critical
: ---
Assigned To: gnucash-import-maint
gnucash-import-maint
Depends on:
Blocks:
 
 
Reported: 2013-06-23 12:28 UTC by jutaky
Modified: 2018-06-29 23:17 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2013-06-23 12:28:46 UTC 
Segfault in xaccTransFindCommonCurrency on a corrupted (fuzzed) gnucash file.

Git versions of gnucash (rev 8237afd+) and libxml2. Gnucash 2.4.13 crashes too.

Test case: http://jutaky.com/fuzzing/gnucash_case_31869_117.gnucash

Backtrace using the git version:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72ab434 in xaccTransFindCommonCurrency (trans=0x11e0cc0, book=0x11e0980) at Scrub.c:1045
1045	    if ( ((CommodityCount*)(found->data))->commodity != NULL)
(gdb) bt

+ Trace 232132

  • #0 xaccTransFindCommonCurrency
    at Scrub.c line 1045
  • #1 xaccTransScrubCurrency
    at Scrub.c line 1073
  • #2 add_transaction_local
    at io-gncxml-v2.c line 274
  • #3 book_callback
    at io-gncxml-v2.c line 565
  • #4 generic_callback
    at io-gncxml-v2.c line 611
  • #5 gnc_transaction_end_handler
    at gnc-transaction-xml-v2.c line 602
  • #6 sixtp_sax_end_handler
    at sixtp.c line 533
  • #7 xmlParseEndTag1
    at parser.c line 8683
  • #8 xmlParseElement__internal_alias
    at parser.c line 10086
  • #9 xmlParseContent__internal_alias
    at parser.c line 9885
  • #10 xmlParseElement__internal_alias
    at parser.c line 10058
  • #11 xmlParseContent__internal_alias
    at parser.c line 9885
  • #12 xmlParseElement__internal_alias
    at parser.c line 10058
  • #13 xmlParseDocument__internal_alias
    at parser.c line 10742
  • #14 sixtp_parse_file_common
    at sixtp.c line 710
  • #15 sixtp_parse_file
    at sixtp.c line 757
  • #16 gnc_xml_parse_file
    at io-gncxml-gen.c line 41
  • #17 qof_session_load_from_xml_file_v2_full
    at io-gncxml-v2.c line 777
  • #18 qof_session_load_from_xml_file_v2
    at io-gncxml-v2.c line 835
  • #19 gnc_xml_be_load_from_file
    at gnc-backend-xml.c line 1128
  • #20 qof_session_load
    at qofsession.c line 1256
  • #21 gnc_post_file_open
    at gnc-file.c line 858
  • #22 gnc_file_open_file
    at gnc-file.c line 1048
  • #23 inner_main
    at gnucash-bin.c line 739
  • #24 ??
    from /usr/lib/libguile.so.17
  • #25 ??
    from /usr/lib/libguile.so.17
  • #26 scm_c_catch
    from /usr/lib/libguile.so.17
  • #27 scm_i_with_continuation_barrier
    from /usr/lib/libguile.so.17
  • #28 scm_c_with_continuation_barrier
    from /usr/lib/libguile.so.17
  • #29 scm_i_with_guile_and_parent
    from /usr/lib/libguile.so.17
  • #30 scm_boot_guile
    from /usr/lib/libguile.so.17
  • #31 main
    at gnucash-bin.c line 888 

--
Juha Kylmänen
Research Assistant, OUSPG
Comment 1 Christian Stimming 2013-06-30 20:38:39 UTC 
trunk r23074. Does today's SVN trunk still crash?
Comment 2 jutaky 2013-07-01 05:28:20 UTC 
The crash no longer reproduces on the latest GIT (e7537f8+).
Comment 3 Christian Stimming 2013-07-02 18:54:04 UTC 
ok, thanks for the info.
Comment 4 John Ralls 2017-09-24 22:47:42 UTC 
Reassign version to 2.4.x so that individual 2.4 versions can be retired.
Comment 5 John Ralls 2018-06-29 23:17:01 UTC 
GnuCash bug tracking has moved to a new Bugzilla host. This bug has been copied to https://bugs.gnucash.org/show_bug.cgi?id=702899. Please update any external references or bookmarks.