GNOME Bugzilla – Bug 706663
Null pointer crash on converting a fuzzed xlsx file into pdf
Last modified: 2013-08-23 18:02:50 UTC
Null pointer crash on converting a fuzzed xlsx file into pdf. Git versions of glib, goffice, gnumeric, libgsf and libxml2. Test case: http://jutaky.com/fuzzing/gnumeric_case_19784_379760.2pdf.xlsx "ssconvert gnumeric_case_19784_379760.2pdf.xlsx out.pdf": ==7734== ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f858ee222de sp 0x7fff2fdc59d0 bp 0x7fff2fdc5f30 T0) AddressSanitizer can not provide additional info.
+ Trace 232414
-- Juha Kylmänen Research Assistant, OUSPG
Opening the file in Gnumeric and changing to tab 'Line' yields: Program received signal SIGSEGV, Segmentation fault. 0xaa9e5d4b in gog_line_view_render (view=0xaaa76290, bbox=0x0) at gog-line.c:1090 1090 points[i][j].x = x; (gdb) bt
+ Trace 232416
While this is clearly a problem created by importing a chart from xlsx we are crashing in the charting code.
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.