GNOME Bugzilla – Bug 749271
Null pointer crash in ms-excel-write.c on a .gnumeric to xls conversion
Last modified: 2015-05-13 00:07:04 UTC
Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2. Test case: http://jutaky.com/fuzzing/gnumeric_case_18292_19947.2xls.gnumeric $ ssconvert gnumeric_case_18292_19947.2xls.gnumeric /tmp/out.xls ==24451==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1b97f3b20a sp 0x7ffda7b8a658 bp 0x7ffda7b8a690 T0) #0 0x7f1b97f3b209 in __GI_strlen (/usr/lib/libc.so.6+0x80209) #1 0x7f1ba02749d5 in strlen (/usr/lib/libasan.so.1+0x339d5) #2 0x7f1b79fa94f1 in txomarkup_new gnumeric/gnumeric/plugins/excel/ms-excel-write.c:2788 #3 0x7f1b79fd2a53 in extract_txomarkup gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6666 #4 0x7f1b79fd3821 in excel_write_state_new gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6757 #5 0x7f1b79f2c004 in excel_save gnumeric/gnumeric/plugins/excel/boot.c:289 #6 0x7f1b79f2c6fb in excel_biff8_file_save gnumeric/gnumeric/plugins/excel/boot.c:350 #7 0x7f1b9e8c00f8 in go_plugin_loader_module_func_file_save app/go-plugin-loader-module.c:366 #8 0x7f1b9e8c750a in go_plugin_file_saver_save app/go-plugin-service.c:948 #9 0x7f1b9e8d03ec in go_file_saver_save app/file.c:848 #10 0x7f1b9f7aa291 in wbv_save_to_output gnumeric/gnumeric/src/workbook-view.c:1059 #11 0x7f1b9f7aa74b in wb_view_save_to_uri gnumeric/gnumeric/src/workbook-view.c:1093 #12 0x7f1b9f7aacbd in wb_view_save_as gnumeric/gnumeric/src/workbook-view.c:1129 #13 0x408c24 in convert gnumeric/gnumeric/src/ssconvert.c:831 #14 0x409439 in main gnumeric/gnumeric/src/ssconvert.c:903 #15 0x7f1b97edb7ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff) #16 0x4040f8 in _start (apps/bin/ssconvert+0x4040f8) -- Juha Kylmänen
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.