After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 751256 - Segfault in gog-xy.c:1467 on a saving fuzzed xls file
Segfault in gog-xy.c:1467 on a saving fuzzed xls file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other Linux
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
http://jutaky.com/fuzzing/gnumeric_ca...
Depends on:
Blocks:
 
 
Reported: 2015-06-20 11:47 UTC by jutaky
Modified: 2015-06-21 06:02 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2015-06-20 11:47:29 UTC 
Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_005-gog-xy.c.1467.xls

$ ssconvert gnumeric_case_005-gog-xy.c.1467.xls /tmp/out.xls

==15429==ERROR: AddressSanitizer: SEGV on unknown address 0x7fff7116f540 (pc 0x7f59fc82012e bp 0x7fff4ac98e50 sp 0x7fff4ac95b40 T0)
    #0 0x7f59fc82012d in gog_xy_view_render gnumeric/goffice/plugins/plot_xy/gog-xy.c:1467:19
    #1 0x7f5a21974a58 in gog_view_render gnumeric/goffice/goffice/graph/gog-view.c:897:3
    #2 0x7f5a219b7d03 in gog_chart_view_render gnumeric/goffice/goffice/graph/gog-chart.c:1582:5
    #3 0x7f5a21974a58 in gog_view_render gnumeric/goffice/goffice/graph/gog-view.c:897:3
    #4 0x7f5a2199d32b in gog_graph_view_render gnumeric/goffice/goffice/graph/gog-graph.c:1026:3
    #5 0x7f5a21974910 in gog_view_render gnumeric/goffice/goffice/graph/gog-view.c:892:3
    #6 0x7f5a21c1d649 in gog_renderer_update gnumeric/goffice/goffice/graph/gog-renderer.c:1429:3
    #7 0x7f59fcdeac9d in ms_excel_chart_write gnumeric/gnumeric/plugins/excel/ms-chart.c:5596:2
    #8 0x7f59fcd2e49b in excel_write_chart_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:4355:2
    #9 0x7f59fcd28a88 in excel_write_obj_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:5041:10
    #10 0x7f59fcd087b9 in excel_write_objs_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:5612:10
    #11 0x7f59fccfe366 in excel_write_sheet gnumeric/gnumeric/plugins/excel/ms-excel-write.c:5700:3
    #12 0x7f59fcccb961 in excel_write_workbook gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6536:3
    #13 0x7f59fcccc399 in excel_write_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6589:3
    #14 0x7f59fcba4d61 in excel_save gnumeric/gnumeric/plugins/excel/boot.c:304:3
    #15 0x7f59fcba57bc in excel_biff8_file_save gnumeric/gnumeric/plugins/excel/boot.c:350:2
    #16 0x7f5a217fb45a in go_plugin_loader_module_func_file_save gnumeric/goffice/goffice/app/go-plugin-loader-module.c:366:2
    #17 0x7f5a2180acc1 in go_plugin_file_saver_save gnumeric/goffice/goffice/app/go-plugin-service.c:948:2
    #18 0x7f5a21824d24 in go_file_saver_save gnumeric/goffice/goffice/app/file.c:848:2
    #19 0x7f5a231a2473 in wbv_save_to_output gnumeric/gnumeric/src/workbook-view.c:1059:2
    #20 0x7f5a231a2eff in wb_view_save_to_uri gnumeric/gnumeric/src/workbook-view.c:1093:3
    #21 0x7f5a231a46e3 in wb_view_save_as gnumeric/gnumeric/src/workbook-view.c:1129:2
    #22 0x4e2afc in convert gnumeric/gnumeric/src/ssconvert.c:837:9
    #23 0x4ded93 in main gnumeric/gnumeric/src/ssconvert.c:913:9
    #24 0x7f5a1bc3578f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
    #25 0x437c58 in _start (apps/bin/ssconvert+0x437c58)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV gnumeric/goffice/plugins/plot_xy/gog-xy.c:1467 gog_xy_view_render

--
Juha Kylmänen
Comment 1 Jean Bréfort 2015-06-21 06:02:19 UTC 
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.