After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 751272 - Segfault in gog-radar.c:1060 on saving a fuzzed xls file
Segfault in gog-radar.c:1060 on saving a fuzzed xls file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other Linux
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
http://jutaky.com/fuzzing/gnumeric_ca...
Depends on:
Blocks:
 
 
Reported: 2015-06-21 07:11 UTC by jutaky
Modified: 2015-06-22 07:42 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2015-06-21 07:11:20 UTC 
Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_010-gog-radar.c.1060.xls

$ ssconvert gnumeric_case_010-gog-radar.c.1060.xls /tmp/out.xls

==688==ERROR: AddressSanitizer: SEGV on unknown address 0x603020076540 (pc 0x7f0d00a5b9fd bp 0x7fffd13fb570 sp 0x7fffd13f9da0 T0)
    #0 0x7f0d00a5b9fc in gog_rt_view_render gnumeric/goffice/plugins/plot_radar/gog-radar.c:1060:6
    #1 0x7f0d22d68a58 in gog_view_render gnumeric/goffice/goffice/graph/gog-view.c:897:3
    #2 0x7f0d22db0053 in plot_render gnumeric/goffice/goffice/graph/gog-chart.c:1536:4
    #3 0x7f0d22dab5f0 in gog_chart_view_render gnumeric/goffice/goffice/graph/gog-chart.c:1577:5
    #4 0x7f0d22d68a58 in gog_view_render gnumeric/goffice/goffice/graph/gog-view.c:897:3
    #5 0x7f0d22d9132b in gog_graph_view_render gnumeric/goffice/goffice/graph/gog-graph.c:1026:3
    #6 0x7f0d22d68910 in gog_view_render gnumeric/goffice/goffice/graph/gog-view.c:892:3
    #7 0x7f0d23011649 in gog_renderer_update gnumeric/goffice/goffice/graph/gog-renderer.c:1429:3
    #8 0x7f0cfe1ddd8d in ms_excel_chart_write gnumeric/gnumeric/plugins/excel/ms-chart.c:5597:2
    #9 0x7f0cfe12158b in excel_write_chart_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:4355:2
    #10 0x7f0cfe11bb78 in excel_write_obj_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:5041:10
    #11 0x7f0cfe0fb8a9 in excel_write_objs_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:5612:10
    #12 0x7f0cfe0f1456 in excel_write_sheet gnumeric/gnumeric/plugins/excel/ms-excel-write.c:5700:3
    #13 0x7f0cfe0bea51 in excel_write_workbook gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6536:3
    #14 0x7f0cfe0bf489 in excel_write_v8 gnumeric/gnumeric/plugins/excel/ms-excel-write.c:6589:3
    #15 0x7f0cfdf97de1 in excel_save gnumeric/gnumeric/plugins/excel/boot.c:304:3
    #16 0x7f0cfdf9883c in excel_biff8_file_save gnumeric/gnumeric/plugins/excel/boot.c:350:2
    #17 0x7f0d22bef45a in go_plugin_loader_module_func_file_save gnumeric/goffice/goffice/app/go-plugin-loader-module.c:366:2
    #18 0x7f0d22bfecc1 in go_plugin_file_saver_save gnumeric/goffice/goffice/app/go-plugin-service.c:948:2
    #19 0x7f0d22c18d24 in go_file_saver_save gnumeric/goffice/goffice/app/file.c:848:2
    #20 0x7f0d24596863 in wbv_save_to_output gnumeric/gnumeric/src/workbook-view.c:1059:2
    #21 0x7f0d245972ef in wb_view_save_to_uri gnumeric/gnumeric/src/workbook-view.c:1093:3
    #22 0x7f0d24598ad3 in wb_view_save_as gnumeric/gnumeric/src/workbook-view.c:1129:2
    #23 0x4e2afc in convert gnumeric/gnumeric/src/ssconvert.c:837:9
    #24 0x4ded93 in main gnumeric/gnumeric/src/ssconvert.c:913:9
    #25 0x7f0d1d02978f in __libc_start_main (/usr/lib/libc.so.6+0x2078f)
    #26 0x437c58 in _start (apps/bin/ssconvert+0x437c58)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV gnumeric/goffice/plugins/plot_radar/gog-radar.c:1060 gog_rt_view_render

--
Juha Kylmänen
Comment 1 Jean Bréfort 2015-06-22 07:42:44 UTC 
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.