After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 760087 - Crash (SIGFPE) in go-data-cache.c:52 on a fuzzed xls file
Crash (SIGFPE) in go-data-cache.c:52 on a fuzzed xls file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export MS Excel (tm)
git master
Other Linux
: Normal critical
: ---
Assigned To: Jody Goldberg
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2016-01-02 23:11 UTC by jutaky
Modified: 2016-01-02 23:22 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2016-01-02 23:11:47 UTC 
Git versions of gtk, glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_002-go-data-cache.c.52.xls

$ ssconvert gnumeric_case_002-go-data-cache.c.52.xls /tmp/out.gnumeric

Program received signal SIGFPE, Arithmetic exception.
0x00007ffff72ec401 in go_data_cache_records_set_size (cache=<optimized out>, n=21) at go-data-cache.c:52
52		g_return_if_fail (n < G_MAXUINT / cache->record_size);
(gdb) bt

+ Trace 235866

  • #0 go_data_cache_records_set_size
    at go-data-cache.c line 52
  • #1 go_data_cache_records_init
    at go-data-cache.c line 85
  • #2 go_data_cache_import_start
    at go-data-cache.c line 304
  • #3 xls_read_pivot_cache
    at xls-read-pivot.c line 420
  • #4 xls_read_pivot_cache_by_id
    at xls-read-pivot.c line 479
  • #5 xls_read_SXStreamID
    at xls-read-pivot.c line 507
  • #6 excel_read_workbook
    at ms-excel-read.c line 7373
  • #7 excel_enc_file_open
    at boot.c line 193
  • #8 go_plugin_loader_module_func_file_open
    at app/go-plugin-loader-module.c line 282
  • #9 go_plugin_file_opener_open
    at app/go-plugin-service.c line 685
  • #10 go_file_opener_open
    at app/file.c line 417
  • #11 workbook_view_new_from_input
    at workbook-view.c line 1278
  • #12 workbook_view_new_from_uri
    at workbook-view.c line 1337
  • #13 convert
    at ssconvert.c line 715
  • #14 main
    at ssconvert.c line 918 

--
Juha Kylmänen
Comment 1 Morten Welinder 2016-01-02 23:22:34 UTC 
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.