After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 761295 - Crash (SIGABRT) from sheet-filter.c:56 on a fuzzed .gnumeric file
Crash (SIGABRT) from sheet-filter.c:56 on a fuzzed .gnumeric file
Status: RESOLVED FIXED
Product: Gnumeric
Classification: Applications
Component: import/export other
git master
Other Linux
: Normal normal
: ---
Assigned To: Morten Welinder
Jody Goldberg
Depends on:
Blocks:
 
 
Reported: 2016-01-29 15:19 UTC by jutaky
Modified: 2016-01-29 16:11 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description jutaky 2016-01-29 15:19:42 UTC 
Git versions of glib, goffice, gnumeric, libgsf and libxml2.

Test case: http://jutaky.com/fuzzing/gnumeric_case_001-sheet-filter.c.56-2.gnumeric

$ ssconvert gnumeric_case_001-sheet-filter.c.56-2.gnumeric /tmp/out.gnumeric

Program received signal SIGABRT, Aborted.
0x00007ffff13f45f8 in raise () from /usr/lib/libc.so.6
(gdb) bt

+ Trace 235939

  • #0 raise
    from /usr/lib/libc.so.6
  • #1 abort
    from /usr/lib/libc.so.6
  • #2 g_assertion_message
    at gtestutils.c line 2429
  • #3 g_assertion_message_expr
    at gtestutils.c line 2452
  • #4 gnm_filter_op_needs_value
    at sheet-filter.c line 56
  • #5 gnm_filter_condition_new_single
    at sheet-filter.c line 78
  • #6 xml_sax_filter_condition
    at xml-sax-read.c line 2342
  • #7 push_child
    at gsf-libxml.c line 658
  • #8 lookup_child
    at gsf-libxml.c line 694
  • #9 gsf_xml_in_start_element
    at gsf-libxml.c line 786
  • #10 xmlParseStartTag__internal_alias
    at parser.c line 8712
  • #11 xmlParseElement__internal_alias
    at parser.c line 10132
  • #12 xmlParseContent__internal_alias
    at parser.c line 10042
  • #13 xmlParseElement__internal_alias
    at parser.c line 10215
  • #14 xmlParseContent__internal_alias
    at parser.c line 10042
  • #15 xmlParseElement__internal_alias
    at parser.c line 10215
  • #16 xmlParseContent__internal_alias
    at parser.c line 10042
  • #17 xmlParseElement__internal_alias
    at parser.c line 10215
  • #18 xmlParseContent__internal_alias
    at parser.c line 10042
  • #19 xmlParseElement__internal_alias
    at parser.c line 10215
  • #20 xmlParseContent__internal_alias
    at parser.c line 10042
  • #21 xmlParseElement__internal_alias
    at parser.c line 10215
  • #22 xmlParseDocument__internal_alias
    at parser.c line 10912
  • #23 gsf_xml_in_doc_parse
    at gsf-libxml.c line 1338
  • #24 read_file_common
    at xml-sax-read.c line 3472
  • #25 gnm_xml_file_open
    at xml-sax-read.c line 3601
  • #26 go_file_opener_open_real
    at app/file.c line 159
  • #27 go_file_opener_open
    at app/file.c line 417
  • #28 workbook_view_new_from_input
    at workbook-view.c line 1278
  • #29 workbook_view_new_from_uri
    at workbook-view.c line 1337
  • #30 convert
    at ssconvert.c line 715
  • #31 main
    at ssconvert.c line 918 


--
Juha Kylmänen
Comment 1 Morten Welinder 2016-01-29 16:11:33 UTC 
This problem has been fixed in our software repository. The fix will go into the next software release. Once that release is available, you may want to check for a software upgrade provided by your Linux distribution.