Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts

2011-09-23 Thread J.H.M. Dassen (Ray) 
On Thu, Sep 22, 2011 at 17:14:32 -0600, Andreas Guelzow wrote:
> The patch has been committed upstream.

Specifically, it's given by 
git diff 
086505a3d84b7d2efe33056de97c33536ce4bc90..652a2f1929e0519e56be5d8f684c9018e966432b
as attached.
-- 
It's like Jung said, the unconscious is revealed through the imagery of our
dreams which express our innermost fears and our desires.
Jung said that?
Yeah, I think it was Jung. Either that or Vincent Price. (NX 1.8)
diff --git a/NEWS b/NEWS
index 48f8943..2d520fd 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,9 @@ Jean:
* Fixed labels vertical alignment in preferences dialog. [#658639]
* Fixed autofilter user interface issues. [#657036]
 
+Mikko Rasa:
+* Fix ODF import of certain percentage formats. [Debian #642135]
+
 Morten:
* Fix crash.  [#658140]
* Fix stf import crash.  [#658982]
diff --git a/plugins/openoffice/ChangeLog b/plugins/openoffice/ChangeLog
index 6077007..d2f7ac7 100644
--- a/plugins/openoffice/ChangeLog
+++ b/plugins/openoffice/ChangeLog
@@ -1,3 +1,13 @@
+2011-09-22  Andreas J. Guelzow 
+
+   * openoffice-read.c (oo_date_text_end): avoid duplicate percent signs
+
+2011-09-22  Andreas J. Guelzow 
+   for Mikko Rasa :
+
+   * openoffice-read.c (oo_date_text_end): fix potential for
+   infinite loop
+
 2011-09-06  Jean Brefort  
 
* openoffice-write.c (odf_write_regression_curve): fixed criticals.
diff --git a/plugins/openoffice/openoffice-read.c 
b/plugins/openoffice/openoffice-read.c
index d1531f6..041facd 100644
--- a/plugins/openoffice/openoffice-read.c
+++ b/plugins/openoffice/openoffice-read.c
@@ -3849,7 +3849,7 @@ oo_date_text_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob 
*blob)
int len = xin->content->len;
char const *text = xin->content->str;
char const *percent_sign;
-   while ((percent_sign = strchr (xin->content->str, '%')) 
!= NULL) {
+   while ((percent_sign = strchr (text, '%')) != NULL) {
if (percent_sign > text) {
oo_date_text_end_append
(state->cur_format.accum, text,
@@ -3859,6 +3859,7 @@ oo_date_text_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob 
*blob)
text = percent_sign + 1;
len--;
g_string_append_c (state->cur_format.accum, 
'%');
+   state->cur_format.percent_sign_seen = TRUE;
}
if (len > 0)
oo_date_text_end_append 
(state->cur_format.accum, text, len);

Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts

2011-09-22 Thread Andreas Guelzow 
The patch has been committed upstream. It will be fixed in 1.11.0 and
later.

Thank you

Andreas
-- 
Andreas Guelzow 




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts

2011-09-21 Thread Mikko Rasa 

On 21.09.2011 18:38, J.H.M. Dassen (Ray) wrote:

Hello Mikko,

On Mon, Sep 19, 2011 at 20:58:01 +0300, Mikko Rasa wrote:

The file in question contains names and addresses of people, so I do not
wish to publish it on the Internet.  However, I can send it to the package
maintainer in exchange of a promise that the information won't be misused.

Here's a backtrace from gdb, perhaps it will be useful:


Evaluation of this type of issue is usually done much more effectively by
gnumeric's upstream maintainers than myself.

It would be helpful if you could supply the file that triggers this issue to
Morten Welinder  and Andreas Guelzow.

Morten has commented that a better back trace will be required for analysis
of this issue.


Well, I was going to send the file to the developers but I wanted to 
provide as much information as possible so I compiled gnumeric and a few 
libraries from source in order to get a better backtrace.  I ended up 
finding and fixing the bug :)  Patch attached.  The bug originates from 
commit 4e484d1 over a year ago.


I think the cause of the bug should be clear from the patch but if any 
more information is needed I'll be happy to provide it.


--
Mikko
>From 1a7332cadd7d15b04ea3e499d9bd635908a84009 Mon Sep 17 00:00:00 2001
From: Mikko Rasa 
Date: Wed, 21 Sep 2011 22:06:48 +0300
Subject: [PATCH] Don't go into infinite loop with percent signs

---
 plugins/openoffice/openoffice-read.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/plugins/openoffice/openoffice-read.c b/plugins/openoffice/openoffice-read.c
index d1531f6..3108303 100644
--- a/plugins/openoffice/openoffice-read.c
+++ b/plugins/openoffice/openoffice-read.c
@@ -3849,7 +3849,7 @@ oo_date_text_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob *blob)
 			int len = xin->content->len;
 			char const *text = xin->content->str;
 			char const *percent_sign;
-			while ((percent_sign = strchr (xin->content->str, '%')) != NULL) {
+			while ((percent_sign = strchr (text, '%')) != NULL) {
 if (percent_sign > text) {
 	oo_date_text_end_append
 		(state->cur_format.accum, text,
-- 
1.7.6.3

Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts

2011-09-21 Thread J.H.M. Dassen (Ray) 
Hello Mikko,

On Mon, Sep 19, 2011 at 20:58:01 +0300, Mikko Rasa wrote:
> The file in question contains names and addresses of people, so I do not
> wish to publish it on the Internet.  However, I can send it to the package
> maintainer in exchange of a promise that the information won't be misused.
> 
> Here's a backtrace from gdb, perhaps it will be useful:

Evaluation of this type of issue is usually done much more effectively by
gnumeric's upstream maintainers than myself.

It would be helpful if you could supply the file that triggers this issue to
Morten Welinder  and Andreas Guelzow .

Morten has commented that a better back trace will be required for analysis
of this issue.

Kind regards,
Ray
-- 
"Text processing doesn't matter."  Fortran.
Larry Wall on common fallacies of language design



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts

2011-09-19 Thread Mikko Rasa 
Package: gnumeric
Version: 1.10.17-1
Severity: normal

When opening a particular .ods file gnumeric crashes with this message:

GLib-ERROR **: 
/build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmem.c:239: 
failed to allocate 2147483648 bytes
aborting...
Aborted

The number happens to be exactly 0x8000.

The file in question contains names and addresses of people, so I do not wish
to publish it on the Internet.  However, I can send it to the package
maintainer in exchange of a promise that the information won't be misused.

Here's a backtrace from gdb, perhaps it will be useful:

#0  0xb7fe2424 in __kernel_vsyscall ()
#1  0xb73cb911 in *__GI_raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb73ced42 in *__GI_abort () at abort.c:92
#3  0xb75605e8 in g_logv () from /lib/libglib-2.0.so.0
#4  0xb7560622 in g_log () from /lib/libglib-2.0.so.0
#5  0xb755e35c in g_realloc () from /lib/libglib-2.0.so.0
#6  0xb757ae9f in ?? () from /lib/libglib-2.0.so.0
#7  0xb757bc4b in g_string_insert_c () from /lib/libglib-2.0.so.0
#8  0xb5c338ac in ?? () from 
/usr/lib/gnumeric/1.10.17/plugins/openoffice/openoffice.so
#9  0xb736dd15 in ?? () from /usr/lib/libgsf-1.so.114
#10 0xb7246fda in ?? () from /usr/lib/libxml2.so.2
#11 0xb7250a93 in xmlParseElement () from /usr/lib/libxml2.so.2
#12 0xb724f790 in xmlParseContent () from /usr/lib/libxml2.so.2
#13 0xb7250894 in xmlParseElement () from /usr/lib/libxml2.so.2
#14 0xb724f790 in xmlParseContent () from /usr/lib/libxml2.so.2
#15 0xb7250894 in xmlParseElement () from /usr/lib/libxml2.so.2
#16 0xb724f790 in xmlParseContent () from /usr/lib/libxml2.so.2
#17 0xb7250894 in xmlParseElement () from /usr/lib/libxml2.so.2
#18 0xb725188a in xmlParseDocument () from /usr/lib/libxml2.so.2
#19 0xb736ed6f in gsf_xml_in_doc_parse () from /usr/lib/libgsf-1.so.114
#20 0xb5c34cce in openoffice_file_open () from 
/usr/lib/gnumeric/1.10.17/plugins/openoffice/openoffice.so
#21 0xb7be5a9c in ?? () from /usr/lib/libgoffice-0.8.so.8
#22 0xb7be892b in ?? () from /usr/lib/libgoffice-0.8.so.8
#23 0xb7bea37d in go_file_opener_open () from /usr/lib/libgoffice-0.8.so.8
#24 0xb7e0bd31 in wb_view_new_from_input () from 
/usr/lib/libspreadsheet-1.10.17.so
#25 0xb7e0bfd8 in wb_view_new_from_uri () from 
/usr/lib/libspreadsheet-1.10.17.so
#26 0x0804b059 in main ()


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.39.3-core2 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnumeric depends on:
ii  debconf [debconf-2.0]  1.5.41  
ii  gconf2 2.32.4-1
ii  gnumeric-common1.10.17-1   
ii  gsfonts1:8.11+urwcyr1.0.7~pre44-4.2
ii  libatk1.0-02.0.1-2 
ii  libc6  2.13-21 
ii  libcairo2  1.10.2-6.1  
ii  libgdk-pixbuf2.0-0 2.24.0-1
ii  libglib2.0-0   2.28.6-1
ii  libgoffice-0.8-8   0.8.17-1
ii  libgsf-1-114   1.14.21-2   
ii  libgtk2.0-02.24.6-1
ii  libpango1.0-0  1.28.4-3
ii  libxml22.7.8.dfsg-4
ii  procps 1:3.2.8-11  
ii  zlib1g 1:1.2.3.4.dfsg-3

Versions of packages gnumeric recommends:
pn  evince2.32.0-1
pn  lp-solve

Versions of packages gnumeric suggests:
ii  epiphany-browser   
ii  gnumeric-doc   
ii  gnumeric-plugins-extra 
ii  ttf-mscorefonts-installer  3.3   

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org