Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts
On Thu, Sep 22, 2011 at 17:14:32 -0600, Andreas Guelzow wrote: > The patch has been committed upstream. Specifically, it's given by git diff 086505a3d84b7d2efe33056de97c33536ce4bc90..652a2f1929e0519e56be5d8f684c9018e966432b as attached. -- It's like Jung said, the unconscious is revealed through the imagery of our dreams which express our innermost fears and our desires. Jung said that? Yeah, I think it was Jung. Either that or Vincent Price. (NX 1.8) diff --git a/NEWS b/NEWS index 48f8943..2d520fd 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,9 @@ Jean: * Fixed labels vertical alignment in preferences dialog. [#658639] * Fixed autofilter user interface issues. [#657036] +Mikko Rasa: +* Fix ODF import of certain percentage formats. [Debian #642135] + Morten: * Fix crash. [#658140] * Fix stf import crash. [#658982] diff --git a/plugins/openoffice/ChangeLog b/plugins/openoffice/ChangeLog index 6077007..d2f7ac7 100644 --- a/plugins/openoffice/ChangeLog +++ b/plugins/openoffice/ChangeLog @@ -1,3 +1,13 @@ +2011-09-22 Andreas J. Guelzow + + * openoffice-read.c (oo_date_text_end): avoid duplicate percent signs + +2011-09-22 Andreas J. Guelzow + for Mikko Rasa : + + * openoffice-read.c (oo_date_text_end): fix potential for + infinite loop + 2011-09-06 Jean Brefort * openoffice-write.c (odf_write_regression_curve): fixed criticals. diff --git a/plugins/openoffice/openoffice-read.c b/plugins/openoffice/openoffice-read.c index d1531f6..041facd 100644 --- a/plugins/openoffice/openoffice-read.c +++ b/plugins/openoffice/openoffice-read.c @@ -3849,7 +3849,7 @@ oo_date_text_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob *blob) int len = xin->content->len; char const *text = xin->content->str; char const *percent_sign; - while ((percent_sign = strchr (xin->content->str, '%')) != NULL) { + while ((percent_sign = strchr (text, '%')) != NULL) { if (percent_sign > text) { oo_date_text_end_append (state->cur_format.accum, text, @@ -3859,6 +3859,7 @@ oo_date_text_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob *blob) text = percent_sign + 1; len--; g_string_append_c (state->cur_format.accum, '%'); + state->cur_format.percent_sign_seen = TRUE; } if (len > 0) oo_date_text_end_append (state->cur_format.accum, text, len);
Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts
The patch has been committed upstream. It will be fixed in 1.11.0 and later. Thank you Andreas -- Andreas Guelzow -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts
On 21.09.2011 18:38, J.H.M. Dassen (Ray) wrote: Hello Mikko, On Mon, Sep 19, 2011 at 20:58:01 +0300, Mikko Rasa wrote: The file in question contains names and addresses of people, so I do not wish to publish it on the Internet. However, I can send it to the package maintainer in exchange of a promise that the information won't be misused. Here's a backtrace from gdb, perhaps it will be useful: Evaluation of this type of issue is usually done much more effectively by gnumeric's upstream maintainers than myself. It would be helpful if you could supply the file that triggers this issue to Morten Welinder and Andreas Guelzow. Morten has commented that a better back trace will be required for analysis of this issue. Well, I was going to send the file to the developers but I wanted to provide as much information as possible so I compiled gnumeric and a few libraries from source in order to get a better backtrace. I ended up finding and fixing the bug :) Patch attached. The bug originates from commit 4e484d1 over a year ago. I think the cause of the bug should be clear from the patch but if any more information is needed I'll be happy to provide it. -- Mikko >From 1a7332cadd7d15b04ea3e499d9bd635908a84009 Mon Sep 17 00:00:00 2001 From: Mikko Rasa Date: Wed, 21 Sep 2011 22:06:48 +0300 Subject: [PATCH] Don't go into infinite loop with percent signs --- plugins/openoffice/openoffice-read.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/plugins/openoffice/openoffice-read.c b/plugins/openoffice/openoffice-read.c index d1531f6..3108303 100644 --- a/plugins/openoffice/openoffice-read.c +++ b/plugins/openoffice/openoffice-read.c @@ -3849,7 +3849,7 @@ oo_date_text_end (GsfXMLIn *xin, G_GNUC_UNUSED GsfXMLBlob *blob) int len = xin->content->len; char const *text = xin->content->str; char const *percent_sign; - while ((percent_sign = strchr (xin->content->str, '%')) != NULL) { + while ((percent_sign = strchr (text, '%')) != NULL) { if (percent_sign > text) { oo_date_text_end_append (state->cur_format.accum, text, -- 1.7.6.3
Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts
Hello Mikko, On Mon, Sep 19, 2011 at 20:58:01 +0300, Mikko Rasa wrote: > The file in question contains names and addresses of people, so I do not > wish to publish it on the Internet. However, I can send it to the package > maintainer in exchange of a promise that the information won't be misused. > > Here's a backtrace from gdb, perhaps it will be useful: Evaluation of this type of issue is usually done much more effectively by gnumeric's upstream maintainers than myself. It would be helpful if you could supply the file that triggers this issue to Morten Welinder and Andreas Guelzow . Morten has commented that a better back trace will be required for analysis of this issue. Kind regards, Ray -- "Text processing doesn't matter." Fortran. Larry Wall on common fallacies of language design -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#642135: gnumeric: Gnumeric tries to allocate an obnoxious amount of memory and aborts
Package: gnumeric Version: 1.10.17-1 Severity: normal When opening a particular .ods file gnumeric crashes with this message: GLib-ERROR **: /build/buildd-glib2.0_2.28.6-1-i386-A3fp41/glib2.0-2.28.6/./glib/gmem.c:239: failed to allocate 2147483648 bytes aborting... Aborted The number happens to be exactly 0x8000. The file in question contains names and addresses of people, so I do not wish to publish it on the Internet. However, I can send it to the package maintainer in exchange of a promise that the information won't be misused. Here's a backtrace from gdb, perhaps it will be useful: #0 0xb7fe2424 in __kernel_vsyscall () #1 0xb73cb911 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0xb73ced42 in *__GI_abort () at abort.c:92 #3 0xb75605e8 in g_logv () from /lib/libglib-2.0.so.0 #4 0xb7560622 in g_log () from /lib/libglib-2.0.so.0 #5 0xb755e35c in g_realloc () from /lib/libglib-2.0.so.0 #6 0xb757ae9f in ?? () from /lib/libglib-2.0.so.0 #7 0xb757bc4b in g_string_insert_c () from /lib/libglib-2.0.so.0 #8 0xb5c338ac in ?? () from /usr/lib/gnumeric/1.10.17/plugins/openoffice/openoffice.so #9 0xb736dd15 in ?? () from /usr/lib/libgsf-1.so.114 #10 0xb7246fda in ?? () from /usr/lib/libxml2.so.2 #11 0xb7250a93 in xmlParseElement () from /usr/lib/libxml2.so.2 #12 0xb724f790 in xmlParseContent () from /usr/lib/libxml2.so.2 #13 0xb7250894 in xmlParseElement () from /usr/lib/libxml2.so.2 #14 0xb724f790 in xmlParseContent () from /usr/lib/libxml2.so.2 #15 0xb7250894 in xmlParseElement () from /usr/lib/libxml2.so.2 #16 0xb724f790 in xmlParseContent () from /usr/lib/libxml2.so.2 #17 0xb7250894 in xmlParseElement () from /usr/lib/libxml2.so.2 #18 0xb725188a in xmlParseDocument () from /usr/lib/libxml2.so.2 #19 0xb736ed6f in gsf_xml_in_doc_parse () from /usr/lib/libgsf-1.so.114 #20 0xb5c34cce in openoffice_file_open () from /usr/lib/gnumeric/1.10.17/plugins/openoffice/openoffice.so #21 0xb7be5a9c in ?? () from /usr/lib/libgoffice-0.8.so.8 #22 0xb7be892b in ?? () from /usr/lib/libgoffice-0.8.so.8 #23 0xb7bea37d in go_file_opener_open () from /usr/lib/libgoffice-0.8.so.8 #24 0xb7e0bd31 in wb_view_new_from_input () from /usr/lib/libspreadsheet-1.10.17.so #25 0xb7e0bfd8 in wb_view_new_from_uri () from /usr/lib/libspreadsheet-1.10.17.so #26 0x0804b059 in main () -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.39.3-core2 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnumeric depends on: ii debconf [debconf-2.0] 1.5.41 ii gconf2 2.32.4-1 ii gnumeric-common1.10.17-1 ii gsfonts1:8.11+urwcyr1.0.7~pre44-4.2 ii libatk1.0-02.0.1-2 ii libc6 2.13-21 ii libcairo2 1.10.2-6.1 ii libgdk-pixbuf2.0-0 2.24.0-1 ii libglib2.0-0 2.28.6-1 ii libgoffice-0.8-8 0.8.17-1 ii libgsf-1-114 1.14.21-2 ii libgtk2.0-02.24.6-1 ii libpango1.0-0 1.28.4-3 ii libxml22.7.8.dfsg-4 ii procps 1:3.2.8-11 ii zlib1g 1:1.2.3.4.dfsg-3 Versions of packages gnumeric recommends: pn evince2.32.0-1 pn lp-solve Versions of packages gnumeric suggests: ii epiphany-browser ii gnumeric-doc ii gnumeric-plugins-extra ii ttf-mscorefonts-installer 3.3 -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org