[xls] Text encoding problem
Submitted by jut..@..il.com
Link to original bug (#703952)
Description
Segfault in __memcpy_ssse3_back when exporting to xls.
Git versions of glib, goffice, gnumeric, libgsf and libxml2.
Test case: http://jutaky.com/fuzzing/gnumeric_case_8646_725_2xls.gnumeric
Segfault triggered by opening the test case with gnumeric and using Save As and saving as xls.
Alternatively running "ssconvert gnumeric_case_8646_725_2xls.gnumeric out.xls".
Backtrace from ssconvert:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff335d650 in __memcpy_ssse3_back () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007ffff335d650 in __memcpy_ssse3_back () from /usr/lib/libc.so.6
#1 0x00007ffff6ddc9cb in gsf_outfile_msole_write (output=0x8d6190, num_bytes=1, data=0x0) at gsf-outfile-msole.c:578
#2 0x00007ffff6dd5a78 in gsf_output_write (output=0x8d6190, num_bytes=1, data=0x0) at gsf-output.c:443
#3 0x00007ffff6dc2586 in msole_metadata_write_string (state=0x7fffffffe230, txt=0x7216e0 "'آژانس های خبری'!Print_Area") at gsf-msole-utils.c:1416
#4 0x00007ffff6dc2a63 in msole_metadata_write_prop (state=0x7fffffffe230, name=0x0, value=0x785498, suppress_type=1) at gsf-msole-utils.c:1501
#5 0x00007ffff6dc27b0 in msole_metadata_write_prop (state=0x7fffffffe230, name=0x7640b0 "gsf:document-parts", value=0x736bd0, suppress_type=0) at gsf-msole-utils.c:1465
#6 0x00007ffff6dc2fff in msole_metadata_write_section (state=0x7fffffffe230, user=0) at gsf-msole-utils.c:1609
#7 0x00007ffff6dc3711 in gsf_doc_meta_data_write_to_msole (meta_data=0x7258e0, out=0x8d6190, doc_not_component=1) at gsf-msole-utils.c:1744
#8 0x00007fffe69259e7 in excel_save (context=0x7269b0, wbv=0x786020, output=0x782340, biff7=0, biff8=1) at boot.c:289
#9 0x00007fffe6925b64 in excel_biff8_file_save (fs=0x748b00, context=0x7269b0, wbv=0x786020, output=0x782340) at boot.c:322
#10 0x00007ffff749dd15 in go_plugin_loader_module_func_file_save (fs=0x748b00, service=0x755650, io_context=0x7269b0, view=0x786020, output=0x782340)
at app/go-plugin-loader-module.c:366
#11 0x00007ffff74a01d4 in go_plugin_file_saver_save (fs=0x748b00, io_context=0x7269b0, view=0x786020, output=0x782340) at app/go-plugin-service.c:948
#12 0x00007ffff74a35a0 in go_file_saver_save (fs=0x748b00, io_context=0x7269b0, view=0x786020, output=0x782340) at app/file.c:848
#13 0x00007ffff79d5fd8 in wbv_save_to_output (wbv=0x786020, fs=0x748b00, output=0x782340, io_context=0x7269b0) at workbook-view.c:1050
#14 0x00007ffff79d6196 in wb_view_save_to_uri (wbv=0x786020, fs=0x748b00, uri=0x8859a0 "file:///tmp/out.xls", io_context=0x7269b0) at workbook-view.c:1087
#15 0x00007ffff79d63ce in wb_view_save_as (wbv=0x786020, fs=0x748b00, uri=0x8859a0 "file:///tmp/out.xls", cc=0x71c0e0) at workbook-view.c:1123
#16 0x0000000000404c5b in convert (inarg=0x7fffffffeb17 "gnumeric_case_8646_725_2xls.gnumeric", outarg=0x7fffffffeb3c "/tmp/out.xls", mergeargs=0x0, cc=0x71c0e0) at ssconvert.c:788
#17 0x0000000000404f0c in main (argc=3, argv=0x7fffffffe7f8) at ssconvert.c:855
-- Juha Kylmänen Research Assistant, OUSPG
Version: git master