Incorrect text placement and wrap in GNM_SO_PATH_TYPE
Submitted by jut..@..il.com
Link to original bug (#704391)
Description
Gnumeric hangs on opening a fuzzed gnumeric file.
I waited 90 minutes and killed gnumeric. By the time 4GB of RAM was used.
Git versions of glib, goffice, gnumeric, libgsf and libxml2.
Test case: http://jutaky.com/fuzzing/gnumeric_case_18956_2522_hung.gnumeric
Program received signal SIGINT, Interrupt.
0x00007ffff3b2d06c in g_hash_table_lookup_node (hash_table=0x8d0b60, key=0x7fffffffd650, hash_return=0x7fffffffd618)
at ghash.c:374
374 while (!HASH_IS_UNUSED (node_hash))
(gdb) bt
#0 0x00007ffff3b2d06c in g_hash_table_lookup_node (hash_table=0x8d0b60, key=0x7fffffffd650, hash_return=0x7fffffffd618)
at ghash.c:374
#1 0x00007ffff3b2df70 in g_hash_table_lookup (hash_table=0x8d0b60, key=0x7fffffffd650) at ghash.c:1076
#2 0x00007ffff78d2163 in link_single_dep (dep=0x3143c580, pos=0x3143c5a8, ref=0x90e0f8) at dependent.c:878
#3 0x00007ffff78d2349 in link_unlink_single_dep (dep=0x3143c580, pos=0x3143c5a8, a=0x90e0f8, qlink=1) at dependent.c:924
#4 0x00007ffff78d2a2d in link_unlink_expr_dep (ep=0x7fffffffd8f0, tree=0x90e0f0, qlink=1) at dependent.c:1069
#5 0x00007ffff78d299a in link_unlink_expr_dep (ep=0x7fffffffd8f0, tree=0x8cc958, qlink=1) at dependent.c:1064
#6 0x00007ffff78d29e9 in link_unlink_expr_dep (ep=0x7fffffffd8f0, tree=0x8cc978, qlink=1) at dependent.c:1067
#7 0x00007ffff78d389e in dependent_link (dep=0x3143c580) at dependent.c:1512
#8 0x00007ffff78d2f3a in gnm_dep_style_dependency (sheet=0x8b9610, texpr=0x7ea580, r=0x7fffffffda70) at dependent.c:1214
#9 0x00007ffff794df1b in gnm_style_link_dependents (style=0x8ca468, r=0x7fffffffda70) at mstyle.c:1902
#10 0x00007ffff79b1dd1 in rstyle_apply (old=0x9435b8, rs=0x7fffffffdc50, r=0x7fffffffda70) at sheet-style.c:322
#11 0x00007ffff79b2e56 in vector_apply_pstyle (tile=0x9435b0, rs=0x7fffffffdc50, cc=512, cr=4096, level=2, indic=0x7fffffffdb10)
at sheet-style.c:939
#12 0x00007ffff79b33df in cell_tile_apply (tile=0x949fe0, level=2, corner_col=512, corner_row=4096, apply_to=0x7fffffffe3b4,
rs=0x7fffffffdc50) at sheet-style.c:1126
#13 0x00007ffff79b357f in cell_tile_apply (tile=0x7cab98, level=3, corner_col=0, corner_row=0, apply_to=0x7fffffffe3b4,
rs=0x7fffffffdc50) at sheet-style.c:1166
#14 0x00007ffff79b3dbe in sheet_style_set_range (sheet=0x8b9610, range=0x7fffffffe3b4, style=0x8ca468) at sheet-style.c:1357
#15 0x00007ffff79f809a in xml_sax_style_region_end (xin=0x7fffffffe190, blob=0x0) at xml-sax-read.c:1422
#16 0x00007ffff6dba5c2 in gsf_xml_in_end_element (state=0x7fffffffe190, name=0x8e4185 "gnm:StyleRegion") at gsf-libxml.c:844
#17 0x00007ffff682562b in xmlParseEndTag1 (ctxt=0x8ae200, line=730) at parser.c:8683
#18 0x00007ffff6829b69 in xmlParseElement__internal_alias (ctxt=0x8ae200) at parser.c:10086
#19 0x00007ffff6829248 in xmlParseContent__internal_alias (ctxt=0x8ae200) at parser.c:9885
#20 0x00007ffff6829a1b in xmlParseElement__internal_alias (ctxt=0x8ae200) at parser.c:10058
#21 0x00007ffff6829248 in xmlParseContent__internal_alias (ctxt=0x8ae200) at parser.c:9885
#22 0x00007ffff6829a1b in xmlParseElement__internal_alias (ctxt=0x8ae200) at parser.c:10058
#23 0x00007ffff6829248 in xmlParseContent__internal_alias (ctxt=0x8ae200) at parser.c:9885
---Type <return> to continue, or q <return> to quit---
#24 0x00007ffff6829a1b in xmlParseElement__internal_alias (ctxt=0x8ae200) at parser.c:10058
#25 0x00007ffff6829248 in xmlParseContent__internal_alias (ctxt=0x8ae200) at parser.c:9885
#26 0x00007ffff6829a1b in xmlParseElement__internal_alias (ctxt=0x8ae200) at parser.c:10058
#27 0x00007ffff682becd in xmlParseDocument__internal_alias (ctxt=0x8ae200) at parser.c:10742
#28 0x00007ffff6dbb475 in gsf_xml_in_doc_parse (doc=0x7f53d0, input=0x6b12a0, user_state=0x7fffffffe2d0) at gsf-libxml.c:1289
#29 0x00007ffff79fd656 in read_file_common (what=READ_FULL_FILE, state=0x7fffffffe2d0, io_context=0x7c2870, wb_view=0x7c2940,
sheet=0x0, input=0x6b12a0) at xml-sax-read.c:3350
#30 0x00007ffff79fdc63 in gnm_xml_file_open (fo=0x7929e0, io_context=0x7c2870, view=0x7c2940, input=0x6b12a0)
at xml-sax-read.c:3479
#31 0x00007ffff74a09a4 in go_file_opener_open_real (fo=0x7929e0, opt_enc=0x0, io_context=0x7c2870, view=0x7c2940, input=0x678a80)
at app/file.c:159
#32 0x00007ffff74a1402 in go_file_opener_open (fo=0x7929e0, opt_enc=0x0, io_context=0x7c2870, view=0x7c2940, input=0x678a80)
at app/file.c:417
#33 0x00007ffff79d6b65 in workbook_view_new_from_input (input=0x678a80,
optional_uri=0x7d09b0 "file:///home/jutaky/fuzzing/gnumeric_case_18956_2522_hung.gnumeric", optional_fmt=0x7929e0,
io_context=0x7c2870, optional_enc=0x0) at workbook-view.c:1272
#34 0x00007ffff79d6d2f in workbook_view_new_from_uri (
uri=0x7d09b0 "file:///home/jutaky/fuzzing/gnumeric_case_18956_2522_hung.gnumeric", optional_fmt=0x0, io_context=0x7c2870,
optional_enc=0x0) at workbook-view.c:1332
#35 0x0000000000404a75 in main (argc=2, argv=0x7fffffffe7f8) at main-application.c:321
-- Juha Kylmänen Research Assistant, OUSPG
Version: git master