[gnumeric] TABLE: Another fuzzed file fix.

[Morten Welinder <mortenw src gnome org>]

commit 98c9e489d07e02119841bbe3fc437647c38424b6
Author: Morten Welinder <terra gnome org>
Date:   Mon Oct 19 13:54:45 2015 -0400

    TABLE: Another fuzzed file fix.

 ChangeLog          |    5 +++++
 NEWS               |    2 +-
 src/func-builtin.c |    4 +++-
 3 files changed, 9 insertions(+), 2 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index e3ab81f..507d828 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-10-19  Morten Welinder  <terra gnome org>
+
+       * src/func-builtin.c (gnumeric_table): Make sure to invalidate
+       in[2].  Fixes #752182.
+
 2015-09-25  Morten Welinder  <terra gnome org>
 
        * src/func-builtin.c (gnumeric_table): Don't try to be smart and
diff --git a/NEWS b/NEWS
index 3714687..1ec1e2a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,7 @@
 Gnumeric 1.12.25
 
 Morten:
-       * Fix TABLE problems.  [#752181]  [#752178]
+       * Fix TABLE problems.  [#752181]  [#752178]  [#752182]
        * Fuzzed file fixes.  [#752179]  [#752180]
 
 --------------------------------------------------------------------------
diff --git a/src/func-builtin.c b/src/func-builtin.c
index 36c24e7..f6e65a2 100644
--- a/src/func-builtin.c
+++ b/src/func-builtin.c
@@ -249,8 +249,10 @@ gnumeric_table (GnmFuncEvalInfo *ei, int argc, GnmExprConstPtr const *argv)
                        in[0]->value = value_dup (val[0]);
                }
        }
-       if (NULL != in[2])
+       if (NULL != in[2]) {
                value_release (in[2]->value);
+               in[2]->value = NULL;
+       }
        for (x = 0 ; x < 2 ; x++)
                if (in[x] &&
                    gnm_cell_has_expr (in[x]) &&