something wrong with mstyle and 0.63


 It seems there is a memory corruption bug in vanilla 0.63, and it seems to be
in .xls writing code.

 When I open the attached file (very small) and save it as .xls immediately
(under different name of course), if the program is compiled with
ElectricFence, I get a SIGSEGV in mstyle_unref() called from
ms-excel-write.c:xf_free() (it seems it attempts to free already freed memory
- or using buffer overrun) - but running the gnumeric without ElectricFence
and $MALLOC_CHECK_=2 abort() is not called for some reason and I don't get any

 This memory corruption bug appears in normally compiled build if I open
several .xls files, then save them as .xls (each of them). In that case
SIGSEGV in _chunk_free (an internall malloc routine) is trapped, causing a
crash of course..

 Best regards,

Attachment: e95.xls
Description: MS-Word document

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]