Hi, It seems there is a memory corruption bug in vanilla 0.63, and it seems to be in .xls writing code. When I open the attached file (very small) and save it as .xls immediately (under different name of course), if the program is compiled with ElectricFence, I get a SIGSEGV in mstyle_unref() called from ms-excel-write.c:xf_free() (it seems it attempts to free already freed memory - or using buffer overrun) - but running the gnumeric without ElectricFence and $MALLOC_CHECK_=2 abort() is not called for some reason and I don't get any diagnostics.. This memory corruption bug appears in normally compiled build if I open several .xls files, then save them as .xls (each of them). In that case SIGSEGV in _chunk_free (an internall malloc routine) is trapped, causing a crash of course.. Best regards, -Vlad
Attachment:
e95.xls
Description: MS-Word document