Bug 1753830

Summary: [abrt] evince: g_datalist_clear(): evince killed by SIGABRT
Product: [Fedora] Fedora Reporter: Samuel <samuelnhuis>
Component: evinceAssignee: Marek Kašík <mkasik>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: caillon+fedoraproject, ezwen-redhatbugzilla, feborges, gnome-sig, ji.cerny, john.j5live, mcatanzaro+wrong-account-do-not-cc, mclasen, mkasik, ole.schoenburg, rhughes, rstrode, sandmann
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/b9d327c1c9403fdb1b21eaa5a20d50f8c696b9c0
Whiteboard: abrt_hash:58c9608dcbc5dcec2a548dce3e898e64dbf4398e;VARIANT_ID=workstation;
Fixed In Version: evince-3.34.1-2.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-30 00:57:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: core_backtrace
none
File: cpuinfo
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Samuel 2019-09-20 03:13:11 UTC 
Description of problem:
I was scrolling through a pdf at a 4k resolution and it crashed.

Version-Release number of selected component:
evince-3.32.0-8.fc31

Additional info:
reporter:       libreport-2.10.1
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.2\x2dorg.gnome.Nautilus.slice/dbus-:1.2-org.gnome.Nautilus
cmdline:        evince /home/samuel/Downloads/mastering_vim_standard/Mastering_Vim_Quickly.pdf
crash_function: g_datalist_clear
executable:     /usr/bin/evince
global_pid:     51183
kernel:         5.3.0-1.fc31.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 1 Samuel 2019-09-20 03:13:16 UTC 
Created attachment 1616992 [details]
File: backtrace
Comment 2 Samuel 2019-09-20 03:13:18 UTC 
Created attachment 1616993 [details]
File: core_backtrace
Comment 3 Samuel 2019-09-20 03:13:19 UTC 
Created attachment 1616994 [details]
File: cpuinfo
Comment 4 Samuel 2019-09-20 03:13:21 UTC 
Created attachment 1616995 [details]
File: dso_list
Comment 5 Samuel 2019-09-20 03:13:23 UTC 
Created attachment 1616996 [details]
File: environ
Comment 6 Samuel 2019-09-20 03:13:25 UTC 
Created attachment 1616997 [details]
File: limits
Comment 7 Samuel 2019-09-20 03:13:27 UTC 
Created attachment 1616998 [details]
File: maps
Comment 8 Samuel 2019-09-20 03:13:29 UTC 
Created attachment 1616999 [details]
File: mountinfo
Comment 9 Samuel 2019-09-20 03:13:30 UTC 
Created attachment 1617000 [details]
File: namespaces
Comment 10 Samuel 2019-09-20 03:13:32 UTC 
Created attachment 1617001 [details]
File: open_fds
Comment 11 Samuel 2019-09-20 03:13:34 UTC 
Created attachment 1617002 [details]
File: proc_pid_status
Comment 12 Samuel 2019-09-20 03:13:35 UTC 
Created attachment 1617003 [details]
File: var_log_messages
Comment 13 Gwendal 2019-10-01 08:43:39 UTC 
Similar problem has been detected:

It seems that this crash happens when I select text. I can reproduce the issue easily by opening a document and quickly selecting text several time in Evince.

reporter:       libreport-2.10.1
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/user/gnome-shell-wayland.service
cmdline:        evince
crash_function: g_datalist_clear
executable:     /usr/bin/evince
journald_cursor: s=8a944869392d4b8c971a23902b79b954;i=1b23;b=4ad6bee693dd455398808dfed0eb85cc;m=5f8329c;t=593d5369c1ad4;x=b9e1b10a7bc6cc43
kernel:         5.3.1-300.fc31.x86_64
package:        evince-3.34.0-1.fc31
reason:         evince killed by SIGABRT
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 14 Jiri Cerny 2019-10-07 13:03:59 UTC 
Similar problem has been detected:

1. Open arbitrary pdf file in evince 
2. Drag with mouse to select some text
3. Click on the selected text and drag it 
4. Release it on the evince window
5. Evince crashes

This appears in the terminal window (when started from terminal):
(evince:24499): Gtk-CRITICAL **: 14:59:05.148: gtk_widget_get_display: assertion 'GTK_IS_WIDGET (widget)' failed

(evince:24499): GLib-GObject-WARNING **: 14:59:05.148: invalid (NULL) pointer instance

(evince:24499): GLib-GObject-CRITICAL **: 14:59:05.148: g_signal_emit_by_name: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

(evince:24499): GLib-GObject-WARNING **: 14:59:05.148: invalid (NULL) pointer instance

(evince:24499): GLib-GObject-CRITICAL **: 14:59:05.148: g_signal_emit_by_name: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

(evince:24499): Gtk-CRITICAL **: 14:59:05.149: gtk_target_list_unref: assertion 'list->ref_count > 0' failed

(evince:24499): Gtk-CRITICAL **: 14:59:05.149: gtk_widget_destroy: assertion 'GTK_IS_WIDGET (widget)' failed
double free or corruption (!prev)

reporter:       libreport-2.10.1
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/user/gnome-terminal-server.service
cmdline:        /usr/bin/evince bla.pdf
crash_function: g_datalist_clear
executable:     /usr/bin/evince
journald_cursor: s=e489321471df494281fe9e4f6aa8b4f8;i=27ebb;b=62dc50694c0d451d9e87dc80013c24b5;m=6210fe7c9d;t=593bfcc8aabe5;x=9f2520a4fcc02d6e
kernel:         5.3.0-1.fc31.x86_64
package:        evince-3.34.0-1.fc31
reason:         evince killed by SIGABRT
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 15 Marek Kašík 2019-10-15 10:54:00 UTC 
Hi Jiri,

I can not reproduce this. Could you try it with updated Fedora to check whether it was not fixed somewhere else?
Comment 16 Gwendal 2019-10-15 11:00:35 UTC 
I can reproduce this bug with evince-3.34.1-1.fc31. I had to try multiple times the drag and drop for the bug to occur.
Comment 17 Gwendal 2019-10-15 11:01:15 UTC 
(In reply to Gwendal from comment #16)
> I can reproduce this bug with evince-3.34.1-1.fc31. I had to try multiple
> times the drag and drop for the bug to occur.

I forgot to mention that my Fedora 31 is fully up to date.
Comment 18 Marek Kašík 2019-10-15 11:10:03 UTC 
Thank you for the info. I'll give it some time yet then.
Comment 19 Marek Kašík 2019-10-15 17:40:04 UTC 
I can reproduce this now. It seems that some drag specific data are freed during changing of cursor and then once again during finishing of the drag. There is a delay between releasing of button and finishing of the drag in which the change of cursor occurs. Changing gdk_flush() (deprecated) in ev_view_set_cursor() to gdk_display_flush() helps. It probably does better job in catching such things.

Regarding reproducing of this, it seems that releasing button on the selected text increases probability of the crash.

You can test the change here: https://koji.fedoraproject.org/koji/taskinfo?taskID=38312395 (once the task finishes)
Comment 20 Jiri Cerny 2019-10-16 03:03:21 UTC 
(In reply to Marek Kašík from comment #19)
> You can test the change here:
> https://koji.fedoraproject.org/koji/taskinfo?taskID=38312395 (once the task
> finishes)

The evince version from this task is not crashing for me.
Comment 21 Gwendal 2019-10-16 06:02:10 UTC 
(In reply to Jiri Cerny from comment #20)
> (In reply to Marek Kašík from comment #19)
> > You can test the change here:
> > https://koji.fedoraproject.org/koji/taskinfo?taskID=38312395 (once the task
> > finishes)
> 
> The evince version from this task is not crashing for me.

I have tested the fix as well and the crash seems to not occur anymore! Thanks :)
Comment 22 Fedora Update System 2019-10-16 11:52:48 UTC 
FEDORA-2019-4253d43e94 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4253d43e94
Comment 23 Fedora Update System 2019-10-16 15:01:05 UTC 
evince-3.34.1-2.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4253d43e94
Comment 24 Ole Schönburg 2019-10-22 12:45:07 UTC 
Similar problem has been detected:

Click inside a pdf. Target was text, not a link or anything.

reporter:       libreport-2.10.1
backtrace_rating: 4
cgroup:         0::/user.slice/user-1000.slice/user/gnome-shell-wayland.service
cmdline:        evince /home/ole/Downloads/Fistarol-Itin2013_Article_DiagnosisAndTreatmentOfLichenS.pdf
crash_function: g_datalist_clear
executable:     /usr/bin/evince
journald_cursor: s=cabf1cacb6044588b1fc9c6a823875fd;i=62c80;b=c00eb07887ad440f889e07bcccd44a9f;m=110eee825b;t=5957ef2784a02;x=564441ee089b4686
kernel:         5.3.4-300.fc31.x86_64
package:        evince-3.34.1-1.fc31
reason:         evince killed by SIGABRT
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 25 Michael Catanzaro 2019-10-23 14:41:48 UTC 
(In reply to Fedora Update System from comment #23)
> evince-3.34.1-2.fc31 has been pushed to the Fedora 31 testing repository. If
> problems still persist, please make note of it in this bug report.

Just hit this crash with 3.34.1-2. Not fixed.
Comment 26 Michael Catanzaro 2019-10-23 14:42:35 UTC 
(In reply to Michael Catanzaro from comment #25)
> Just hit this crash with 3.34.1-2. Not fixed.

Ah sorry, ABRT had a crash saved from last week. False alarm, my bad!
Comment 27 Fedora Update System 2019-10-30 00:57:47 UTC 
evince-3.34.1-2.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.