RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1271640 - evince segfault with signal 11 in doc_rect_to_view_rect()
Summary: evince segfault with signal 11 in doc_rect_to_view_rect()
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: evince
Version: 6.7
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: 6.8
Assignee: Martin Hatina
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-14 12:32 UTC by Anthony Russell
Modified: 2019-11-14 07:03 UTC (History)
3 users (show)

Fixed In Version: evince-2.28.2-18.el6
Doc Type: Bug Fix
Doc Text:
Cause: Pressing Ctrl+Left or Ctrl+Right when editing a text field of a PDF form. Consequence: Evince crashed. Fix: Forward key events to focused child widget. Result: Evince doesn't crash and behaves as expected.
Clone Of:
Environment:
Last Closed: 2016-05-10 20:49:02 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0799 0 normal SHIPPED_LIVE evince and poppler bug fix update 2016-05-10 22:37:49 UTC

Description Anthony Russell 2015-10-14 12:32:33 UTC 
Description of problem:
evince (2.28) crashes on editing pdf documents

Version-Release number of selected component (if applicable):
evince-2.28.2-14.el6_0.1.x86_64


How reproducible:
Attempt to edit an editable PDF file

Steps to Reproduce:
1. Setup RHEL6.7 with Gnome Desktop
2. Open attached PDF
3. fill in few characters. Then press Ctrl-LeftArrow

Actual results:
evince segfault with signal 11
kernel: evince[2477]: segfault at 10 ip 0000003b20e1a728 sp 00007fffffac6770 error 4 in libevview.so.1.0.0[3b20e00000+2e000]

Expected results:


Additional info:


Core was generated by `evince /home/test/7013r_0.pdf.pdf'.
Program terminated with signal 11, Segmentation fault.
#0  doc_rect_to_view_rect (view=0xc60040, page=0, doc_rect=0x0, view_rect=0x7fffffac6830) at ev-view.c:969
969			y = height - doc_rect->x2;
(gdb) bt
#0  doc_rect_to_view_rect (view=0xc60040, page=0, doc_rect=0x0, view_rect=0x7fffffac6830) at ev-view.c:969
#1  0x0000003b20e209b6 in ev_view_get_area_from_mapping (view=0xc60040, page=0, mapping_list=<value optimized out>, 
    data=<value optimized out>, area=0x7fffffac6830) at ev-view.c:1152
#2  0x0000003b20e22af5 in ev_view_form_field_get_region (view=0xc60040, field=0x7fecec288320) at ev-view.c:1648
#3  0x0000003b20e22ba6 in ev_view_form_field_text_save (view=0xc60040, widget=<value optimized out>) at ev-view.c:1746
#4  0x0000003b15e0fd60 in weak_refs_notify (data=0xcd75c0) at gobject.c:2231
#5  0x0000003b14e293ba in g_data_set_internal (datalist=<value optimized out>, key_id=54, data=0x0, destroy_func=0) at gdataset.c:351
#6  g_datalist_id_set_data_full (datalist=<value optimized out>, key_id=54, data=0x0, destroy_func=0) at gdataset.c:598
#7  0x0000003b15e1070a in g_object_unref (_object=0xbe5510) at gobject.c:2697
#8  0x0000003b15e33783 in g_value_unset (value=0x7fecec001908) at gvalue.c:275
#9  0x0000003b15e25d99 in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, 
    detail=<value optimized out>, var_args=0x7fffffac6a70) at gsignal.c:3012
#10 0x0000003b15e26333 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>)
    at gsignal.c:3040
#11 0x0000003b20e1bd91 in ev_view_remove_all (view=0xc60040) at ev-view.c:3149
#12 0x0000003b20e1bdf2 in ev_view_set_rotation (view=0xc60040, rotation=270) at ev-view.c:5231
#13 0x0000003b15e0e3de in g_closure_invoke (closure=0xb45330, return_value=0x0, n_param_values=1, param_values=0xcbcc80, 
    invocation_hint=0x7fffffac6cd0) at gclosure.c:767
#14 0x0000003b15e248d5 in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0xb164e0, emission_return=0x0, 
    instance_and_params=0xcbcc80) at gsignal.c:3252
#15 0x0000003b15e25d76 in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, 
    detail=<value optimized out>, var_args=0x7fffffac6ec0) at gsignal.c:2983
#16 0x0000003b15e26333 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>)
---Type <return> to continue, or q <return> to quit---
    at gsignal.c:3040
#17 0x0000003b1be746a8 in _gtk_action_emit_activate (action=<value optimized out>) at gtkaction.c:795
#18 0x0000003b1be76f54 in closure_accel_activate (closure=0xb12e70, return_value=0x7fffffac7150, n_param_values=<value optimized out>, 
    param_values=<value optimized out>, invocation_hint=<value optimized out>, marshal_data=<value optimized out>) at gtkaction.c:1766
#19 0x0000003b15e0e3de in g_closure_invoke (closure=0xb12e70, return_value=0x7fffffac7150, n_param_values=4, param_values=0xcbfe40, 
    invocation_hint=0x7fffffac7110) at gclosure.c:767
#20 0x0000003b15e248d5 in signal_emit_unlocked_R (node=<value optimized out>, detail=1164, instance=0xae6640, 
    emission_return=0x7fffffac72a0, instance_and_params=0xcbfe40) at gsignal.c:3252
#21 0x0000003b15e25bbb in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, 
    detail=<value optimized out>, var_args=0x7fffffac7300) at gsignal.c:2993
#22 0x0000003b15e26333 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>)
    at gsignal.c:3040
#23 0x0000003b1be70444 in IA__gtk_accel_group_activate (accel_group=0xae6640, accel_quark=1164, acceleratable=0xb00140, 
    accel_key=65361, accel_mods=GDK_CONTROL_MASK) at gtkaccelgroup.c:891
#24 0x0000003b1be7054d in IA__gtk_accel_groups_activate (object=0xb00140, accel_key=65361, accel_mods=GDK_CONTROL_MASK)
    at gtkaccelgroup.c:928
#25 0x0000003b1c09ec62 in IA__gtk_window_activate_key (window=0xb00140, event=<value optimized out>) at gtkwindow.c:8355
#26 0x0000003b1c0a02a7 in gtk_window_key_press_event (widget=0xb00140, event=0xceed00) at gtkwindow.c:5225
#27 0x0000003b1bf559d3 in _gtk_marshal_BOOLEAN__BOXED (closure=0xac39f0, return_value=0x7fffffac7670, 
    n_param_values=<value optimized out>, param_values=0xcf4130, invocation_hint=<value optimized out>, 
    marshal_data=<value optimized out>) at gtkmarshalers.c:86
#28 0x0000003b15e0e3de in g_closure_invoke (closure=0xac39f0, return_value=0x7fffffac7670, n_param_values=2, param_values=0xcf4130, 
    invocation_hint=0x7fffffac7630) at gclosure.c:767
---Type <return> to continue, or q <return> to quit---
#29 0x0000003b15e2451f in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0xb00140, 
    emission_return=0x7fffffac77c0, instance_and_params=0xcf4130) at gsignal.c:3290
#30 0x0000003b15e25bbb in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, 
    detail=<value optimized out>, var_args=0x7fffffac7820) at gsignal.c:2993
#31 0x0000003b15e26333 in g_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>)
    at gsignal.c:3040
#32 0x0000003b1c088bef in gtk_widget_event_internal (widget=0xb00140, event=0xceed00) at gtkwidget.c:5025
#33 0x0000003b1bf4c7b4 in IA__gtk_propagate_event (widget=0xb00140, event=0xceed00) at gtkmain.c:2464
#34 0x0000003b1bf4d87b in IA__gtk_main_do_event (event=0xceed00) at gtkmain.c:1685
#35 0x0000003b1ba6344c in gdk_event_dispatch (source=<value optimized out>, callback=<value optimized out>, 
    user_data=<value optimized out>) at gdkevents-x11.c:2403
#36 0x0000003b14e40642 in g_main_dispatch (context=0xa88250) at gmain.c:2441
#37 g_main_context_dispatch (context=0xa88250) at gmain.c:3014
#38 0x0000003b14e44c98 in g_main_context_iterate (context=0xa88250, block=1, dispatch=1, self=<value optimized out>) at gmain.c:3092
#39 0x0000003b14e451a5 in g_main_loop_run (loop=0xa6b840) at gmain.c:3300
#40 0x0000003b1bf4dd17 in IA__gtk_main () at gtkmain.c:1257
#41 0x000000000043bbac in main (argc=1, argv=0x7fffffac7d48) at main.c:497
(gdb)
Comment 1 Marek Kašík 2015-10-29 14:02:05 UTC 
This commit fixes the problem but it is a big one: https://git.gnome.org/browse/evince/commit/?id=3a8589a7c5e0394df456074048845cddd04bc43d. Martin, could you find which part of the commit fixes the problem?
Comment 8 errata-xmlrpc 2016-05-10 20:49:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0799.html
Note You need to log in before you can comment on or make changes to this bug.