Hide Forgot
Description of problem: Whilst using evince on fillable forms, crashes when type multi-line text into a text field that exceeds some arbitrary (and unknown buffer size). Reproduce:- (1)download http://hmctsformfinder.justice.gov.uk/courtfinder/forms/n215-eng.pdf (2) in the box marked "Give the address where service effected" on the right hand side, either type in, or cut and paste multi-line text:- "1234 High Street, District Place, Anytown, Anycounty, England, PO1 1AS" (3) Click away from this box on to another field. (4) Quickly click back, and try to manipulate the text, by clicking the cursor with the mouse to a location ont he text, and delete some letters, enter carriage return, add letters, etc. (5) Randomly (presumably when a buffer overrun kicks in, I am guessing) it will crash after a few seconds. Version-Release number of selected component: evince-3.18.2-3.fc23 Additional info: reporter: libreport-2.6.3 backtrace_rating: 4 cmdline: evince /tmp/mozilla_dominic0/n215-eng.pdf crash_function: g_type_check_instance_is_a executable: /usr/bin/evince global_pid: 4303 kernel: 4.2.8-300.fc23.x86_64 runlevel: N 5 type: CCpp uid: 1003 Truncated backtrace: Thread no. 1 (10 frames) #0 g_type_check_instance_is_a at gtype.c:4020 #1 gtk_text_mark_get_buffer at gtktextmark.c:348 #2 selection_data_free at gtktextview.c:7442 #3 g_datalist_clear at gdataset.c:273 #5 gtk_text_view_finalize at gtktextview.c:3597 #7 ev_view_forall at ev-view.c:7001 #8 ev_view_button_press_event at ev-view.c:5062 #9 _gtk_marshal_BOOLEAN__BOXEDv at gtkmarshalers.c:131 #10 _g_closure_invoke_va at gclosure.c:864 #13 gtk_widget_event_internal at gtkwidget.c:7692 Potential duplicate: bug 1295493
Created attachment 1112897 [details] File: backtrace
Created attachment 1112898 [details] File: cgroup
Created attachment 1112899 [details] File: core_backtrace
Created attachment 1112900 [details] File: dso_list
Created attachment 1112901 [details] File: environ
Created attachment 1112902 [details] File: exploitable
Created attachment 1112903 [details] File: limits
Created attachment 1112904 [details] File: maps
Created attachment 1112905 [details] File: mountinfo
Created attachment 1112906 [details] File: namespaces
Created attachment 1112907 [details] File: open_fds
Created attachment 1112908 [details] File: proc_pid_status
Created attachment 1112909 [details] File: var_log_messages
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
*** This bug has been marked as a duplicate of bug 1376500 ***