Description of problem: I tried to fill out an PDF-form and whenever I leave a field, the application crashes. It interstingly is only reproducable with this one PDF, but with this one everytime. Regardless, whether one switches the field with TAB, clicks somewhere else, the field has a default value or not. Version-Release number of selected component: evince-44.3-1.fc38 Additional info: reporter: libreport-2.17.11 type: CCpp reason: evince killed by SIGSEGV journald_cursor: s=9a7a550263b44ce2aae567ae74362384;i=236d81;b=227ff983b5e443ea9b73d8e89787bd4f;m=14f8428f4;t=601ed7a20c186;x=9b6e59b7be9175c9 executable: /usr/bin/evince cgroup: 0::/user.slice/user-1000.slice/user/app.slice/dbus-:1.2-org.gnome.Nautilus rootdir: / uid: 1000 kernel: 6.4.6-200.fc38.x86_64 package: evince-44.3-1.fc38 runlevel: N 5 backtrace_rating: 4 crash_function: GfxResources::doLookupFont cmdline: /usr/bin/evince /home/[...]/Documents/[...]/[...]/[...]/[...].pdf Truncated backtrace: Thread no. 1 (82 frames) #0 GfxResources::doLookupFont at /usr/src/debug/poppler-23.02.0-1.fc38.x86_64/poppler/Gfx.cc:301 #1 GfxResources::lookupFont at /usr/src/debug/poppler-23.02.0-1.fc38.x86_64/poppler/Gfx.cc:313 #2 Form::ensureFontsForAllCharacters at /usr/src/debug/poppler-23.02.0-1.fc38.x86_64/poppler/Form.cc:2966 #3 FormFieldText::setContentCopy at /usr/src/debug/poppler-23.02.0-1.fc38.x86_64/poppler/Form.cc:1684 #4 poppler_form_field_text_set_text at /usr/src/debug/poppler-23.02.0-1.fc38.x86_64/glib/poppler-form-field.cc:757 #5 pdf_document_forms_form_field_text_set_text at ../backend/pdf/ev-poppler.c:2503 #6 ev_view_form_field_text_save.part.0.lto_priv.0 at ../libview/ev-view.c:2627 #7 ev_view_form_field_text_save at ../libview/ev-view.c:2664 #8 ev_view_form_field_text_focus_out at ../libview/ev-view.c:2665 #9 _gtk_marshal_BOOLEAN__BOXED at gtk/gtkmarshalers.c:84 #11 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3812 #14 gtk_widget_event_internal.part.0.lto_priv.0 at ../gtk/gtkwidget.c:7812 #15 gtk_widget_send_focus_change at ../gtk/gtkwidget.c:16244 #16 do_focus_change at ../gtk/gtkwindow.c:8487 #17 gtk_window_real_set_focus at ../gtk/gtkwindow.c:8776 #18 g_cclosure_marshal_VOID__OBJECTv at ../gobject/gmarshal.c:1910 #19 _g_closure_invoke_va at ../gobject/gclosure.c:895 #22 _gtk_window_unset_focus_and_default at ../gtk/gtkwindow.c:9161 #23 gtk_widget_unparent at ../gtk/gtkwidget.c:4654 #25 ev_view_remove at ../libview/ev-view.c:7863 #26 g_cclosure_marshal_VOID__OBJECTv at ../gobject/gmarshal.c:1910 #27 _g_closure_invoke_va at ../gobject/gclosure.c:895 #30 gtk_container_remove at ../gtk/gtkcontainer.c:1907 #32 gtk_widget_dispose at ../gtk/gtkwidget.c:12155 #35 ev_view_forall at ../libview/ev-view.c:7890 #36 ev_view_remove_all_form_fields at ../libview/ev-view.c:5818 #37 ev_view_focus_next at ../libview/ev-view.c:8153 #38 ev_view_focus at ../libview/ev-view.c:8193 #39 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #40 _g_closure_invoke_va at ../gobject/gclosure.c:895 #43 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #44 gtk_scrolled_window_focus at ../gtk/gtkscrolledwindow.c:3886 #45 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #46 _g_closure_invoke_va at ../gobject/gclosure.c:895 #49 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #50 gtk_container_focus_move at ../gtk/gtkcontainer.c:3288 #51 gtk_container_focus at ../gtk/gtkcontainer.c:2816 #52 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #53 _g_closure_invoke_va at ../gobject/gclosure.c:895 #56 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #57 gtk_container_focus_move at ../gtk/gtkcontainer.c:3288 #58 gtk_container_focus at ../gtk/gtkcontainer.c:2816 #59 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #60 _g_closure_invoke_va at ../gobject/gclosure.c:895 #63 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #64 gtk_container_focus_move at ../gtk/gtkcontainer.c:3288 #65 gtk_container_focus at ../gtk/gtkcontainer.c:2816 #66 gtk_paned_focus at ../gtk/gtkpaned.c:2069 #67 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #68 _g_closure_invoke_va at ../gobject/gclosure.c:895 #71 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #72 gtk_container_focus_move at ../gtk/gtkcontainer.c:3288 #73 gtk_container_focus at ../gtk/gtkcontainer.c:2816 #74 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #75 _g_closure_invoke_va at ../gobject/gclosure.c:895 #78 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #79 gtk_container_focus_move at ../gtk/gtkcontainer.c:3288 #80 gtk_container_focus at ../gtk/gtkcontainer.c:2816 #81 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #82 _g_closure_invoke_va at ../gobject/gclosure.c:895 #85 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #86 gtk_window_focus at ../gtk/gtkwindow.c:8667 #88 _gtk_marshal_BOOLEAN__ENUMv at gtk/gtkmarshalers.c:215 #89 _g_closure_invoke_va at ../gobject/gclosure.c:895 #92 gtk_widget_child_focus at ../gtk/gtkwidget.c:11087 #93 gtk_window_move_focus at ../gtk/gtkwindow.c:8729 #95 signal_emit_unlocked_R.isra.0 at ../gobject/gsignal.c:3851 #96 g_signal_emitv at ../gobject/gsignal.c:3284 #97 gtk_binding_entry_activate at ../gtk/gtkbindings.c:646 #98 binding_activate at ../gtk/gtkbindings.c:1455 #99 gtk_bindings_activate_list at ../gtk/gtkbindings.c:1514 #100 gtk_bindings_activate_event at ../gtk/gtkbindings.c:1601 #102 _gtk_marshal_BOOLEAN__BOXEDv at gtk/gtkmarshalers.c:130 #103 _g_closure_invoke_va at ../gobject/gclosure.c:895 #106 gtk_widget_event_internal.part.0.lto_priv.0 at ../gtk/gtkwidget.c:7812 #107 propagate_event at ../gtk/gtkmain.c:2681 #108 gtk_propagate_event at ../gtk/gtkmain.c:2725 #109 gtk_main_do_event at ../gtk/gtkmain.c:1921 #111 _gdk_event_emit at ../gdk/gdkevents.c:73 #116 g_main_context_iterate.isra.0 at ../glib/gmain.c:4276 #117 g_main_context_iteration at ../glib/gmain.c:4343 #118 g_application_run at ../gio/gapplication.c:2573 Potential duplicate: bug 2175920
Created attachment 1981274 [details] File: proc_pid_status
Created attachment 1981275 [details] File: maps
Created attachment 1981276 [details] File: limits
Created attachment 1981277 [details] File: mountinfo
Created attachment 1981278 [details] File: os_info
Created attachment 1981279 [details] File: cpuinfo
Created attachment 1981280 [details] File: core_backtrace
Created attachment 1981281 [details] File: exploitable
Created attachment 1981282 [details] File: dso_list
Created attachment 1981283 [details] File: var_log_messages
Created attachment 1981284 [details] File: backtrace
Created attachment 1981285 [details] File: open_fds
Created attachment 1981286 [details] File: environ
I tried to fill out an PDF-form and whenever I leave a field, evince crashes. It interstingly is only reproducable with this one PDF, but with this one everytime. Regardless, whether one switches the field with TAB, clicks somewhere else, the field has a default value or not. reporter: libreport-2.17.11 type: CCpp reason: evince killed by SIGSEGV journald_cursor: s=9a7a550263b44ce2aae567ae74362384;i=236d9a;b=227ff983b5e443ea9b73d8e89787bd4f;m=150620919;t=601ed7afea1aa;x=5c092ce938cea2d executable: /usr/bin/evince cgroup: 0::/user.slice/user-1000.slice/user/app.slice/dbus-:1.2-org.gnome.Nautilus rootdir: / uid: 1000 kernel: 6.4.6-200.fc38.x86_64 package: evince-44.3-1.fc38 runlevel: N 5 backtrace_rating: 4 crash_function: GfxResources::doLookupFont cmdline: /usr/bin/evince /home/[...]/Documents/[...]/[...]/[...]/[...].pdf
Hi, thank you for the report. Could you attach the PDF here or send it to my email?
Sorry, of course: I downloaded it from here: https://wiki.tum.de/download/attachments/239108496/Arbeitszeitdokumentation_MiLoG_080415.pdf?version=2&modificationDate=1613639440963&api=v2
Thank you for the PDF. I can reproduce it now. This bug has been already fixed upstream but unfortunately the fix changes API/ABI so I can not backport it as it is (see https://gitlab.freedesktop.org/poppler/poppler/-/commit/62f2eb80fb2a4d4c656e7583584aa73fbc1de511). I'll need to have a look at how to get around that.
It was not that hard as I thought at the end so I've prepared an update fixing this crash.
FEDORA-2023-5c5a1046b6 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-5c5a1046b6
FEDORA-2023-48838b6e4c has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-48838b6e4c
FEDORA-2023-48838b6e4c has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-48838b6e4c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-48838b6e4c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-5c5a1046b6 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-5c5a1046b6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-5c5a1046b6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Thank you for the timely solution! The update works well!
FEDORA-2023-5c5a1046b6 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-48838b6e4c has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.