Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 499676

Summary: Evince doesn't check allocation of drawing area for "Loading..." text
Product: Red Hat Enterprise Linux 5 Reporter: Marek Kašík <mkasik>
Component: evinceAssignee: Marek Kašík <mkasik>
Status: CLOSED ERRATA QA Contact: desktop-bugs <desktop-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 5.3CC: llim, mclasen, mshao, rlerch
Target Milestone: rc   
Target Release: 5.4   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
When rendering a page of a PDF document, evince displays a blank page, with just the text "Loading..." visible until the page is ready to be viewed. Previously, evince was not checking if the drawing area for the loading page could be allocated. Consequently, if a PDF document with large page dimensions was opened evince may have crashed, returning a segmentation fault. With this update, the drawing area for the loading page is now correctly allocated, resolving this issue. (BZ#499676)
 Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-30 08:03:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 2 RHEL Program Management 2009-05-08 07:08:08 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 5 Yewei Shao 2009-12-22 10:19:48 UTC 
I try to verify this bug by following steps:
(1) downgrade poppler to poppler-0.5.4-4.4.el5_1 
(2) run evince in gdb 
(3) run evince with file "reproducer.pdf" (comment #3)
(4) View -> Fit Page Width 
(5) When the file fails, check the backtrace


In old package, I will get the following in the terminal:
.live.[root@x86-64-5c-m1 Desktop]# gdb evince
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) run /root/Desktop/reproducer.pdf 2 > /dev/null
Starting program: /usr/bin/evince /root/Desktop/reproducer.pdf 2 > /dev/null
[Thread debugging using libthread_db enabled]
[New Thread 0x2adf0b782490 (LWP 17801)]
[New Thread 0x42137940 (LWP 17804)]
Error (459): 21 extraneous bytes after segment
Error (470): Unknown segment type in JBIG2 stream
Error (652): Unexpected EOF in JBIG2 stream
evince: Fatal IO error 104 (Connection reset by peer) on X server :5.0.
[Thread 0x42137940 (LWP 17804) exited]

Program exited with code 01.
(gdb) bt
No stack.
(gdb) quit


In new package of evince-0.6.0-13.el5, then I will get the following in the terminal like: 
.qa.[root@ppcp-5s-m1 Desktop]# gdb evince
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "ppc64-redhat-linux-gnu"...
(gdb) r /root/Desktop/reproducer.pdf 2 > /dev/null
Starting program: /usr/bin/evince /root/Desktop/reproducer.pdf 2 > /dev/null
[Thread debugging using libthread_db enabled]
[New Thread 0xf7de2a10 (LWP 6066)]
[New Thread 0xf7acf4a0 (LWP 6371)]
Error (459): 21 extraneous bytes after segment
Error (470): Unknown segment type in JBIG2 stream
Error (652): Unexpected EOF in JBIG2 stream
Error (459): 21 extraneous bytes after segment

Program received signal SIGINT, Interrupt.
0x0ff17074 in poll () from /lib/libc.so.6
(gdb) bt
#0  0x0ff17074 in poll () from /lib/libc.so.6
#1  0x0f7cb648 in ?? () from /lib/libglib-2.0.so.0
#2  0x0f7cbc14 in g_main_loop_run () from /lib/libglib-2.0.so.0
#3  0x0f197824 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#4  0x10037b7c in main (argc=269495560, argv=0xff8df774) at main.c:345
(gdb) quit


Is this result the expect result for new package?
Comment 7 Yewei Shao 2009-12-23 02:10:12 UTC 
I verify this bug by following result in terminal. Check the backtraces, the fails does not show up with new poppler and also no "draw_loading_text()" in backtraces, so this bug is verified in evince-0.6.0-13.el5.

.live.[root@x86-64-5c-m1 ~]# gdb evince
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) r /root/Desktop/reproducer.pdf 2> /dev/null
Starting program: /usr/bin/evince /root/Desktop/reproducer.pdf 2> /dev/null
[Thread debugging using libthread_db enabled]
[New Thread 0x2b4a4a773490 (LWP 32498)]
[New Thread 0x4153e940 (LWP 32529)]

Program received signal SIGINT, Interrupt.
0x00000036a0ccae46 in poll () from /lib64/libc.so.6
(gdb) thread apply all bt

Thread 2 (Thread 0x4153e940 (LWP 32529)):
#0  0x00000036a180ad09 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib64/libpthread.so.0
#1  0x00000000004182a0 in ev_render_thread (data=<value optimized out>)
    at ev-job-queue.c:179
#2  0x00000036a6848e04 in ?? () from /lib64/libglib-2.0.so.0
#3  0x00000036a1806617 in start_thread () from /lib64/libpthread.so.0
#4  0x00000036a0cd3c2d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x2b4a4a773490 (LWP 32498)):
#0  0x00000036a0ccae46 in poll () from /lib64/libc.so.6
#1  0x00000036a682fa3d in ?? () from /lib64/libglib-2.0.so.0
#2  0x00000036a682ff1a in g_main_loop_run () from /lib64/libglib-2.0.so.0
#3  0x00000036a912aa53 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0
#4  0x000000000043687d in main (argc=198054008, argv=0xbd11b50) at main.c:345
(gdb) quit
Comment 9 Ryan Lerch 2010-03-11 01:00:42 UTC 
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.

New Contents:
When rendering a page of a PDF document, evince displays a blank page, with just the text "Loading..." visible until the page is ready to be viewed. Previously, evince was not checking if the drawing area for the loading page could be allocated. Consequently, if a PDF document with large page dimensions was opened evince may have crashed, returning a segmentation fault. With this update, the drawing area for the loading page is now correctly allocated, resolving this issue. (BZ#499676)
Comment 10 errata-xmlrpc 2010-03-30 08:03:08 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0195.html