Bug 831852 - [abrt] evince-3.2.1-2.fc16: Process /usr/bin/evince was killed by signal 11 (SIGSEGV)
[abrt] evince-3.2.1-2.fc16: Process /usr/bin/evince was killed by signal 11 (...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: evince (Show other bugs)
16
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Marek Kašík
Fedora Extras Quality Assurance
abrt_hash:efef2f88441dfef2b1e44995cb2...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-13 18:09 EDT by Quentin Armitage
Modified: 2013-02-13 14:08 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-13 14:08:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: dso_list (8.60 KB, text/plain)
2012-06-13 18:09 EDT, Quentin Armitage
no flags Details
File: maps (40.39 KB, text/plain)
2012-06-13 18:09 EDT, Quentin Armitage
no flags Details
File: backtrace (52.91 KB, text/plain)
2012-06-13 18:09 EDT, Quentin Armitage
no flags Details
Document that can cause this crash (1 time out of 100) (227.38 KB, application/pdf)
2012-07-23 15:07 EDT, Anders Widell
no flags Details

  None (edit)
Description Quentin Armitage 2012-06-13 18:09:05 EDT
libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        evince '/tmp/Lothians to get Scotland.pdf'
comment:        Attempting to open a downloaded pdf document from the internet
executable:     /usr/bin/evince
kernel:         3.3.7-1.fc16.x86_64
pid:            24032
pwd:            /home/quentin
reason:         Process /usr/bin/evince was killed by signal 11 (SIGSEGV)
time:           Wed 13 Jun 2012 18:21:20 BST
uid:            1000
username:       quentin

backtrace:      Text file, 54178 bytes
dso_list:       Text file, 8806 bytes
maps:           Text file, 41360 bytes

environ:
:XDG_VTNR=6
:XSUNTRANSPORT=shmem
:XDG_SESSION_ID=48
:HOSTNAME=samson.armitage.org.uk
:LC_MONETARY=en_GB.utf8
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GIO_LAUNCHED_DESKTOP_FILE_PID=24032
:GPG_AGENT_INFO=/tmp/keyring-82tInL/gpg:0:1
:SHELL=/bin/bash
:TERM=dumb
:HISTSIZE=1000
:XDG_SESSION_COOKIE=d2832538765aa559c7f16f0a00000011-1338828641.626094-405850051
:GJS_DEBUG_OUTPUT=stderr
:LC_NUMERIC=en_GB.utf8
:QTDIR=/usr/lib64/qt-3.3
:GNOME_KEYRING_CONTROL=/tmp/keyring-82tInL
:QTINC=/usr/lib64/qt-3.3/include
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:MOZILLA_FIVE_HOME=/usr/lib64/firefox
:IMSETTINGS_MODULE=none
:USER=quentin
:LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/firefox
:SSH_AUTH_SOCK=/tmp/keyring-82tInL/ssh
:LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox
:USERNAME=quentin
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/8420,unix/unix:/tmp/.ICE-unix/8420
:GNOME_DISABLE_CRASH_DIALOG=1
:MOZ_APP_LAUNCHER=/usr/bin/firefox
:GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/evince.desktop
:MOZ_PLUGIN_PATH=/usr/lib64/mozilla/plugins:/usr/lib64/firefox/plugins
:MAIL=/var/spool/mail/quentin
:PATH=/usr/lib64/qt-3.3/bin:/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/quentin/.local/bin:/home/quentin/bin
:DESKTOP_SESSION=gnome
:FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft
:QT_IM_MODULE=xim
:PWD=/home/quentin
:XMODIFIERS=@im=none
:KDE_IS_PRELINKED=1
:GNOME_KEYRING_PID=8415
:LANG=en_GB.utf8
:MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles
:GDM_LANG=en_GB.utf8
:LOADEDMODULES=
:KDEDIRS=/usr
:LC_MEASUREMENT=en_GB.utf8
:XSUNSMESIZE=512
:GDMSESSION=gnome
:HISTCONTROL=ignoredups
:HOME=/home/quentin
:XDG_SEAT=seat0
:SHLVL=1
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox
:LOGNAME=quentin
:QTLIB=/usr/lib64/qt-3.3/lib
:CVS_RSH=ssh
:MOZ_GRE_CONF=/etc/gre.d/gre64.conf
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-ygZujnVeq2,guid=6e119a87d43b2677b73286cf0000433d
:MODULESHOME=/usr/share/Modules
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox
:WINDOWPATH=6
:XDG_RUNTIME_DIR=/run/user/quentin
:DISPLAY=:0
:LC_TIME=en_GB.utf8
:CCACHE_HASHDIR=
:XAUTHORITY=/var/run/gdm/auth-for-quentin-qirm2L/database
:'module=() {  eval `/usr/bin/modulecmd bash $*`\n}'
:NO_AT_BRIDGE=1
:MOZ_CRASHREPORTER_RESTART_ARG_0=/usr/lib64/firefox/firefox
:MOZ_CRASHREPORTER_RESTART_ARG_1=
:'MOZ_CRASHREPORTER_DATA_DIRECTORY=/home/quentin/.mozilla/firefox/Crash Reports'
:MOZ_LAUNCHED_CHILD=
:ORBIT_SOCKETDIR=/tmp/orbit-quentin
:XRE_PROFILE_PATH=
:XRE_PROFILE_LOCAL_PATH=
:XRE_PROFILE_NAME=
:XRE_START_OFFLINE=
:NO_EM_RESTART=
:XUL_APP_FILE=
:XRE_BINARY_PATH=

smolt_data:
:
:
:General
:=================================
:UUID: 352e1585-6779-4b02-a8c2-a08bfbc39569
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_GB.utf8
:Platform: x86_64
:BogoMIPS: 4589.83
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
:CPU Stepping: 7
:CPU Family: 6
:CPU Model Num: 42
:Number of CPUs: 4
:CPU Speed: 2301
:System Memory: 7895
:System Swap: 9951
:Vendor: TOSHIBA
:System: SATELLITE PRO C660 PSC1ME-00U00KEN
:Form factor: Notebook
:Kernel: 3.3.7-1.fc16.x86_64
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(32902:7241:4473:64560) pci, None, PCI/ISA, HM65 Express Chipset Family LPC Controller
:(32902:278:4473:64656) pci, i915, VIDEO, 2nd Generation Core Processor Family Integrated Graphics Controller
:(32902:7171:4473:64560) pci, ahci, STORAGE, 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller
:(32902:7184:4473:64560) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 1
:(32902:7186:4473:64560) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 2
:(32902:7200:4473:64560) pci, snd_hda_intel, MULTIMEDIA, 6 Series/C200 Series Chipset Family High Definition Audio Controller
:(32902:7202:4473:64560) pci, None, SERIAL, 6 Series/C200 Series Chipset Family SMBus Controller
:(5772:48:4525:25859) pci, ath9k, NETWORK, AR9300 Wireless LAN adaptor
:(4332:33078:4473:64560) pci, r8169, ETHERNET, RTL8101E/RTL8102E PCI Express Fast Ethernet controller
:(32902:7213:4473:64560) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2
:(32902:7206:4473:64560) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1
:(32902:260:4473:64656) pci, agpgart-intel, HOST/PCI, 2nd Generation Core Processor Family DRAM Controller
:(32902:7226:4473:64560) pci, None, SIMPLE, 6 Series/C200 Series Chipset Family MEI Controller #1
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/vg_samson-lv_root / ext4 4096 4096 13081819 10812421 10157061 3276800 2963555 2963555
:/dev/sda3 /boot ext4 1024 1024 508745 358780 333180 128016 127775 127775
:/dev/mapper/vg_samson-lv_home /home ext4 4096 4096 67113329 49822779 46463240 16801792 16707239 16707239
:

var_log_messages:
:Jun 13 18:21:19 samson kernel: [550574.863378] evince[24038]: segfault at 237e970 ip 000000000237e970 sp 00007f0533ffcc68 error 15
:Jun 13 18:21:20 samson abrt[24040]: Saved core dump of pid 24032 (/usr/bin/evince) to /var/spool/abrt/ccpp-2012-06-13-18:21:20-24032 (50180096 bytes)

xsession_errors:
:(evince:2206): Gtk-WARNING **: Operation not supported by backend
:(evince:2206): Gtk-WARNING **: Operation not supported by backend
:(evince:4186): Gtk-WARNING **: Operation not supported by backend
:(evince:4186): Gtk-WARNING **: Operation not supported by backend
:(evince:4238): Gtk-WARNING **: Operation not supported by backend
:(evince:4238): Gtk-WARNING **: Operation not supported by backend
:(evince:4304): Gtk-WARNING **: Operation not supported by backend
:(evince:4304): Gtk-WARNING **: Operation not supported by backend
:(evince:4323): Gtk-WARNING **: Operation not supported by backend
:(evince:4323): Gtk-WARNING **: Operation not supported by backend
:(evince:4349): Gtk-WARNING **: Operation not supported by backend
:(evince:4349): Gtk-WARNING **: Operation not supported by backend
:(evince:4444): Gtk-WARNING **: Operation not supported by backend
:(evince:4444): Gtk-WARNING **: Operation not supported by backend
:(evince:24646): Gtk-WARNING **: Operation not supported by backend
:(evince:24646): Gtk-WARNING **: Operation not supported by backend
:** (evince:2722): WARNING **: Unimplemented annotation: POPPLER_ANNOT_FREE_TEXT, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:2722): WARNING **: Unimplemented annotation: POPPLER_ANNOT_FREE_TEXT, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:(evince:2722): Gtk-WARNING **: Operation not supported by backend
:(evince:2722): Gtk-WARNING **: Operation not supported by backend
:(evince:2733): Gtk-WARNING **: Operation not supported by backend
:(evince:2733): Gtk-WARNING **: Operation not supported by backend
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
:** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
Comment 1 Quentin Armitage 2012-06-13 18:09:09 EDT
Created attachment 591644 [details]
File: dso_list
Comment 2 Quentin Armitage 2012-06-13 18:09:12 EDT
Created attachment 591645 [details]
File: maps
Comment 3 Quentin Armitage 2012-06-13 18:09:15 EDT
Created attachment 591646 [details]
File: backtrace
Comment 4 Anders Widell 2012-07-23 15:02:20 EDT
This problem was found while fuzzing the program evince by feeding it with corrupted pdf documents. The particular document 'fuzz_502.pdf' that caused this crash has been attached to the bug report.

evince does not always crash while opening this document, only perhaps 1 time out of 100. However when running it in the valgrind tool I always get the following warnings when opening the document:

==4329== Thread 5:
==4329== Conditional jump or move depends on uninitialised value(s)
==4329==    at 0x367DE1C3CB: param_ulong_validate (gparamspecs.c:292)
==4329==    by 0x367DE1AF26: g_param_value_validate (gparam.c:649)
==4329==    by 0x367DE148D7: g_object_constructor (gobject.c:1337)
==4329==    by 0x367DE15D70: g_object_newv (gobject.c:1713)
==4329==    by 0x367DE1655F: g_object_new_valist (gobject.c:1830)
==4329==    by 0x367DE16893: g_object_new (gobject.c:1545)
==4329==    by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232)
==4329==    by 0x15CB01BD: ??? (ev-poppler.cc:3032)
==4329==    by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447)
==4329==    by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204)
==4329==    by 0x367D66A304: g_thread_proxy (gthread.c:801)
==4329==    by 0x3FE9007D13: start_thread (pthread_create.c:309)
==4329== 
==4329== Conditional jump or move depends on uninitialised value(s)
==4329==    at 0x367DE1AF29: g_param_value_validate (gparam.c:649)
==4329==    by 0x367DE148D7: g_object_constructor (gobject.c:1337)
==4329==    by 0x367DE15D70: g_object_newv (gobject.c:1713)
==4329==    by 0x367DE1655F: g_object_new_valist (gobject.c:1830)
==4329==    by 0x367DE16893: g_object_new (gobject.c:1545)
==4329==    by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232)
==4329==    by 0x15CB01BD: ??? (ev-poppler.cc:3032)
==4329==    by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447)
==4329==    by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204)
==4329==    by 0x367D66A304: g_thread_proxy (gthread.c:801)
==4329==    by 0x3FE9007D13: start_thread (pthread_create.c:309)
==4329==    by 0x3FE8CF197C: clone (clone.S:115)
==4329== 
==4329== Conditional jump or move depends on uninitialised value(s)
==4329==    at 0x4A0AD21: bcmp (mc_replace_strmem.c:889)
==4329==    by 0x367DE1AF3D: g_param_value_validate (gparam.c:650)
==4329==    by 0x367DE148D7: g_object_constructor (gobject.c:1337)
==4329==    by 0x367DE15D70: g_object_newv (gobject.c:1713)
==4329==    by 0x367DE1655F: g_object_new_valist (gobject.c:1830)
==4329==    by 0x367DE16893: g_object_new (gobject.c:1545)
==4329==    by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232)
==4329==    by 0x15CB01BD: ??? (ev-poppler.cc:3032)
==4329==    by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447)
==4329==    by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204)
==4329==    by 0x367D66A304: g_thread_proxy (gthread.c:801)
==4329==    by 0x3FE9007D13: start_thread (pthread_create.c:309)
==4329== 
==4329== Conditional jump or move depends on uninitialised value(s)
==4329==    at 0x4A0AD43: bcmp (mc_replace_strmem.c:889)
==4329==    by 0x367DE1AF3D: g_param_value_validate (gparam.c:650)
==4329==    by 0x367DE148D7: g_object_constructor (gobject.c:1337)
==4329==    by 0x367DE15D70: g_object_newv (gobject.c:1713)
==4329==    by 0x367DE1655F: g_object_new_valist (gobject.c:1830)
==4329==    by 0x367DE16893: g_object_new (gobject.c:1545)
==4329==    by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232)
==4329==    by 0x15CB01BD: ??? (ev-poppler.cc:3032)
==4329==    by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447)
==4329==    by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204)
==4329==    by 0x367D66A304: g_thread_proxy (gthread.c:801)
==4329==    by 0x3FE9007D13: start_thread (pthread_create.c:309)
==4329== 
==4329== Conditional jump or move depends on uninitialised value(s)
==4329==    at 0x367DE1AF44: g_param_value_validate (gparam.c:649)
==4329==    by 0x367DE148D7: g_object_constructor (gobject.c:1337)
==4329==    by 0x367DE15D70: g_object_newv (gobject.c:1713)
==4329==    by 0x367DE1655F: g_object_new_valist (gobject.c:1830)
==4329==    by 0x367DE16893: g_object_new (gobject.c:1545)
==4329==    by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232)
==4329==    by 0x15CB01BD: ??? (ev-poppler.cc:3032)
==4329==    by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447)
==4329==    by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204)
==4329==    by 0x367D66A304: g_thread_proxy (gthread.c:801)
==4329==    by 0x3FE9007D13: start_thread (pthread_create.c:309)
==4329==    by 0x3FE8CF197C: clone (clone.S:115)
==4329== 


backtrace_rating: 4
Package: evince-3.4.0-2.fc17
OS Release: Fedora release 17 (Beefy Miracle)
Comment 5 Anders Widell 2012-07-23 15:07:56 EDT
Created attachment 599843 [details]
Document that can cause this crash (1 time out of 100)
Comment 6 Wouter 2012-10-01 16:28:50 EDT
I was opening a pdf file within Nautilus.

backtrace_rating: 4
Package: evince-3.4.0-2.fc17
OS Release: Fedora release 17 (Beefy Miracle)
Comment 7 Fedora End Of Life 2013-01-16 10:56:02 EST
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Fedora End Of Life 2013-02-13 14:08:39 EST
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.