libreport version: 2.0.8 abrt_version: 2.0.7 backtrace_rating: 4 cmdline: evince '/tmp/Lothians to get Scotland.pdf' comment: Attempting to open a downloaded pdf document from the internet executable: /usr/bin/evince kernel: 3.3.7-1.fc16.x86_64 pid: 24032 pwd: /home/quentin reason: Process /usr/bin/evince was killed by signal 11 (SIGSEGV) time: Wed 13 Jun 2012 18:21:20 BST uid: 1000 username: quentin backtrace: Text file, 54178 bytes dso_list: Text file, 8806 bytes maps: Text file, 41360 bytes environ: :XDG_VTNR=6 :XSUNTRANSPORT=shmem :XDG_SESSION_ID=48 :HOSTNAME=samson.armitage.org.uk :LC_MONETARY=en_GB.utf8 :IMSETTINGS_INTEGRATE_DESKTOP=yes :GIO_LAUNCHED_DESKTOP_FILE_PID=24032 :GPG_AGENT_INFO=/tmp/keyring-82tInL/gpg:0:1 :SHELL=/bin/bash :TERM=dumb :HISTSIZE=1000 :XDG_SESSION_COOKIE=d2832538765aa559c7f16f0a00000011-1338828641.626094-405850051 :GJS_DEBUG_OUTPUT=stderr :LC_NUMERIC=en_GB.utf8 :QTDIR=/usr/lib64/qt-3.3 :GNOME_KEYRING_CONTROL=/tmp/keyring-82tInL :QTINC=/usr/lib64/qt-3.3/include :'GJS_DEBUG_TOPICS=JS ERROR;JS LOG' :MOZILLA_FIVE_HOME=/usr/lib64/firefox :IMSETTINGS_MODULE=none :USER=quentin :LD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/firefox :SSH_AUTH_SOCK=/tmp/keyring-82tInL/ssh :LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox :USERNAME=quentin :SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/8420,unix/unix:/tmp/.ICE-unix/8420 :GNOME_DISABLE_CRASH_DIALOG=1 :MOZ_APP_LAUNCHER=/usr/bin/firefox :GIO_LAUNCHED_DESKTOP_FILE=/usr/share/applications/evince.desktop :MOZ_PLUGIN_PATH=/usr/lib64/mozilla/plugins:/usr/lib64/firefox/plugins :MAIL=/var/spool/mail/quentin :PATH=/usr/lib64/qt-3.3/bin:/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/quentin/.local/bin:/home/quentin/bin :DESKTOP_SESSION=gnome :FONTCONFIG_PATH=/etc/fonts:/usr/lib64/firefox/res/Xft :QT_IM_MODULE=xim :PWD=/home/quentin :XMODIFIERS=@im=none :KDE_IS_PRELINKED=1 :GNOME_KEYRING_PID=8415 :LANG=en_GB.utf8 :MODULEPATH=/usr/share/Modules/modulefiles:/etc/modulefiles :GDM_LANG=en_GB.utf8 :LOADEDMODULES= :KDEDIRS=/usr :LC_MEASUREMENT=en_GB.utf8 :XSUNSMESIZE=512 :GDMSESSION=gnome :HISTCONTROL=ignoredups :HOME=/home/quentin :XDG_SEAT=seat0 :SHLVL=1 :GNOME_DESKTOP_SESSION_ID=this-is-deprecated :DYLD_LIBRARY_PATH=/usr/lib64/firefox:/usr/lib64/firefox :LOGNAME=quentin :QTLIB=/usr/lib64/qt-3.3/lib :CVS_RSH=ssh :MOZ_GRE_CONF=/etc/gre.d/gre64.conf :DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-ygZujnVeq2,guid=6e119a87d43b2677b73286cf0000433d :MODULESHOME=/usr/share/Modules :'LESSOPEN=||/usr/bin/lesspipe.sh %s' :SHLIB_PATH=/usr/lib64/firefox:/usr/lib64/firefox :WINDOWPATH=6 :XDG_RUNTIME_DIR=/run/user/quentin :DISPLAY=:0 :LC_TIME=en_GB.utf8 :CCACHE_HASHDIR= :XAUTHORITY=/var/run/gdm/auth-for-quentin-qirm2L/database :'module=() { eval `/usr/bin/modulecmd bash $*`\n}' :NO_AT_BRIDGE=1 :MOZ_CRASHREPORTER_RESTART_ARG_0=/usr/lib64/firefox/firefox :MOZ_CRASHREPORTER_RESTART_ARG_1= :'MOZ_CRASHREPORTER_DATA_DIRECTORY=/home/quentin/.mozilla/firefox/Crash Reports' :MOZ_LAUNCHED_CHILD= :ORBIT_SOCKETDIR=/tmp/orbit-quentin :XRE_PROFILE_PATH= :XRE_PROFILE_LOCAL_PATH= :XRE_PROFILE_NAME= :XRE_START_OFFLINE= :NO_EM_RESTART= :XUL_APP_FILE= :XRE_BINARY_PATH= smolt_data: : : :General :================================= :UUID: 352e1585-6779-4b02-a8c2-a08bfbc39569 :OS: Fedora release 16 (Verne) :Default run level: Unknown :Language: en_GB.utf8 :Platform: x86_64 :BogoMIPS: 4589.83 :CPU Vendor: GenuineIntel :CPU Model: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz :CPU Stepping: 7 :CPU Family: 6 :CPU Model Num: 42 :Number of CPUs: 4 :CPU Speed: 2301 :System Memory: 7895 :System Swap: 9951 :Vendor: TOSHIBA :System: SATELLITE PRO C660 PSC1ME-00U00KEN :Form factor: Notebook :Kernel: 3.3.7-1.fc16.x86_64 :SELinux Enabled: 1 :SELinux Policy: targeted :SELinux Enforce: Enforcing :MythTV Remote: Unknown :MythTV Role: Unknown :MythTV Theme: Unknown :MythTV Plugin: :MythTV Tuner: -1 : : :Devices :================================= :(32902:7241:4473:64560) pci, None, PCI/ISA, HM65 Express Chipset Family LPC Controller :(32902:278:4473:64656) pci, i915, VIDEO, 2nd Generation Core Processor Family Integrated Graphics Controller :(32902:7171:4473:64560) pci, ahci, STORAGE, 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller :(32902:7184:4473:64560) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 1 :(32902:7186:4473:64560) pci, pcieport, PCI/PCI, 6 Series/C200 Series Chipset Family PCI Express Root Port 2 :(32902:7200:4473:64560) pci, snd_hda_intel, MULTIMEDIA, 6 Series/C200 Series Chipset Family High Definition Audio Controller :(32902:7202:4473:64560) pci, None, SERIAL, 6 Series/C200 Series Chipset Family SMBus Controller :(5772:48:4525:25859) pci, ath9k, NETWORK, AR9300 Wireless LAN adaptor :(4332:33078:4473:64560) pci, r8169, ETHERNET, RTL8101E/RTL8102E PCI Express Fast Ethernet controller :(32902:7213:4473:64560) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 :(32902:7206:4473:64560) pci, ehci_hcd, USB, 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 :(32902:260:4473:64656) pci, agpgart-intel, HOST/PCI, 2nd Generation Core Processor Family DRAM Controller :(32902:7226:4473:64560) pci, None, SIMPLE, 6 Series/C200 Series Chipset Family MEI Controller #1 : : :Filesystem Information :================================= :device mtpt type bsize frsize blocks bfree bavail file ffree favail :------------------------------------------------------------------- :/dev/mapper/vg_samson-lv_root / ext4 4096 4096 13081819 10812421 10157061 3276800 2963555 2963555 :/dev/sda3 /boot ext4 1024 1024 508745 358780 333180 128016 127775 127775 :/dev/mapper/vg_samson-lv_home /home ext4 4096 4096 67113329 49822779 46463240 16801792 16707239 16707239 : var_log_messages: :Jun 13 18:21:19 samson kernel: [550574.863378] evince[24038]: segfault at 237e970 ip 000000000237e970 sp 00007f0533ffcc68 error 15 :Jun 13 18:21:20 samson abrt[24040]: Saved core dump of pid 24032 (/usr/bin/evince) to /var/spool/abrt/ccpp-2012-06-13-18:21:20-24032 (50180096 bytes) xsession_errors: :(evince:2206): Gtk-WARNING **: Operation not supported by backend :(evince:2206): Gtk-WARNING **: Operation not supported by backend :(evince:4186): Gtk-WARNING **: Operation not supported by backend :(evince:4186): Gtk-WARNING **: Operation not supported by backend :(evince:4238): Gtk-WARNING **: Operation not supported by backend :(evince:4238): Gtk-WARNING **: Operation not supported by backend :(evince:4304): Gtk-WARNING **: Operation not supported by backend :(evince:4304): Gtk-WARNING **: Operation not supported by backend :(evince:4323): Gtk-WARNING **: Operation not supported by backend :(evince:4323): Gtk-WARNING **: Operation not supported by backend :(evince:4349): Gtk-WARNING **: Operation not supported by backend :(evince:4349): Gtk-WARNING **: Operation not supported by backend :(evince:4444): Gtk-WARNING **: Operation not supported by backend :(evince:4444): Gtk-WARNING **: Operation not supported by backend :(evince:24646): Gtk-WARNING **: Operation not supported by backend :(evince:24646): Gtk-WARNING **: Operation not supported by backend :** (evince:2722): WARNING **: Unimplemented annotation: POPPLER_ANNOT_FREE_TEXT, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:2722): WARNING **: Unimplemented annotation: POPPLER_ANNOT_FREE_TEXT, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :(evince:2722): Gtk-WARNING **: Operation not supported by backend :(evince:2722): Gtk-WARNING **: Operation not supported by backend :(evince:2733): Gtk-WARNING **: Operation not supported by backend :(evince:2733): Gtk-WARNING **: Operation not supported by backend :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase. :** (evince:8561): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE, please post a bug report in Evince bugzilla (http://bugzilla.gnome.org) with a testcase.
Created attachment 591644 [details] File: dso_list
Created attachment 591645 [details] File: maps
Created attachment 591646 [details] File: backtrace
This problem was found while fuzzing the program evince by feeding it with corrupted pdf documents. The particular document 'fuzz_502.pdf' that caused this crash has been attached to the bug report. evince does not always crash while opening this document, only perhaps 1 time out of 100. However when running it in the valgrind tool I always get the following warnings when opening the document: ==4329== Thread 5: ==4329== Conditional jump or move depends on uninitialised value(s) ==4329== at 0x367DE1C3CB: param_ulong_validate (gparamspecs.c:292) ==4329== by 0x367DE1AF26: g_param_value_validate (gparam.c:649) ==4329== by 0x367DE148D7: g_object_constructor (gobject.c:1337) ==4329== by 0x367DE15D70: g_object_newv (gobject.c:1713) ==4329== by 0x367DE1655F: g_object_new_valist (gobject.c:1830) ==4329== by 0x367DE16893: g_object_new (gobject.c:1545) ==4329== by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232) ==4329== by 0x15CB01BD: ??? (ev-poppler.cc:3032) ==4329== by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447) ==4329== by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204) ==4329== by 0x367D66A304: g_thread_proxy (gthread.c:801) ==4329== by 0x3FE9007D13: start_thread (pthread_create.c:309) ==4329== ==4329== Conditional jump or move depends on uninitialised value(s) ==4329== at 0x367DE1AF29: g_param_value_validate (gparam.c:649) ==4329== by 0x367DE148D7: g_object_constructor (gobject.c:1337) ==4329== by 0x367DE15D70: g_object_newv (gobject.c:1713) ==4329== by 0x367DE1655F: g_object_new_valist (gobject.c:1830) ==4329== by 0x367DE16893: g_object_new (gobject.c:1545) ==4329== by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232) ==4329== by 0x15CB01BD: ??? (ev-poppler.cc:3032) ==4329== by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447) ==4329== by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204) ==4329== by 0x367D66A304: g_thread_proxy (gthread.c:801) ==4329== by 0x3FE9007D13: start_thread (pthread_create.c:309) ==4329== by 0x3FE8CF197C: clone (clone.S:115) ==4329== ==4329== Conditional jump or move depends on uninitialised value(s) ==4329== at 0x4A0AD21: bcmp (mc_replace_strmem.c:889) ==4329== by 0x367DE1AF3D: g_param_value_validate (gparam.c:650) ==4329== by 0x367DE148D7: g_object_constructor (gobject.c:1337) ==4329== by 0x367DE15D70: g_object_newv (gobject.c:1713) ==4329== by 0x367DE1655F: g_object_new_valist (gobject.c:1830) ==4329== by 0x367DE16893: g_object_new (gobject.c:1545) ==4329== by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232) ==4329== by 0x15CB01BD: ??? (ev-poppler.cc:3032) ==4329== by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447) ==4329== by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204) ==4329== by 0x367D66A304: g_thread_proxy (gthread.c:801) ==4329== by 0x3FE9007D13: start_thread (pthread_create.c:309) ==4329== ==4329== Conditional jump or move depends on uninitialised value(s) ==4329== at 0x4A0AD43: bcmp (mc_replace_strmem.c:889) ==4329== by 0x367DE1AF3D: g_param_value_validate (gparam.c:650) ==4329== by 0x367DE148D7: g_object_constructor (gobject.c:1337) ==4329== by 0x367DE15D70: g_object_newv (gobject.c:1713) ==4329== by 0x367DE1655F: g_object_new_valist (gobject.c:1830) ==4329== by 0x367DE16893: g_object_new (gobject.c:1545) ==4329== by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232) ==4329== by 0x15CB01BD: ??? (ev-poppler.cc:3032) ==4329== by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447) ==4329== by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204) ==4329== by 0x367D66A304: g_thread_proxy (gthread.c:801) ==4329== by 0x3FE9007D13: start_thread (pthread_create.c:309) ==4329== ==4329== Conditional jump or move depends on uninitialised value(s) ==4329== at 0x367DE1AF44: g_param_value_validate (gparam.c:649) ==4329== by 0x367DE148D7: g_object_constructor (gobject.c:1337) ==4329== by 0x367DE15D70: g_object_newv (gobject.c:1713) ==4329== by 0x367DE1655F: g_object_new_valist (gobject.c:1830) ==4329== by 0x367DE16893: g_object_new (gobject.c:1545) ==4329== by 0x3681E10EED: ev_attachment_new (ev-attachment.c:232) ==4329== by 0x15CB01BD: ??? (ev-poppler.cc:3032) ==4329== by 0x368261B0B9: ev_job_attachments_run (ev-jobs.c:447) ==4329== by 0x368261BC01: ev_job_thread_proxy (ev-job-scheduler.c:204) ==4329== by 0x367D66A304: g_thread_proxy (gthread.c:801) ==4329== by 0x3FE9007D13: start_thread (pthread_create.c:309) ==4329== by 0x3FE8CF197C: clone (clone.S:115) ==4329== backtrace_rating: 4 Package: evince-3.4.0-2.fc17 OS Release: Fedora release 17 (Beefy Miracle)
Created attachment 599843 [details] Document that can cause this crash (1 time out of 100)
I was opening a pdf file within Nautilus. backtrace_rating: 4 Package: evince-3.4.0-2.fc17 OS Release: Fedora release 17 (Beefy Miracle)
This message is a reminder that Fedora 16 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '16'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 16's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 16 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.