This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 851831 - evince segfaults in poppler on simple PDF
evince segfaults in poppler on simple PDF
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: poppler (Show other bugs)
18
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Marek Kašík
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-26 04:08 EDT by Richard W.M. Jones
Modified: 2013-03-01 10:28 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-01 10:28:34 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2012-08-26 04:08:49 EDT
Description of problem:

evince in Fedora 18 segfaults.  The stack trace shows it crashing
in the poppler library.

Version-Release number of selected component (if applicable):

evince-3.5.5-1.fc18.x86_64
poppler-0.20.2-3.fc18.x86_64
poppler-glib-0.20.2-3.fc18.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Download http://www.cs.washington.edu/education/courses/cse544/04sp/papers/xml-essence.pdf
2. Run evince on this document.
 
Actual results:

The stack trace is unreliable for me, meaning I get various
different stack traces depending on unknown factors.  However
here is the most common one:

#0  0x000000351b85f3b0 in ?? ()
#1  0x000000351d81a6aa in poppler_document_new_from_file ()
   from /lib64/libpoppler-glib.so.8
#2  0x00007fffeb0f8b19 in ?? ()
   from /usr/lib64/evince/4/backends/libpdfdocument.so
#3  0x0000003519815a88 in ev_document_load () from /lib64/libevdocument3.so.4
#4  0x000000351981763c in ev_document_factory_get_document ()
   from /lib64/libevdocument3.so.4
#5  0x000000351b81b43f in ?? () from /lib64/libevview3.so.3
#6  0x000000351b81cbb2 in ?? () from /lib64/libevview3.so.3
#7  0x000000351b06ad25 in ?? () from /lib64/libglib-2.0.so.0
#8  0x0000003518407d15 in start_thread () from /lib64/libpthread.so.0
#9  0x0000003517cf182d in clone () from /lib64/libc.so.6

Expected results:

Should display the document.

Additional info:
Comment 1 Richard W.M. Jones 2012-08-26 04:14:46 EDT
OK I realized what was causing the "unreliability" in stack
traces.  I was using the old gdb pre-DWARF changes.  Here's
a better stack trace with new gdb and debuginfo installed:

#0  0x000000351b85f3b0 in ?? ()
#1  0x000000351d81a6aa in poppler_document_new_from_file (uri=
    0xb7e120 "file:///tmp/xml-essence.pdf", password=0x0, error=0x7fffdff35b28)
    at poppler-document.cc:175
#2  0x00007fffeb0f8b19 in pdf_document_load (document=<optimized out>, uri=
    0xb7e120 "file:///tmp/xml-essence.pdf", error=0x7fffdff35b58)
    at ev-poppler.cc:273
#3  0x0000003519815a88 in ev_document_load (document=document@entry=
    0xb75e10 [PdfDocument], uri=uri@entry=
    0xb7e120 "file:///tmp/xml-essence.pdf", error=error@entry=0x7fffdff35b98)
    at ev-document.c:296
#4  0x000000351981763c in ev_document_factory_get_document (uri=
    0xb7e120 "file:///tmp/xml-essence.pdf", error=error@entry=0x7fffdff35bd8)
    at ev-document-factory.c:355
#5  0x000000351b81b43f in ev_job_load_run (job=0xb6e940 [EvJobLoad])
    at ev-jobs.c:994
#6  0x000000351b81cbb2 in ev_job_thread (job=0xb6e940 [EvJobLoad])
    at ev-job-scheduler.c:184
#7  ev_job_thread_proxy (data=<optimized out>) at ev-job-scheduler.c:217
#8  0x000000351b06ad25 in g_thread_proxy (data=0xb6e8f0) at gthread.c:801
#9  0x0000003518407d15 in start_thread (arg=0x7fffdff36700)
    at pthread_create.c:308
#10 0x0000003517cf182d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Comment 2 Richard W.M. Jones 2012-08-29 12:17:13 EDT
Here's another one:

$ evince 'http://static.usenix.org/publications/login/2012-02/pdfs/Hertel.pdf'
Segmentation fault

The stack trace is similar to the above:

#0  0x000000351b85f3b0 in ?? ()
#1  0x00007fffe8a326aa in poppler_document_new_from_file (uri=
    0xbc9e80 "file:///tmp/evince-12490/document.FZYIJW-Hertel.pdf", password=
    0x0, error=0x7fffe9692b28) at poppler-document.cc:175
#2  0x00007fffe8c8eb19 in pdf_document_load (document=<optimized out>, uri=
    0xbc9e80 "file:///tmp/evince-12490/document.FZYIJW-Hertel.pdf", error=
    0x7fffe9692b58) at ev-poppler.cc:273
#3  0x0000003519815a88 in ev_document_load (document=document@entry=
    0xbf0c40 [PdfDocument], uri=uri@entry=
    0xbc9e80 "file:///tmp/evince-12490/document.FZYIJW-Hertel.pdf", 
    error=error@entry=0x7fffe9692b98) at ev-document.c:296
#4  0x000000351981763c in ev_document_factory_get_document (uri=
    0xbc9e80 "file:///tmp/evince-12490/document.FZYIJW-Hertel.pdf", 
    error=error@entry=0x7fffe9692bd8) at ev-document-factory.c:355
#5  0x000000351b81b43f in ev_job_load_run (job=0xb36f20 [EvJobLoad])
    at ev-jobs.c:994
#6  0x000000351b81cbb2 in ev_job_thread (job=0xb36f20 [EvJobLoad])
    at ev-job-scheduler.c:184
#7  ev_job_thread_proxy (data=<optimized out>) at ev-job-scheduler.c:217
#8  0x000000351b06ad25 in g_thread_proxy (data=0xa00d40) at gthread.c:801
#9  0x0000003518407d15 in start_thread (arg=0x7fffe9693700)
    at pthread_create.c:308

It looks like evince is pretty broken in F18 ...
Comment 3 Richard W.M. Jones 2012-08-29 12:26:29 EDT
evince-3.5.5-1.fc18_3.5.90-1.fc18.x86_64 from F18 updates-testing
also crashes, although the stack trace is a bit different:

#0  0x000000351d024e07 in g_signal_new_valist (signal_name=signal_name@entry=
    0x7fffd403a810 "\020\247\003\324\377\177", itype=itype@entry=
    140737102191400, signal_flags=<optimized out>, 
    class_closure=<optimized out>, accumulator=<optimized out>, 
    accu_data=<optimized out>, c_marshaller=c_marshaller@entry=
    0x7fffe8384435 <_poppler_document_new_from_pdfdoc(PDFDoc*, GError**)+197>, 
    return_type=return_type@entry=12938160, n_params=n_params@entry=12938160, 
    args=args@entry=0x7fffe8fb9a00) at gsignal.c:1838
#1  0x000000351d025052 in g_signal_new (signal_name=
    0x7fffd403a810 "\020\247\003\324\377\177", itype=140737102191400, 
    signal_flags=<optimized out>, class_offset=<optimized out>, 
    accumulator=<optimized out>, accu_data=<optimized out>, c_marshaller=
    0x7fffe8384435 <_poppler_document_new_from_pdfdoc(PDFDoc*, GError**)+197>, 
    return_type=12938160, n_params=12938160) at gsignal.c:1398
#2  0x000000351d81a2ec in ibus_input_context_class_intern_init ()
   from /lib64/libibus-1.0.so.5
#3  0x00007fffe8fb9b98 in ?? ()
#4  0x0000000000000000 in ?? ()
Comment 4 Marek Kašík 2013-03-01 10:24:42 EST
Hi Richard,

I have tried to reproduce this and it doesn't crash for me with the old versions of those packages. Does it still crash for you on the file?

Regards

Marek
Comment 5 Richard W.M. Jones 2013-03-01 10:28:34 EST
No, it appears to be fixed now.

Note You need to log in before you can comment on or make changes to this bug.