After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 328654 - evince crash with special pdf file
evince crash with special pdf file
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: general
0.5.x
Other All
: Normal critical
: ---
Assigned To: Evince Maintainers
Evince Maintainers
: 388280 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-01-25 23:03 UTC by Christian Krause
Modified: 2006-12-22 06:54 UTC
See Also:
GNOME target: ---
GNOME version: 2.11/2.12


Description Christian Krause 2006-01-25 23:03:39 UTC 
Steps to reproduce:
1. get this pdf http://www.uni-leipzig.de/~eval/materialienunddownloads/saechshg.pdf
(md5sum: 3d089986b495a907246abbb6a6cd4cc9)
2. start evince with this pdf
3. activate side pane
4. switch side pane to thumbnail view
5. quit evince
6. restart "evince saechshg.pdf" -> this crashs mostly (not every time) on most
tested hosts

It seems, that this bug is timing related and not always on all machines
reproduceable.

Stack trace:
$:gdb evince

(gdb) set args saechshg.pdf 
(gdb) run
Starting program: /usr/bin/evince saechshg.pdf 
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
[Thread debugging using libthread_db enabled]
[New Thread -1497610576 (LWP 22642)]

** (evince:22642): WARNING **: Service registration failed.

** (evince:22642): WARNING **: Unable to determine the address of the message bu
s
[New Thread -1498080336 (LWP 22646)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1498080336 (LWP 22646)]
0xa76be343 in FcFontSetMatch (config=0xa6213e30, sets=0xa6b50ef8, nsets=1, 
    p=0xa6253b80, result=0xa6b50f48) at fcmatch.c:620
620                             if (cand_elts[cand_elt].object == 

(gdb) thread apply all bt

+ Trace 65612

Thread 1 (Thread -1497610576 (LWP 22642))

  • #0 FcObjectPtrU
    at fcname.c line 313
  • #1 FcCompareValueList
    at fcmatch.c line 348
  • #2 FcFontSetSort
    at fcmatch.c line 447
  • #3 FcFontSort
    at fcmatch.c line 981
  • #4 pango_fc_font_map_load_fontset
    at pangofc-fontmap.c line 1089
  • #5 pango_font_map_load_fontset
    at pango-fontmap.c line 106
  • #6 itemize_state_process_run
    at pango-context.c line 1050
  • #7 pango_itemize_with_base_dir
    at pango-context.c line 1194
  • #8 pango_layout_check_lines
    at pango-layout.c line 3276
  • #9 pango_layout_get_extents_internal
    at pango-layout.c line 2027
  • #10 pango_layout_get_pixel_extents
    at pango-layout.c line 2215
  • #11 ev_view_expose_event
  • #12 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 83
  • #13 g_type_class_meta_marshal
    at gclosure.c line 569
  • #14 IA__g_closure_invoke
    at gclosure.c line 492
  • #15 signal_emit_unlocked_R
    at gsignal.c line 2523
  • #16 IA__g_signal_emit_valist
    at gsignal.c line 2254
  • #17 IA__g_signal_emit
    at gsignal.c line 2288
  • #18 gtk_widget_event_internal
    at gtkwidget.c line 3735
  • #19 IA__gtk_main_do_event
    at gtkmain.c line 1370
  • #20 gdk_window_process_updates_internal
    at gdkwindow.c line 2215
  • #21 IA__gdk_window_process_all_updates
    at gdkwindow.c line 2268
  • #22 gtk_container_idle_sizer
    at gtkcontainer.c line 1117
  • #23 g_idle_dispatch
    at gmain.c line 3817
  • #24 IA__g_main_context_dispatch
    at gmain.c line 1934
  • #25 g_main_context_iterate
    at gmain.c line 2565
  • #26 IA__g_main_loop_run
    at gmain.c line 2769
  • #27 IA__gtk_main
    at gtkmain.c line 991
  • #28 main
    at main.c line 295 


Other information:
It seems, that two threads do some stuff in libfontconfig and override each
other some parts of the memory. Either libfontconfig is not thread-safe or it is
used somehow incorrectly.
Comment 1 Christian Kirbach 2006-01-26 18:54:36 UTC 
This looks like a fontconfig problem to me, but we let the evince maintainers decide. it is a good strack trace.
Comment 2 Nickolay V. Shmyrev 2006-12-22 06:54:06 UTC 
*** Bug 388280 has been marked as a duplicate of this bug. ***