After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 528484 - Reproducible segfault of Poppler when selecting text
Reproducible segfault of Poppler when selecting text
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: PDF
2.22.x
Other All
: Normal critical
: ---
Assigned To: Evince Maintainers
Evince Maintainers
: 501673 504021 532547 556231 556746 557211 557217 557626 557668 558574 559566 561365 561424 564765 567768 568310 569780 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-04-16 21:36 UTC by Robin Stocker
Modified: 2009-01-30 10:32 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22


Description Robin Stocker 2008-04-16 21:36:25 UTC 
Steps to reproduce:
1. Download the PDF version of the document at http://research.sun.com/techrep/1996/abstract-52.html
2. Open it in Evince and navigate to page 66 of the PDF
3. Start a selection with the word "The" at the bottom of the page in the sentence "The algorithm connects the send to all k templates" by double-clicking on the "h" and then dragging the selection down to the next line (mousedown-mouseup-mousedown-drag).
4. Witness crash :)

Stack trace:
Program received signal SIGSEGV, Segmentation fault.
0x00007f914bf41597 in TextLine::visitSelection () from /usr/lib/libpoppler.so.2
(gdb) backtrace

+ Trace 195414

  • #0 TextLine::visitSelection
    from /usr/lib/libpoppler.so.2
  • #1 TextBlock::visitSelection
    from /usr/lib/libpoppler.so.2
  • #2 TextPage::visitSelection
    from /usr/lib/libpoppler.so.2
  • #3 TextPage::getSelectionRegion
    from /usr/lib/libpoppler.so.2
  • #4 poppler_page_get_selection_region
    from /usr/lib/libpoppler-glib.so.2
  • #5 ev_pixbuf_cache_get_selection_surface
    at /build/buildd/evince-2.22.1.1/./shell/ev-pixbuf-cache.c line 1026
  • #6 merge_selection_region
    at /build/buildd/evince-2.22.1.1/./shell/ev-view.c line 5577
  • #7 compute_selections
    at /build/buildd/evince-2.22.1.1/./shell/ev-view.c line 5652
  • #8 selection_update_idle_cb
    at /build/buildd/evince-2.22.1.1/./shell/ev-view.c line 2885
  • #9 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #10 ??
    from /usr/lib/libglib-2.0.so.0
  • #11 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #12 gtk_main
    from /usr/lib/libgtk-x11-2.0.so.0
  • #13 main
    at /build/buildd/evince-2.22.1.1/./shell/main.c line 412 

Other information:
Evince 2.22.1.1
poppler 0.6.4 (cairo)
Comment 1 Carlos Garcia Campos 2008-04-17 09:02:54 UTC 
I can't reproduce it with poppler from git master. Current poppler stable is 0.8, please upgrade it, 0.6.4 is an old version.
Comment 2 Robin Stocker 2008-04-18 00:09:09 UTC 
Ok, I just checkout out the Evince SVN trunk and poppler git master, built both and tried the specific procedure again. The info page now says "poppler 0.8.0 (cairo)", so it's the right one. Here's what I get:


Program received signal SIGSEGV, Segmentation fault.
TextLine::visitSelection (this=0xd16d50, visitor=0x7fff21889ba0, selection=0x7fff21889a90, style=selectionStyleWord) at TextOutputDev.cc:3778
3778	    child_selection.x1 = begin->xMin;
Current language:  auto; currently c++
(gdb) backtrace

+ Trace 195505

  • #0 TextLine::visitSelection
    at TextOutputDev.cc line 3778
  • #1 TextBlock::visitSelection
    at TextOutputDev.cc line 3878
  • #2 TextPage::visitSelection
    at TextOutputDev.cc line 3952
  • #3 TextPage::getSelectionRegion
    at TextOutputDev.cc line 3974
  • #4 poppler_page_get_selection_region
    at poppler-page.cc line 1041
  • #5 pdf_selection_get_selection_region
    at ev-poppler.cc line 1987
  • #6 ev_pixbuf_cache_get_selection_surface
    at ev-pixbuf-cache.c line 1016
  • #7 merge_selection_region
    at ev-view.c line 5569
  • #8 compute_selections
    at ev-view.c line 5644
  • #9 selection_update_idle_cb
    at ev-view.c line 2877
  • #10 g_main_context_dispatch
    from /usr/lib/libglib-2.0.so.0
  • #11 ??
    from /usr/lib/libglib-2.0.so.0
  • #12 g_main_loop_run
    from /usr/lib/libglib-2.0.so.0
  • #13 gtk_main
    from /usr/lib/libgtk-x11-2.0.so.0
  • #14 main
    at main.c line 401 


Maybe you didn't do exactly the same as I did, or maybe it's platform-specific (I'm on x86_64), but it's reproducible for me. Selection has to start with double-clicking on the "h" and dragging down, so it's a fairly specific bug. I'm happy to try out patches if you have some ideas.
Comment 3 Carlos Garcia Campos 2008-04-19 10:39:22 UTC 
In any case this is a crash in poppler, so I've just moved it to the freedesktop bugzilla:

https://bugs.freedesktop.org/show_bug.cgi?id=15606

Thanks.
Comment 4 Cosimo Cecchi 2008-05-23 09:52:00 UTC 
*** Bug 532547 has been marked as a duplicate of this bug. ***
Comment 5 Cosimo Cecchi 2008-05-23 09:52:50 UTC 
*** Bug 504021 has been marked as a duplicate of this bug. ***
Comment 6 Cosimo Cecchi 2008-09-20 17:46:18 UTC 
*** Bug 501673 has been marked as a duplicate of this bug. ***
Comment 7 André Klapper 2008-10-23 22:40:10 UTC 
*** Bug 556231 has been marked as a duplicate of this bug. ***
Comment 8 André Klapper 2008-10-23 22:40:14 UTC 
*** Bug 556746 has been marked as a duplicate of this bug. ***
Comment 9 André Klapper 2008-10-23 22:40:16 UTC 
*** Bug 557211 has been marked as a duplicate of this bug. ***
Comment 10 André Klapper 2008-10-23 22:40:18 UTC 
*** Bug 557217 has been marked as a duplicate of this bug. ***
Comment 11 André Klapper 2008-10-23 22:40:20 UTC 
*** Bug 557626 has been marked as a duplicate of this bug. ***
Comment 12 André Klapper 2008-10-23 22:40:22 UTC 
*** Bug 557668 has been marked as a duplicate of this bug. ***
Comment 13 Susana 2008-11-02 11:51:42 UTC 
*** Bug 558574 has been marked as a duplicate of this bug. ***
Comment 14 Carlos Garcia Campos 2008-11-07 08:11:17 UTC 
*** Bug 559566 has been marked as a duplicate of this bug. ***
Comment 15 palfrey 2008-11-18 18:34:44 UTC 
*** Bug 561365 has been marked as a duplicate of this bug. ***
Comment 16 palfrey 2008-11-19 17:57:54 UTC 
*** Bug 561424 has been marked as a duplicate of this bug. ***
Comment 17 Carlos Garcia Campos 2008-11-20 08:37:04 UTC 
Finally fixed in poppler. See https://bugs.freedesktop.org/show_bug.cgi?id=15606
Comment 18 palfrey 2008-12-17 00:53:26 UTC 
*** Bug 564765 has been marked as a duplicate of this bug. ***
Comment 19 palfrey 2009-01-15 02:07:15 UTC 
*** Bug 567768 has been marked as a duplicate of this bug. ***
Comment 20 palfrey 2009-01-19 21:16:22 UTC 
*** Bug 568310 has been marked as a duplicate of this bug. ***
Comment 21 Carlos Garcia Campos 2009-01-30 10:32:07 UTC 
*** Bug 569780 has been marked as a duplicate of this bug. ***