After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 538179 - crash in Document Viewer: opening a pdf
crash in Document Viewer: opening a pdf
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: general
2.22.x
Other All
: High critical
: ---
Assigned To: Evince Maintainers
Evince Maintainers
: 536216 538721 538759 538761 539389 539583 540294 540609 540613 540824 541679 541849 542681 543067 543124 543530 544471 545324 564096 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2008-06-13 18:20 UTC by bugreports
Modified: 2008-12-11 21:08 UTC
See Also:
GNOME target: ---
GNOME version: 2.21/2.22

Attachments
Patch for poppler library (892 bytes, patch)
2008-06-20 07:48 UTC, Antoine Cailliau 		none Details | Review

Description bugreports 2008-06-13 18:20:28 UTC 
Version: 2.22.2

What were you doing when the application crashed?
opening a pdf


Distribution: Debian lenny/sid
Gnome Release: 2.22.2 2008-05-29 (Debian)
BugBuddy Version: 2.22.0

System: Linux 2.6.26-rc5-sonne #29 SMP PREEMPT Thu Jun 12 13:48:05 CEST 2008 i686
X Vendor: The X.Org Foundation
X Vendor Release: 10400090
Selinux: No
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: gnome

Memory status: size: 63303680 vsize: 63303680 resident: 34234368 share: 12734464 rss: 34234368 rss_rlim: 4294967295
CPU usage: start_time: 1213381150 rtime: 101 utime: 91 stime: 10 cutime:0 cstime: 0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/evince'

[Thread debugging using libthread_db enabled]
[New Thread 0xb6c2e940 (LWP 29317)]
[New Thread 0xb68d4b90 (LWP 29318)]
0xb80d0424 in __kernel_vsyscall ()

+ Trace 200338

Thread 2 (Thread 0xb68d4b90 (LWP 29318))

  • #0 __kernel_vsyscall
  • #1 waitpid
    from /lib/i686/cmov/libpthread.so.0
  • #2 IA__g_spawn_sync
    at /build/buildd/glib2.0-2.16.3/glib/gspawn.c line 374
  • #3 IA__g_spawn_command_line_sync
    at /build/buildd/glib2.0-2.16.3/glib/gspawn.c line 682
  • #4 ??
    from /usr/lib/gtk-2.0/modules/libgnomebreakpad.so
  • #5 <signal handler called>
  • #6 OCGs::findOcgByRef
    at OptionalContent.cc line 165
  • #7 OCGs::optContentIsVisible
    at OptionalContent.cc line 210
  • #8 Gfx::opBeginMarkedContent
    at Gfx.cc line 4142
  • #9 Gfx::execOp
    at Gfx.cc line 740
  • #10 Gfx::go
    at Gfx.cc line 611
  • #11 Gfx::display
    at Gfx.cc line 580
  • #12 Page::displaySlice
    at Page.cc line 414
  • #13 _poppler_page_render
    at poppler-page.cc line 529
  • #14 poppler_page_render
    at poppler-page.cc line 550
  • #15 pdf_document_render
    at /tmp/buildd/evince-2.22.2/./backend/pdf/ev-poppler.cc line 488
  • #16 ev_document_render
    at /tmp/buildd/evince-2.22.2/./libdocument/ev-document.c line 221
  • #17 ev_job_render_run
    at /tmp/buildd/evince-2.22.2/./shell/ev-jobs.c line 372
  • #18 handle_job
    at /tmp/buildd/evince-2.22.2/./shell/ev-job-queue.c line 137
  • #19 ev_render_thread
    at /tmp/buildd/evince-2.22.2/./shell/ev-job-queue.c line 264
  • #20 g_thread_create_proxy
    at /build/buildd/glib2.0-2.16.3/glib/gthread.c line 635
  • #21 start_thread
    from /lib/i686/cmov/libpthread.so.0
  • #22 clone
    from /lib/i686/cmov/libc.so.6 


----------- .xsession-errors ---------------------
evince: ../../src/xcb_lock.c:33: _XCBUnlockDisplay: Assertion `xcb_get_request_sent(dpy->xcb->connection) == dpy->request' failed.
Multiple segmentation faults occurred; can't display error dialog
Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x2600003 (Evince Doc)
Window manager warning: meta_window_activate called by a pager with a 0 timestamp; the pager needs to be fixed.
Cannot access memory at address 0xd
Cannot access memory at address 0xd
--------------------------------------------------
Comment 1 Antoine Cailliau 2008-06-15 16:14:16 UTC 
Is it possible to have a copy of the pdf file ? I had (and fixed) a similar bug yesterday
Comment 2 Cosimo Cecchi 2008-06-18 10:12:23 UTC 
*** Bug 536216 has been marked as a duplicate of this bug. ***
Comment 3 Cosimo Cecchi 2008-06-18 10:12:37 UTC 
*** Bug 538721 has been marked as a duplicate of this bug. ***
Comment 4 Cosimo Cecchi 2008-06-18 10:12:45 UTC 
*** Bug 538759 has been marked as a duplicate of this bug. ***
Comment 5 Cosimo Cecchi 2008-06-18 10:12:58 UTC 
*** Bug 538761 has been marked as a duplicate of this bug. ***
Comment 6 Cosimo Cecchi 2008-06-18 10:14:25 UTC 
Dear reporters,
could you please post a copy of the PDF file that triggers this crash?
Comment 7 Antoine Cailliau 2008-06-19 12:17:30 UTC 
Hi developers, 

I think I need your help. I've found a file that is causing this segfault. It is the apple human guidelines.

After reading carefully backtraces and gdb outputs. I think I've located the segfault.

Here is the function causing the bug.

OptionalContentGroup* OCGs::findOcgByRef( const Ref &ref)
{
  //TODO: make this more efficient
  OptionalContentGroup *ocg = NULL;
  for (int i=0; i < optionalContentGroups->getLength(); ++i) {
    ocg = (OptionalContentGroup*)optionalContentGroups->get(i);
    if ( (ocg->ref().num == ref.num) && (ocg->ref().gen == ref.gen) ) {
      return ocg;
    }
  }
  // not found
  return NULL;
}

Indeed the segfault is caused by a null reference of optionalContentGroups. If I had a test around the function to test if this reference is null or not, the bug is obsviously fixed but it is wrong ! I think we need to spot where the problem really come from.

Do you have any tips to give to me to find the source of the bug ?
Thanks for your help.
Comment 8 Antoine Cailliau 2008-06-19 12:18:50 UTC 
Also, you can see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484224 for a crashing pdf file.
Comment 9 Nickolay V. Shmyrev 2008-06-19 19:22:03 UTC 
You can just check that ocg is not NULL befor using it. This will fix the bug.
Comment 10 Antoine Cailliau 2008-06-20 07:48:08 UTC 
Created attachment 113098 [details] [review]
Patch for poppler library
Comment 11 Antoine Cailliau 2008-06-20 07:49:00 UTC 
Here is a proposal of patch. Thanks for reviewing it. (Sorry for the two messages, I saw too late I'm able to put comments on attachment)
Comment 12 Nickolay V. Shmyrev 2008-06-20 08:04:45 UTC 
Thanks a lot Antoine. But there is one issue, we can't really review this patch since we don't manage poppler. Can you please forward this bug and patch in poppler bugzilla on http://poppler.freedesktop.org
Comment 13 Carlos Garcia Campos 2008-06-20 08:20:45 UTC 
No, please. This crash was already fixed in poppler. I think the problem is in the document itself though, since it doesn't have an OCProperties dictionary in the catalog. At least poppler doesn't crash anymore. 

Sorry for not answering before, thanks for your help.
Comment 14 bugreports 2008-06-20 08:26:28 UTC 
In which poppler version has this bug in poppler been fixed?
Comment 15 Carlos Garcia Campos 2008-06-20 08:59:24 UTC 
poppler 0.8.3
Comment 16 Susana 2008-06-22 12:47:48 UTC 
*** Bug 539389 has been marked as a duplicate of this bug. ***
Comment 17 Susana 2008-06-22 12:48:01 UTC 
*** Bug 539583 has been marked as a duplicate of this bug. ***
Comment 18 Gianluca Borello 2008-06-26 11:53:05 UTC 
*** Bug 540294 has been marked as a duplicate of this bug. ***
Comment 19 Bruno Boaventura 2008-06-28 14:19:50 UTC 
*** Bug 540609 has been marked as a duplicate of this bug. ***
Comment 20 Bruno Boaventura 2008-06-28 14:20:12 UTC 
*** Bug 540613 has been marked as a duplicate of this bug. ***
Comment 21 Gianluca Borello 2008-06-30 09:08:32 UTC 
*** Bug 540824 has been marked as a duplicate of this bug. ***
Comment 22 Susana 2008-07-06 13:00:57 UTC 
*** Bug 541679 has been marked as a duplicate of this bug. ***
Comment 23 Susana 2008-07-13 20:29:45 UTC 
*** Bug 541849 has been marked as a duplicate of this bug. ***
Comment 24 Susana 2008-07-13 20:29:55 UTC 
*** Bug 542681 has been marked as a duplicate of this bug. ***
Comment 25 Cosimo Cecchi 2008-07-15 12:12:40 UTC 
*** Bug 543067 has been marked as a duplicate of this bug. ***
Comment 26 Susana 2008-07-20 09:17:17 UTC 
*** Bug 543124 has been marked as a duplicate of this bug. ***
Comment 27 Susana 2008-07-20 09:17:29 UTC 
*** Bug 543530 has been marked as a duplicate of this bug. ***
Comment 28 Baptiste Mille-Mathias 2008-07-24 03:15:24 UTC 
*** Bug 544471 has been marked as a duplicate of this bug. ***
Comment 29 Carlos Garcia Campos 2008-07-29 14:18:53 UTC 
*** Bug 545324 has been marked as a duplicate of this bug. ***
Comment 30 Bruno Boaventura 2008-12-11 21:08:13 UTC 
*** Bug 564096 has been marked as a duplicate of this bug. ***