After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 737365 - evince: regression: traps: evince[25787] general protection fault
evince: regression: traps: evince[25787] general protection fault
Status: RESOLVED FIXED
Product: evince
Classification: Core
Component: general
3.14.x
Other Linux
: Normal major
: ---
Assigned To: Evince Maintainers
Evince Maintainers
: 737105 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2014-09-25 13:16 UTC by Julian Andres Klode
Modified: 2014-09-27 13:46 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Backtrace (23.30 KB, text/x-log)
2014-09-25 13:16 UTC, Julian Andres Klode 		  Details
PDF to reproduce (37.56 KB, application/pdf)
2014-09-25 14:30 UTC, Julian Andres Klode 		  Details
shell: window-title needs to hold a reference to document (967 bytes, patch)
2014-09-25 16:25 UTC, José Aliste 		reviewed Details | Review
window-title: Keep a weak ref on the document (2.03 KB, patch)
2014-09-27 10:32 UTC, Carlos Garcia Campos 		committed Details | Review

Description Julian Andres Klode 2014-09-25 13:16:59 UTC 
Created attachment 287077 [details]
Backtrace

[I initially reported this on Debian http://bugs.debian.org/762806]

Opening a PDF a second time; or rebuilding the PDF, causes evince
to crash with a general protection fault (in almost all cases,
sometimes it works).

traps: evince[25787] general protection ip:7f2af00e6c8d sp:7fff3a933378 error:0 in libgobject-2.0.so.0.4200.0[7f2af00b6000+51000]

This did not happen in 3.12, but happened in all 3.13 release(s?) I
tried and the 3.14 one.

Versions of packages evince depends on:
ii  evince-common              3.14.0-1
ii  gnome-icon-theme-symbolic  3.12.0-1
ii  libatk1.0-0                2.12.0-1
ii  libc6                      2.19-11
ii  libcairo-gobject2          1.12.16-5
ii  libcairo2                  1.12.16-5
ii  libevdocument3-4           3.14.0-1
ii  libevview3-3               3.14.0-1
ii  libgdk-pixbuf2.0-0         2.30.8-1
ii  libglib2.0-0               2.42.0-1
ii  libgtk-3-0                 3.14.0-1
ii  libnautilus-extension1a    3.14.0-1
ii  libpango-1.0-0             1.36.7-1
ii  libpangocairo-1.0-0        1.36.7-1
ii  libsecret-1-0              0.18-1
ii  libxml2                    2.9.1+dfsg1-4
ii  shared-mime-info           1.3-1
ii  zlib1g                     1:1.2.8.dfsg-2
Comment 1 José Aliste 2014-09-25 14:00:37 UTC 
(gdb) backtrace full

+ Trace 234126

Thread 1 (Thread 0x7ffff7fb9980 (LWP 29445))

  • #0 g_type_name
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gtype.c line 3302
  • #1 ev_window_title_sanitize_title
    at /tmp/buildd/evince-3.14.0/./shell/ev-window-title.c line 80
  • #2 ev_window_title_update
    at /tmp/buildd/evince-3.14.0/./shell/ev-window-title.c line 124
  • #3 ev_window_title_set_type
    at /tmp/buildd/evince-3.14.0/./shell/ev-window-title.c line 190
  • #4 ev_window_set_document
    at /tmp/buildd/evince-3.14.0/./shell/ev-window.c line 1616
  • #5 ev_window_document_changed_cb
    at /tmp/buildd/evince-3.14.0/./shell/ev-window.c line 4783
  • #6 g_closure_invoke
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gclosure.c line 768
  • #7 signal_emit_unlocked_R
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gsignal.c line 3553
  • #8 g_signal_emit_valist
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gsignal.c line 3309
  • #9 g_signal_emit
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gsignal.c line 3365
  • #10 g_object_dispatch_properties_changed
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gobject.c line 1056
  • #11 g_object_notify_by_spec_internal
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gobject.c line 1149
  • #12 g_object_notify
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gobject.c line 1197
  • #13 ev_document_model_set_document
    at /tmp/buildd/evince-3.14.0/./libview/ev-document-model.c line 381
  • #14 ev_window_reload_job_cb
    at /tmp/buildd/evince-3.14.0/./shell/ev-window.c line 1844
  • #15 _g_closure_invoke_va
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gclosure.c line 831
  • #16 g_signal_emit_valist
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gsignal.c line 3218
  • #17 g_signal_emit
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gobject/gsignal.c line 3365
  • #18 emit_finished
    at /tmp/buildd/evince-3.14.0/./libview/ev-jobs.c line 180
  • #19 g_main_dispatch
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./glib/gmain.c line 3111
  • #20 g_main_context_dispatch
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./glib/gmain.c line 3710
  • #21 g_main_context_iterate
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./glib/gmain.c line 3781
  • #22 g_main_context_iteration
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./glib/gmain.c line 3842
  • #23 g_application_run
    at /build/glib2.0-Dv_k6u/glib2.0-2.42.0/./gio/gapplication.c line 2282
  • #24 main
    at /tmp/buildd/evince-3.14.0/./shell/main.c line 316 






Comment 2


José Aliste





          2014-09-25 14:03:49 UTC
        



Could you please attach a test pdf file? this is dependent on fht filename and on the pdf metadata, so I can't reproduce the crash here.






Comment 3


Julian Andres Klode





          2014-09-25 14:30:01 UTC
        



Created attachment 287083 [details]
PDF to reproduce

Here's a PDF to reproduce it






Comment 4


José Aliste





          2014-09-25 14:59:12 UTC
        



ups.. :( Ok, thanks for the file. Will fix it as soon as possible, and we will need to make a new release.






Comment 5


José Aliste





          2014-09-25 16:25:15 UTC
        



Created attachment 287095 [details] [review]
shell: window-title needs to hold a reference to document

Otherwise the document pointer may become invalid
during document reloading.






Comment 6


José Aliste





          2014-09-25 16:27:18 UTC
        



The patch should fix the bug. We are setting the document pointer without adding to the ref-count. Thus, the pointer is becoming invalid in some situations, notably when reloading the document.






Comment 7


José Aliste





          2014-09-25 16:28:31 UTC
        



*** Bug 737105 has been marked as a duplicate of this bug. ***






Comment 8


Julian Andres Klode





          2014-09-25 16:44:20 UTC
        



I am happy to confirm that this patch fixes the bug.






Comment 9


Carlos Garcia Campos





          2014-09-27 10:29:22 UTC
        



Review of attachment 287095 [details] [review]:

This is not correct, you are keeping a reference for an old document that you are never releasing. So, I don't see why to keep the old document alive, and even less leaked :-) I think we could use a wek ref to clean up both, the document and doc_title when the document is destroyed.






Comment 10


Carlos Garcia Campos





          2014-09-27 10:32:06 UTC
        



Created attachment 287234 [details] [review]
window-title: Keep a weak ref on the document 

Could you confirm this fixes the crash?






Comment 11


Julian Andres Klode





          2014-09-27 11:13:19 UTC
        



Review of attachment 287234 [details] [review]:

This patch fixes the issue.






Comment 12


Carlos Garcia Campos





          2014-09-27 13:46:13 UTC
        



(In reply to comment #11)
> Review of attachment 287234 [details] [review]:
> 
> This patch fixes the issue.

Thanks for checking, I've just pushed it.