GNOME Bugzilla – Bug 538761
evince reliably crashes on this .pdf
Last modified: 2008-06-18 10:12:58 UTC
Steps to reproduce: Simply opening the pdf is enough. Stack trace: It will not even open up bug-buddy to print a stack trace: evince review_mkl_tpami.pdf evince: ../../src/xcb_lock.c:77: _XGetXCBBuffer: Assertion `((int) ((xcb_req) - (dpy->request)) >= 0)' failed. Multiple segmentation faults occurred; can't display error dialog But using valgrind and gdb I managed to get some further info's: ==5537== Memcheck, a memory error detector. ==5537== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==5537== Using LibVEX rev 1854, a library for dynamic binary translation. ==5537== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==5537== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework. ==5537== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==5537== For more details, rerun with: -v ==5537== ==5537== Thread 2: ==5537== Invalid read of size 4 ==5537== at 0x50FA069: OCGs::findOcgByRef(Ref const&) (OptionalContent.cc:165) ==5537== by 0x50FA6C8: OCGs::optContentIsVisible(Object*) (OptionalContent.cc:210) ==5537== by 0x50B35F0: Gfx::opBeginMarkedContent(Object*, int) (Gfx.cc:4142) ==5537== by 0x50B2A71: Gfx::execOp(Object*, Object*, int) (Gfx.cc:740) ==5537== by 0x50B2C4D: Gfx::go(int) (Gfx.cc:611) ==5537== by 0x50B857E: Gfx::display(Object*, int) (Gfx.cc:580) ==5537== by 0x50FD8D5: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:414) ==5537== by 0x48EAC02: _poppler_page_render(_PopplerPage*, _cairo*, int) (poppler-page.cc:529) ==5537== by 0x48EAD36: poppler_page_render (poppler-page.cc:550) ==5537== by 0x7E90924: pdf_document_render(_EvDocument*, _EvRenderContext*) (ev-poppler.cc:488) ==5537== by 0x40642CF: ev_document_render (ev-document.c:221) ==5537== by 0x806118D: ev_job_render_run (ev-jobs.c:372) ==5537== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==5537== ==5537== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 214 from 2) ==5537== malloc/free: in use at exit: 8,441,372 bytes in 73,763 blocks. ==5537== malloc/free: 1,386,324 allocs, 1,312,561 frees, 105,812,301 bytes allocated. ==5537== For counts of detected errors, rerun with: -v ==5537== searching for pointers to 73,763 not-freed blocks. ==5537== checked 17,089,572 bytes. ==5537== ==5537== LEAK SUMMARY: ==5537== definitely lost: 230,681 bytes in 8,155 blocks. ==5537== possibly lost: 272,926 bytes in 323 blocks. ==5537== still reachable: 7,937,765 bytes in 65,285 blocks. ==5537== suppressed: 0 bytes in 0 blocks. ==5537== Rerun with --leak-check=full to see details of leaked memory. $ gdb evince GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... (gdb) r review_mkl_tpami.pdf Starting program: /usr/bin/evince review_mkl_tpami.pdf [Thread debugging using libthread_db enabled] [New Thread 0xb6adf940 (LWP 8565)] [New Thread 0xb6785b90 (LWP 8579)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb6785b90 (LWP 8579)] 0xb6e81069 in OCGs::findOcgByRef (this=0x985f480, ref=@0xb6784dd4) at OptionalContent.cc:165 165 OptionalContent.cc: No such file or directory. in OptionalContent.cc Current language: auto; currently c++ (gdb) thread apply all bt
+ Trace 200653
Thread 2 (Thread 0xb6785b90 (LWP 8579))
Other information:
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find. *** This bug has been marked as a duplicate of 538179 ***