GNOME Bugzilla – Bug 683172
Crash when doing a search in continuous dual page view and no page shown in the screen
Last modified: 2013-06-14 16:39:38 UTC
I am able to reproduce this easily with a certain document in dual page layout. Document: http://www.kvv.de/fileadmin/user_upload/kvv/dokumente/netz/liniennetz/2012/L0SCHI_SEP12_Internet.pdf 1. Open the document. It should now be in dual page mode, scrolled to the top left corner so that nothing is visible 2. Start searching. Ctrl+F 3. Enter a search term, eg. "bann" it will crash. Apparently page is -1, which means that the ev_view_find_get_n_results is passing an invalid pointer over to g_list_length. Setting to minor, as it seems to only happen if you start searching right away, but not when scrolling around in the document first. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4550610 in g_list_length () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 (gdb) bt
+ Trace 230779
$2 = -1
Hm, looks like the paste from gdb is not fully displayed above. The "-1" is the current_page.
+ Trace 230780
Oh... indeed, the current_page is -1 in the case reported in Comment 0... At first sight I can't catch where it is being set to -1. @Benjamin. crashes should be always marked as critical, even if they don't occur often.
Benjamin, Can you reproduce the bug with newer evince? I was able to reproduce it with 3.4.0 but not with 3.8.2.
I am still able to reproduce it (tried it with a different document). The important part is, that directly after opening evince, you don't see any page on screen (because it is to the right). For that you need to enable dual page view, and scroll to the top left corner. Apparently it is also necessary to wait a bit so that the state is saved when evince closes. After doing the above (dual page view + scrolling + waiting + closing) I can reproduce the issue with the document when starting evince again. This is version 3.8.2 (debian unstable/experimental).
Not reproducible here using evince, gtk+ git master and poppler 0.22 branch.
After installing gvfs in my jhbuild, I can reproduce it with master. Program received signal SIGSEGV, Segmentation fault. g_list_length (list=0x11) at glist.c:918 918 list = list->next;
+ Trace 232048
Thread 1 (Thread 0xb599aac0 (LWP 24142))
I forgot to mention: These are the file attributes I have for the document: metadata::evince::continuous: 1 metadata::evince::dual-page: 1 metadata::evince::dual-page-odd-left: 0 metadata::evince::fullscreen: 0 metadata::evince::inverted-colors: 0 metadata::evince::page: 0 metadata::evince::show_toolbar: 1 metadata::evince::sidebar_page: thumbnails metadata::evince::sidebar_size: 255 metadata::evince::sidebar_visibility: 0 metadata::evince::sizing_mode: free metadata::evince::window_height: 774 metadata::evince::window_maximized: 0 metadata::evince::window_width: 1018 metadata::evince::zoom: 0.70710676908493042 metadata::evince::window_x: 124 metadata::evince::window_y: 156 To reproduce the bug: 1. I open the document, which already has the attributes described above. 2. Ctrl-F 3. Try to type 'bann' 4. Segfault after entering 'b'
I think I know where the problem is, but not how to solve it.
+ Trace 232052
jump_to_find_result (view); There is nothing to do here, view->current_page = -1
Damn bugzilla. Rewriting my comment: 10 ... in ev_job_find_run (job=0x8488170) at ev-jobs.c:1593 g_signal_emit (job_find, job_find_signals[FIND_UPDATED], 0, job_find->current_page); job_find->current_page is 0. [signal emitted] 4 ... in find_job_updated_cb (job=0x8488170, page=0, view=0x837a028) at ev-view.c:6423 ev_view_find_changed (view, ev_job_find_get_results (job), page); page = 0. But, from now on evince relies on view, whose current_page = -1. I think it is -1 because there is no page visible (it is outside of the view area because of the zoom), in spite the document only has 1 page. 3 ... in ev_view_find_changed (view=0x837a028, results=0x85547c0, page=0) at ev-view.c:6451
FWIW, I can reproduce the bug with any document. The document has to be opened twice. 1. Open a document 2. Set to Dual Page 3. Set the zoom to high percentage. The purpose is to make the drawing area grey, that is, no page shown. 4. Close the document. 5. Re-open the document. If it stores the metadata, then, there is no "current_page" because a grey background is shown. 6. Ctrl-F 7. Enter any character. 8. Segfault.
Updated the summary. The issue only happens in continuous mode with dual page.
Created attachment 246773 [details] [review] libview: Don't update current_page to negative number In continuous mode with dual page view, there is a chance that the pages were outside of the scroll view. When opening a document in such circumstances, the current page should not be updated to a negative number when already has the first page as default. This fixes a crash when searching with a negative current page.
Review of attachment 246773 [details] [review]: Good catch! ::: libview/ev-view.c @@ +740,3 @@ best_current_page = MAX (best_current_page, view->start_page); + if (best_current_page >=0 && view->current_page != best_current_page) { leave a space after >=
Review of attachment 246773 [details] [review]: Committed in both master and gnome-3-8.