Bug 733402 – Evince crashes with segmentation fault

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 733402 - Evince crashes with segmentation fault


Summary:	Evince crashes with segmentation fault


Status:	RESOLVED NOTGNOME

Product:	evince
Classification:	Core
Component:	PDF
Version:	3.10.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Evince Maintainers
QA Contact:	Evince Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-07-19 14:42 UTC by Jens Herrmann
Modified:	2014-09-03 09:13 UTC

See Also:	https://bugs.freedesktop.org/show_bug.cgi?id=81624
GNOME target:	---
GNOME version:	---

Attachments
example pdf (341.36 KB, application/pdf) 2014-07-19 14:42 UTC, Jens Herrmann	Details
more examples (1.25 MB, application/pdf) 2014-09-03 08:56 UTC, Jens Herrmann	Details
more examples (1.31 MB, application/pdf) 2014-09-03 09:01 UTC, Jens Herrmann	Details
more examples (1.48 MB, application/pdf) 2014-09-03 09:03 UTC, Jens Herrmann	Details
more examples (944.61 KB, application/pdf) 2014-09-03 09:04 UTC, Jens Herrmann	Details
more examples (1.02 MB, application/zip) 2014-09-03 09:06 UTC, Jens Herrmann	Details

Description Jens Herrmann 2014-07-19 14:42:33 UTC

Created attachment 281183 [details]
example pdf

1. Open the pdf attached
2. See evince crashing with segmentation fault

I tried to deliver a backtrace but failed. Behaviour is somewhat different in gdb - evince freezes now and does not crash. When I close evince and get back to the terminal I am not able to type anything in the command line. CTRC+C does not help.
This is how far I got:

GNU gdb (Ubuntu 7.7-0ubuntu3) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from evince...(no debugging symbols found)...done.
(gdb) sd[K[Khandle SIG33 pass nostop noprint
Signal Stop Print Pass to program Description
SIG33 No No Yes Real-time event 33
(gdb) set pagination 0
(gdb) run
Starting program: /usr/bin/evince
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7f0453194700 (LWP 25150)]
[New Thread 0x7f0452786700 (LWP 25151)]
[New Thread 0x7f0451f85700 (LWP 25152)]
[New Thread 0x7f0451784700 (LWP 25153)]
[New Thread 0x7f042d761700 (LWP 25154)]
[Thread 0x7f042d761700 (LWP 25154) exited]
[New Thread 0x7f042d761700 (LWP 25158)]
[Thread 0x7f042d761700 (LWP 25158) exited]
[New Thread 0x7f042d761700 (LWP 25162)]
[New Thread 0x7f04274ce700 (LWP 25163)]
[New Thread 0x7f0426ccd700 (LWP 25164)]
[Thread 0x7f04274ce700 (LWP 25163) exited]
[Thread 0x7f0426ccd700 (LWP 25164) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f042d761700 (LWP 25162)]
0x00007f045c8effd5 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
(gdb)

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: evince 3.10.3-0ubuntu10
ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri May 16 09:51:48 2014
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-11-26 (170 days ago)
InstallationMedia: Xubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016)
SourcePackage: evince
UpgradeStatus: Upgraded to trusty on 2014-04-22 (23 days ago)

################################
There are more example pdf files available at https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1320132 where I reported the bug before.

Comment 1 Germán Poo-Caamaño 2014-07-19 15:01:54 UTC

I don't have problems opening the document attached.  However, the document another document in launchpad (https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1320132/+attachment/4117773/+files/013.pdf) makes crash evince master (but no 3.4.0).

The regression seems to be either in Cairo or Poppler. Here is the backtrace:

Starting program: /home/gpoo/code/evince/install/bin/evince 013.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb53a2b40 (LWP 13574)]
[New Thread 0xb49ffb40 (LWP 13575)]
[New Thread 0xb3fffb40 (LWP 13581)]
[New Thread 0xa2eb8b40 (LWP 13582)]
[New Thread 0xa2281b40 (LWP 13583)]
[New Thread 0xa1047b40 (LWP 13584)]
[New Thread 0xa06ffb40 (LWP 13585)]
[New Thread 0x9fefeb40 (LWP 13586)]
[New Thread 0x9f6fdb40 (LWP 13587)]
[New Thread 0x9ecffb40 (LWP 13588)]
[Thread 0x9f6fdb40 (LWP 13587) exited]
[Thread 0xb49ffb40 (LWP 13575) exited]
[Thread 0xa06ffb40 (LWP 13585) exited]
[Thread 0x9ecffb40 (LWP 13588) exited]
[Thread 0xa1047b40 (LWP 13584) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xa2281b40 (LWP 13583)]
0xb37a0c70 in CairoOutputDev::endTransparencyGroup (this=0xa1931c70)
    at CairoOutputDev.cc:1500
1500	  if (groupColorSpaceStack->next && groupColorSpaceStack->next->knockout) {

+ Trace 233843

Thread 6 (Thread 0xa2281b40 (LWP 13583))

#0 CairoOutputDev::endTransparencyGroup
at CairoOutputDev.cc line 1500
#1 CairoOutputDev::unsetSoftMaskFromImageMask
at CairoOutputDev.cc line 1932
#2 Gfx::doPatternImageMask
at Gfx.cc line 2097
#3 Gfx::doImage
at Gfx.cc line 4370
#4 Gfx::opXObject
at Gfx.cc line 4179
#5 Gfx::execOp
at Gfx.cc line 903
#6 Gfx::go
at Gfx.cc line 762
#7 Gfx::display
at Gfx.cc line 728
#8 Page::displaySlice
at Page.cc line 585
#9 _poppler_page_render
at poppler-page.cc line 362
#10 pdf_page_render
at ev-poppler.cc line 415
#11 pdf_document_render
at ev-poppler.cc line 442
#12 ev_document_render
at ev-document.c line 688
#13 ev_job_render_run
at ev-jobs.c line 638
#14 ev_job_run
at ev-jobs.c line 215
#15 ev_job_thread
at ev-job-scheduler.c line 184
#16 ev_job_thread_proxy
at ev-job-scheduler.c line 217
#17 g_thread_proxy
at gthread.c line 764
#18 start_thread
at pthread_create.c line 308
#19 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Comment 2 Germán Poo-Caamaño 2014-07-21 23:59:52 UTC

Thanks for taking the time to report this bug. This particular bug is in Poppler (or cairo), the library used by Evince to render PDF.  The bug has been forwared to its own bugzilla.

Please, feel free to follow the progress in https://bugs.freedesktop.org/show_bug.cgi?id=81624

Comment 3 Jens Herrmann 2014-09-03 08:56:07 UTC

Created attachment 285231 [details]
more examples

more examples

Comment 4 Jens Herrmann 2014-09-03 09:01:57 UTC

Created attachment 285232 [details]
more examples

Comment 5 Jens Herrmann 2014-09-03 09:03:22 UTC

Created attachment 285233 [details]
more examples

Comment 6 Jens Herrmann 2014-09-03 09:04:11 UTC

Created attachment 285234 [details]
more examples

Comment 7 Jens Herrmann 2014-09-03 09:06:39 UTC

Created attachment 285235 [details]
more examples

Comment 8 Germán Poo-Caamaño 2014-09-03 09:13:31 UTC

Please, don't attach more files.  The problem was in Poppler, which was already fixed there. See https://bugs.freedesktop.org/show_bug.cgi?id=81624

It is up to your distribution to update poppler or backport the patch.  But attaching more files is not going to get you anywhere.