Bug 739103 – Segfault while opening PDF document

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 739103 - Segfault while opening PDF document


Summary:	Segfault while opening PDF document


Status:	RESOLVED DUPLICATE of bug 738846

Product:	evince
Classification:	Core
Component:	PDF
Version:	3.14.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Evince Maintainers
QA Contact:	Evince Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-10-24 04:16 UTC by fractophil+bugzilla
Modified:	2014-10-28 18:26 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
GDB backtrace (6.76 KB, text/plain) 2014-10-24 04:16 UTC, fractophil+bugzilla	Details

Description fractophil+bugzilla 2014-10-24 04:16:45 UTC

Created attachment 289244 [details]
GDB backtrace

When I open this PDF file, it displays the first few pages correctly before segfaulting as I scroll downward. I have opened this PDF successfully with Evince in the past year, so this is a new bug. I isolated the problem to page 21 of this document by bursting the document into individual pages with pdftk and opening each page with Evince individually. Sometimes scrolling to page 21 is insufficient, and I must zoom in/out on that page to make Evince crash.

The file is available here: http://cp.literature.agilent.com/litweb/pdf/34401-90004.pdf

I am running Arch Linux, and this bug occurs with the most recent packages (evince-3.14.1-2, cairo-1.14.0-1, and poppler-glib-0.26.5-1). I have been able to recompile these packages to obtain a backtrace (attached) with some of the debugging symbols. Some are still missing, so if you can't replicate this bug and need a more complete backtrace, I can work on adding in the missing debugging symbols.

Based on the backtrace, this may be related to Bug 738846. The bug may be in Cairo or Poppler; I haven't isolated it to Evince.

Comment 1 Germán Poo-Caamaño 2014-10-24 04:29:34 UTC

Pasting the backtrace as text:

$ gdb evince
GNU gdb (GDB) 7.8
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from evince...(no debugging symbols found)...done.
(gdb) run 34401-90004.pdf 
Starting program: /usr/bin/evince 34401-90004.pdf
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffec0f2700 (LWP 4099)]

(evince:4095): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4160:22: 'none' is not a valid color name
[New Thread 0x7fffeb8f1700 (LWP 4100)]
[New Thread 0x7fffeb0f0700 (LWP 4104)]
[New Thread 0x7fffea296700 (LWP 4105)]
[New Thread 0x7fffe99bc700 (LWP 4106)]

(evince:4095): Gtk-WARNING **: Symbolic icon window-close-symbolic-ltr of size 16 is in an icon theme directory of size 96

(evince:4095): GLib-GObject-WARNING **: The property GtkSettings:gtk-menu-images is deprecated and shouldn't be used anymore. It will be removed in a future version.
[New Thread 0x7fffd2e89700 (LWP 4107)]
[New Thread 0x7fffd2688700 (LWP 4108)]

(evince:4095): Gtk-WARNING **: Symbolic icon go-previous-symbolic-ltr of size 16 is in an icon theme directory of size 96

(evince:4095): Gtk-WARNING **: Symbolic icon go-next-symbolic-ltr of size 16 is in an icon theme directory of size 96

** (evince:4095): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE.  It is a known issue and it might be implemented in the future.

** (evince:4095): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE.  It is a known issue and it might be implemented in the future.

(evince:4095): Gtk-WARNING **: Symbolic icon edit-find-symbolic-ltr of size 16 is in an icon theme directory of size 96

(evince:4095): Gtk-WARNING **: Symbolic icon go-down-symbolic-ltr of size 16 is in an icon theme directory of size 96
[Thread 0x7fffd2688700 (LWP 4108) exited]
[Thread 0x7fffeb8f1700 (LWP 4100) exited]

Program received signal SIGSEGV, Segmentation fault.

+ Trace 234254

Thread 140737112688384 (LWP 4106)

#0 _fill_xrgb32_lerp_opaque_spans
at cairo-image-compositor.c line 2249
#1 blit_a8
at cairo-tor-scan-converter.c line 1635
#2 glitter_scan_converter_render
at cairo-tor-scan-converter.c line 1786
#3 _cairo_tor_scan_converter_generate
at cairo-tor-scan-converter.c line 1849
#4 composite_polygon
at cairo-spans-compositor.c line 801
#5 clip_and_composite_polygon
at cairo-spans-compositor.c line 967
#6 _cairo_spans_compositor_stroke
at cairo-spans-compositor.c line 1083
#7 _cairo_compositor_stroke
at cairo-compositor.c line 157
#8 _cairo_image_surface_stroke
at cairo-image-surface.c line 964
#9 _cairo_surface_stroke
at cairo-surface.c line 2270
#10 _cairo_gstate_stroke
at cairo-gstate.c line 1194
#11 _cairo_default_context_stroke
at cairo-default-context.c line 1010
#12 INT_cairo_stroke
at cairo.c line 2150
#13 CairoOutputDev::stroke(GfxState*)
from /usr/lib/libpoppler-glib.so.8
#14 Gfx::opStroke(Object*, int)
from /usr/lib/libpoppler.so.46
#15 Gfx::go(bool)
from /usr/lib/libpoppler.so.46
#16 Gfx::display(Object*, bool)
from /usr/lib/libpoppler.so.46
#17 Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool)
from /usr/lib/libpoppler.so.46
#18 ??
from /usr/lib/libpoppler-glib.so.8
#19 ??
from /usr/lib/evince/4/backends/libpdfdocument.so
#20 ??
from /usr/lib/evince/4/backends/libpdfdocument.so
#21 ??
from /usr/lib/libevview3.so.3
#22 ??
from /usr/lib/libevview3.so.3
#23 ??
from /usr/lib/libglib-2.0.so.0
#24 start_thread
from /usr/lib/libpthread.so.0
#25 clone
from /usr/lib/libc.so.6

Comment 2 fractophil+bugzilla 2014-10-28 01:10:18 UTC

I figured out the cause of the missing debug symbols and rebuilt Evince. Here is a more complete backtrace with the same PDF document:

$ gdb evince
GNU gdb (GDB) 7.8
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from evince...done.
(gdb) run 
34401-90004.pdf  backtrace.txt    pg_0021.pdf      report.txt       temp.pdf         
(gdb) run 34401-90004.pdf 
Starting program: /usr/bin/evince 34401-90004.pdf
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7fffec0f7700 (LWP 2324)]

(evince:2320): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:4160:22: 'none' is not a valid color name
[New Thread 0x7fffeb8f6700 (LWP 2325)]
[New Thread 0x7fffeb0f5700 (LWP 2329)]
[New Thread 0x7fffea29b700 (LWP 2330)]
[New Thread 0x7fffe99c0700 (LWP 2331)]

(evince:2320): Gtk-WARNING **: Symbolic icon window-close-symbolic-ltr of size 16 is in an icon theme directory of size 96

(evince:2320): GLib-GObject-WARNING **: The property GtkSettings:gtk-menu-images is deprecated and shouldn't be used anymore. It will be removed in a future version.
[New Thread 0x7fffd2e89700 (LWP 2332)]
[New Thread 0x7fffd2688700 (LWP 2333)]
[New Thread 0x7fffd1e87700 (LWP 2334)]

(evince:2320): Gtk-WARNING **: Symbolic icon go-previous-symbolic-ltr of size 16 is in an icon theme directory of size 96

(evince:2320): Gtk-WARNING **: Symbolic icon go-next-symbolic-ltr of size 16 is in an icon theme directory of size 96

(evince:2320): Gtk-WARNING **: Symbolic icon edit-find-symbolic-ltr of size 16 is in an icon theme directory of size 96

** (evince:2320): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE.  It is a known issue and it might be implemented in the future.

** (evince:2320): WARNING **: Unimplemented annotation: POPPLER_ANNOT_SQUARE.  It is a known issue and it might be implemented in the future.

(evince:2320): Gtk-WARNING **: Symbolic icon go-down-symbolic-ltr of size 16 is in an icon theme directory of size 96
[Thread 0x7fffd1e87700 (LWP 2334) exited]
[Thread 0x7fffeb8f6700 (LWP 2325) exited]
[Thread 0x7fffd2688700 (LWP 2333) exited]

Program received signal SIGSEGV, Segmentation fault.

+ Trace 234262

Thread 140737112704768 (LWP 2331)

#0 _fill_xrgb32_lerp_opaque_spans
at cairo-image-compositor.c line 2249
#1 blit_a8
at cairo-tor-scan-converter.c line 1635
#2 glitter_scan_converter_render
at cairo-tor-scan-converter.c line 1786
#3 _cairo_tor_scan_converter_generate
at cairo-tor-scan-converter.c line 1849
#4 composite_polygon
at cairo-spans-compositor.c line 801
#5 clip_and_composite_polygon
at cairo-spans-compositor.c line 967
#6 _cairo_spans_compositor_stroke
at cairo-spans-compositor.c line 1083
#7 _cairo_compositor_stroke
at cairo-compositor.c line 157
#8 _cairo_image_surface_stroke
at cairo-image-surface.c line 964
#9 _cairo_surface_stroke
at cairo-surface.c line 2270
#10 _cairo_gstate_stroke
at cairo-gstate.c line 1194
#11 _cairo_default_context_stroke
at cairo-default-context.c line 1010
#12 INT_cairo_stroke
at cairo.c line 2150
#13 CairoOutputDev::stroke
at CairoOutputDev.cc line 776
#14 Gfx::opStroke(Object*, int)
from /usr/lib/libpoppler.so.46
#15 Gfx::go(bool)
from /usr/lib/libpoppler.so.46
#16 Gfx::display(Object*, bool)
from /usr/lib/libpoppler.so.46
#17 Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool)
from /usr/lib/libpoppler.so.46
#18 _poppler_page_render
at poppler-page.cc line 362
#19 pdf_page_render
at ev-poppler.cc line 415
#20 pdf_document_render
at ev-poppler.cc line 442
#21 ev_job_render_run
at ev-jobs.c line 638
#22 ev_job_thread
at ev-job-scheduler.c line 184
#23 ev_job_thread_proxy
at ev-job-scheduler.c line 217
#24 ??
from /usr/lib/libglib-2.0.so.0
#25 start_thread
from /usr/lib/libpthread.so.0
#26 clone
from /usr/lib/libc.so.6

Comment 3 Germán Poo-Caamaño 2014-10-28 18:26:39 UTC

I noticed the stacktrace is the same as in Bug 738846.

I am closing this a duplicated of that one.

*** This bug has been marked as a duplicate of bug 738846 ***