GNOME Bugzilla – Bug 785481
Evince reproducibly crashes on large synctex file with "malloc(): smallbin double linked list corrupted"
Last modified: 2018-05-22 17:14:12 UTC
Hi, when I open a pdf with a 1.1MB .synctex.gz, evince crashes with the attached backtrace. This also happens if I replace the pdf document with another one that has enough pages (e.g. www.texample.net/media/pgf/builds/pgfmanualCVS2012-11-04.pdf). I can also provide the .synctex.gz if needed... Thanks for looking into this nasty bug, Richard $evince --version GNOME Document Viewer 3.18.2 $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS" Backtrace: *** Error in `evince': malloc(): smallbin double linked list corrupted: 0x00007fe70c1cec90 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fe7354097e5] /lib/x86_64-linux-gnu/libc.so.6(+0x82651)[0x7fe735414651] /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fe735416184] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_malloc+0x19)[0x7fe735cd1719] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_strdup+0x1f)[0x7fe735cea4ef] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x39e8d)[0x7fe735fcce8d] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_value_transform+0xe8)[0x7fe735fcaee8] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x154b1)[0x7fe735fa84b1] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new_valist+0x3b5)[0x7fe735faa1b5] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new+0xf1)[0x7fe735faa521] /usr/lib/x86_64-linux-gnu/libevdocument3.so.4(ev_link_dest_new_named+0x35)[0x7fe7381e1675] /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0x9b39)[0x7fe7235f3b39] /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0x9cfa)[0x7fe7235f3cfa] /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0xa096)[0x7fe7235f4096] /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0xa161)[0x7fe7235f4161] /usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0xe226)[0x7fe7235f8226] /usr/lib/x86_64-linux-gnu/libevview3.so.3(+0x1c44a)[0x7fe737f9344a] /usr/lib/x86_64-linux-gnu/libevview3.so.3(+0x1e55a)[0x7fe737f9555a] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x70bb5)[0x7fe735cf2bb5] /lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7fe7357636ba] /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fe7354993dd] ======= Memory map: ======== .... Aborted (core dumped)
Oh, this is not as reproducible as I thought: $ evince diss_nauber_working.pdf Segmentation fault (core dumped) $ evince diss_nauber_working.pdf Segmentation fault (core dumped) $ evince diss_nauber_working.pdf Segmentation fault (core dumped) $ evince diss_nauber_working.pdf SyncTeX ERROR: gzread error (-1:-3,/home/nauber/diss/thesis/fails/test3/diss_nauber_working.synctex.gz: invalid distance too far back) SyncTeX ERROR: Bad boundary record (2). SyncTeX ERROR: Bad sheet content. SyncTeX ERROR: SyncTeX Error: Bad content ^C $ evince diss_nauber_working.pdf Segmentation fault (core dumped) $ evince diss_nauber_working.pdf Segmentation fault (core dumped) $ evince diss_nauber_working.pdf Segmentation fault (core dumped) $ evince diss_nauber_working.pdf SyncTeX ERROR: gzread error (-1:-3,/home/nauber/diss/thesis/fails/test3/diss_nauber_working.synctex.gz: invalid distance too far back) SyncTeX ERROR: Bad boundary record (2). SyncTeX ERROR: Bad sheet content. SyncTeX ERROR: SyncTeX Error: Bad content
Somehow there are two types of crashes. The backtrace of the seg fault is below. It seems that libz has a bug, but "zcat ...synctex.gz" works... Thread 11 "EvJobScheduler" received signal SIGSEGV, Segmentation fault.
+ Trace 237708
Thread 140485343106816 (LWP 28717)
please attach the pdf and synctex.gz file to reproduce the bug.
Created attachment 356477 [details] The problematic synctext file A mockup for the pdf is: $ wget http://www.texample.net/media/pgf/builds/pgfmanualCVS2012-11-04.pdf $ mv pgfmanualCVS2012-11-04.pdf diss_nauber_working.pdf
thanks. I can reproduce the bug and so I should be able to see whether it's on synctex or evince. One last question. Which version of latex synctex was used to create this syncte file?
It was created through lualatex with the "-synctex=1" option... $ lualatex -v This is LuaTeX, Version 1.0.4 (TeX Live 2017/Debian) ... $ synctex -h This is SyncTeX command line utility, version 1.3
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/evince/issues/803.