After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 785786 - Crash when trying to remove an annotation in a PDF file
Crash when trying to remove an annotation in a PDF file
Status: RESOLVED OBSOLETE
Product: evince
Classification: Core
Component: pdf annotations
3.24.x
Other Linux
: Normal critical
: ---
Assigned To: Evince Maintainers
Evince Maintainers
: 785194 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2017-08-03 17:58 UTC by André Klapper
Modified: 2018-05-22 17:17 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Gif showing how to reproduce the bug (862.34 KB, image/gif)
2017-09-28 15:46 UTC, martin94dahlgren 		Details

Description André Klapper 2017-08-03 17:58:28 UTC 
evince-3.24.0-3.fc26.x86_64
poppler-0.52.0-4.fc26.x86_64

0x00007fdf29fec88e in ev_view_remove_window_child_for_annot (annot=0x7fdf04004d20, page=40, view=0x55930c543d10) at ev-view.c:3020
3020			if (child->page != page)
(gdb) thread apply all bt full

+ Trace 237751

Thread 1 (Thread 0x7fdf2a57d680 (LWP 23042))

  • #0 ev_view_remove_window_child_for_annot
    at ev-view.c line 3020
  • #1 ev_view_remove_annotation
    at ev-view.c line 3471
  • #2 g_closure_invoke
    at gclosure.c line 804
  • #3 signal_emit_unlocked_R
    at gsignal.c line 3635
  • #4 g_signal_emit_valist
    at gsignal.c line 3391
  • #5 g_signal_emit
    at gsignal.c line 3447
  • #6 g_simple_action_activate
    at gsimpleaction.c line 225
  • #7 gtk_action_muxer_activate_action
    at gtkactionmuxer.c line 412
  • #8 gtk_action_muxer_activate_action
    at gtkactionmuxer.c line 414
  • #9 gtk_menu_tracker_item_activated
    at gtkmenutrackeritem.c line 799
  • #10 g_closure_invoke
    at gclosure.c line 804
  • #11 signal_emit_unlocked_R
    at gsignal.c line 3635
  • #12 g_signal_emit_valist
    at gsignal.c line 3391
  • #13 g_signal_emit
    at gsignal.c line 3447
  • #14 gtk_widget_activate
    at gtkwidget.c line 7756
  • #15 gtk_menu_shell_activate_item
    at gtkmenushell.c line 1375
  • #16 gtk_menu_shell_button_release
    at gtkmenushell.c line 791
  • #17 _gtk_marshal_BOOLEAN__BOXEDv
    at gtkmarshalers.c line 143
  • #18 _g_closure_invoke_va
    at gclosure.c line 867
  • #19 g_signal_emit_valist
    at gsignal.c line 3300
  • #20 g_signal_emit
    at gsignal.c line 3447
  • #21 gtk_widget_event_internal
    at gtkwidget.c line 7723
  • #22 gtk_widget_event
    at gtkwidget.c line 7293
  • #23 propagate_event_up
    at gtkmain.c line 2568
  • #24 propagate_event
    at gtkmain.c line 2670
  • #25 gtk_main_do_event
    at gtkmain.c line 1901
  • #26 _gdk_event_emit
    at gdkevents.c line 73
  • #27 gdk_event_source_dispatch
    at gdkeventsource.c line 124
  • #28 g_main_dispatch
    at gmain.c line 3234
  • #29 g_main_context_dispatch
    at gmain.c line 3899
  • #30 g_main_context_iterate
    at gmain.c line 3972
  • #31 g_main_context_iteration
    at gmain.c line 4033
  • #32 g_application_run
    at gapplication.c line 2381
  • #33 main
    at main.c line 316 

(gdb) info register
rax            0x1	1
rbx            0x55930c543d10	94090055400720
rcx            0x55930c0eaaa8	94090050841256
rdx            0x55930cdeecc0	94090064489664
rsi            0x55930cdeecc0	94090064489664
rdi            0x0	0
rbp            0x7fdf04004d20	0x7fdf04004d20
rsp            0x7ffec93d5980	0x7ffec93d5980
r8             0x55930c396c08	94090053643272
r9             0x55930cdeecf8	94090064489720
r10            0x55930c396c10	94090053643280
r11            0x55930c778f78	94090057715576
r12            0x55930c23c2e0	94090052223712
r13            0x55930c2eecf0	94090052955376
r14            0x28	40
r15            0x7fdf27418300	140596413039360
rip            0x7fdf29fec88e	0x7fdf29fec88e <ev_view_remove_annotation+190>
eflags         0x297	[ CF PF AF SF IF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
(gdb)
Comment 1 Tobias Mueller 2017-08-17 10:26:24 UTC 
Hrm.  Is this reproducible?  If so, can you share the PDF and instructions?

It seems that accessing the "page" from the child fails.  Can you "print child" when it crashes?
Comment 2 jdfoote1 2017-09-21 17:41:24 UTC 
I have seen this same behavior, but have not been reliably able to reproduce it.
Comment 3 martin94dahlgren 2017-09-28 09:24:48 UTC 
I have the same problem in 3.24.1. If I open a document, add a color marking and directly remove it Evince will not crash. However if I 

1: Open a document
2: Scroll around randomly a few seconds
3: Add a color marking
4: Remove the marking

Evince will crash. 

Is there any more info I can add?
Comment 4 Tobias Mueller 2017-09-28 10:13:03 UTC 
Do you have a PDF to share with us?

Can you reproduce it always or just some times?
Comment 5 Germán Poo-Caamaño 2017-09-28 12:10:10 UTC 
*** Bug 785194 has been marked as a duplicate of this bug. ***
Comment 6 martin94dahlgren 2017-09-28 15:46:54 UTC 
Created attachment 360609 [details]
Gif showing how to reproduce the bug
Comment 7 martin94dahlgren 2017-09-28 15:48:56 UTC 
It happens on all pdf's. It happens when deleting a new marking when a marking has been created before on another page as shown in the gif. When done like this it is always reproducible.
Comment 8 Germán Poo-Caamaño 2017-09-28 16:36:46 UTC 
I cannot reproduce it. However, I have the fix applied in Bug 785975.

I will try to reproduce it before the commit later.
Comment 9 José Aliste 2017-09-28 22:37:15 UTC 
(In reply to André Klapper from comment #0)
> evince-3.24.0-3.fc26.x86_64
> poppler-0.52.0-4.fc26.x86_64
> 
> 0x00007fdf29fec88e in ev_view_remove_window_child_for_annot
> (annot=0x7fdf04004d20, page=40, view=0x55930c543d10) at ev-view.c:3020
> 3020			if (child->page != page)
> (gdb) thread apply all bt full

André, Can you confirm if this was a crash or if evince stop responding and you cancel it to obtain the backtrace. The line the backtrace points to seems related with the infinite loop bug I introduced... and fixed later.
Comment 10 GNOME Infrastructure Team 2018-05-22 17:17:53 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/evince/issues/812.