12589 – evince crashed with SIGSEGV in TextLine::visitSelection()

Bug 12589 - evince crashed with SIGSEGV in TextLine::visitSelection()

Summary: evince crashed with SIGSEGV in TextLine::visitSelection()

Status:	RESOLVED FIXED

Alias:	None

Product:	poppler
Classification:	Unclassified
Component:	cairo backend (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	poppler-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-09-27 04:52 UTC by Sebastien Bacher
Modified:	2009-01-24 04:54 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Sebastien Bacher 2007-09-27 04:52:24 UTC

The bug has been opened on https://bugs.launchpad.net/bugs/145602

"Binary package hint: evince

Reading a pdf :) (Either resize window or going to next page)
...
libpoppler2 0.6-0ubuntu1
...
#0  TextLine::visitSelection (this=0x865e6a8, visitor=0xbfa89308, selection=0xbfa891e8, 
    style=selectionStyleWord) at TextOutputDev.cc:3779
	p = (TextWord *) 0x0
	begin = (TextWord *) 0x0
	end = (TextWord *) 0x0
	current = (TextWord *) 0x0
	i = <value optimized out>
	edge_begin = <value optimized out>
	edge_end = <value optimized out>
	child_selection = {x1 = 321.87360925678678, y1 = 244.15887850467286, x2 = 612, y2 = 792}
#1  0xb6cbda72 in TextBlock::visitSelection (this=0x865e240, visitor=0xbfa89308, selection=0xbfa892a0, 
    style=selectionStyleWord) at TextOutputDev.cc:3879
	p = (TextLine *) 0x865e6a8
	begin = (TextLine *) 0x865e6a8
	end = (TextLine *) 0x0
	child_selection = {x1 = 321.87360925678678, y1 = 244.15887850467286, x2 = 612, y2 = 792}
	start_x = 321.87360925678678
	start_y = 244.15887850467286
	stop_x = 612
	stop_y = 792
#2  0xb6cbdd88 in TextPage::visitSelection (this=0x83d3db8, visitor=0xbfa89308, selection=0xbfa89388, 
    style=selectionStyleWord) at TextOutputDev.cc:3953
	i = <value optimized out>
	begin = <value optimized out>
	end = 7
	child_selection = {x1 = 321.87360925678678, y1 = 244.15887850467286, x2 = 612, y2 = 792}
	start_x = 321.87360925678678
	start_y = 244.15887850467286
	stop_x = 321.87360925678678
	stop_y = 227.26811999999998
	b = (TextBlock *) 0x86e30f0
#3  0xb6cc033d in TextPage::getSelectionRegion (this=0x83d3db8, selection=0xbfa89388, 
    style=selectionStyleWord, scale=1.6341818571090698) at TextOutputDev.cc:3976
	sizer = {<TextSelectionVisitor> = {_vptr.TextSelectionVisitor = 0xb6d51ec0, page = 0x83d3db8}, 
  list = 0x86e7618, scale = 1.6341818571090698}
#4  0xb6cc03a5 in TextOutputDev::getSelectionRegion (this=0x8566568, selection=0xbfa89388, 
    style=selectionStyleWord, scale=1.6341818571090698) at TextOutputDev.cc:4720
No locals.
#5  0xb777c2ac in poppler_page_get_selection_region (page=0x8348878, scale=1.6341818571090698, 
    style=POPPLER_SELECTION_WORD, selection=0x856834c) at poppler-page.cc:562
	text_dev = (class TextOutputDev *) 0x0
	poppler_selection = {x1 = 324.32131731197148, y1 = 255.17356475300397, x2 = 321.87360925678678, 
  y2 = 244.15887850467286}
	selection_style = selectionStyleWord
	list = (GooList *) 0xb777c78f
	rect = {x = -1079471160, y = -1221106583, width = -1220399548, height = -1220677092}
	region = (GdkRegion *) 0x1
	i = <value optimized out>
#6  0x0809d9c6 in pdf_selection_get_selection_region (selection=0x8348990, rc=0xb54c5d68, 
    style=EV_SELECTION_STYLE_WORD, points=0x856834c)
    at /build/buildd/evince-2.20.0/./backend/pdf/ev-poppler.cc:1868
	retval = (GdkRegion *) 0x0
#7  0x0809c6ec in ev_selection_get_selection_region (selection=0x8348990, rc=0xb54c5d68, 
    style=EV_SELECTION_STYLE_WORD, points=0x856834c)
    at /build/buildd/evince-2.20.0/./libdocument/ev-selection.c:103
No locals.
#8  0x0806b0bb in ev_pixbuf_cache_get_selection_surface (pixbuf_cache=0x8616c00, page=5, scale=1.63418186, 
    region=0xbfa894d8) at /build/buildd/evince-2.20.0/./shell/ev-pixbuf-cache.c:1022
	old_points = (EvRectangle *) 0x856832c
	text = <value optimized out>
	base = <value optimized out>
	job_info = (CacheJobInfo *) 0x8568308
	__PRETTY_FUNCTION__ = "ev_pixbuf_cache_get_selection_surface"
#9  0x0806eff8 in merge_selection_region (view=0x8621348, new_list=<value optimized out>)
    at /build/buildd/evince-2.20.0/./shell/ev-view.c:5255
	tmp_region = (GdkRegion *) 0x0
	old_sel = (EvViewSelection *) 0x863b9a0
	new_sel = (EvViewSelection *) 0x86e99e0
	cur_page = 5
	region = <value optimized out>
	old_list = (GList *) 0x83cfb10
	new_list_ptr = (GList *) 0x0
	old_list_ptr = (GList *) 0x0
	__PRETTY_FUNCTION__ = "merge_selection_region"
#10 0x0807395b in compute_selections (view=0x8621348, style=EV_SELECTION_STYLE_WORD, start=0x8621484, 
    stop=0x8621484) at /build/buildd/evince-2.20.0/./shell/ev-view.c:5330
	list = (GList *) 0xb3448360
#11 0x08073b76 in selection_update_idle_cb (view=0x8621348)
    at /build/buildd/evince-2.20.0/./shell/ev-view.c:2813
No locals.
#12 0xb7350551 in g_idle_dispatch (source=0x869a9c8, callback=0, user_data=0x8621348)
    at /build/buildd/glib2.0-2.14.1/glib/gmain.c:4132
No locals.
#13 0xb735211c in IA__g_main_context_dispatch (context=0x810b660)
    at /build/buildd/glib2.0-2.14.1/glib/gmain.c:2061
No locals.
#14 0xb735555f in g_main_context_iterate (context=0x810b660, block=1, dispatch=1, self=0x80e23c0)
    at /build/buildd/glib2.0-2.14.1/glib/gmain.c:2694
	got_ownership = <value optimized out>
	max_priority = 200
	timeout = 0
	some_ready = 1
	nfds = <value optimized out>
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x85f98e0
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#15 0xb7355909 in IA__g_main_loop_run (loop=0x81154e8) at /build/buildd/glib2.0-2.14.1/glib/gmain.c:2898
	got_ownership = -1222310640
	self = (GThread *) 0x80e23c0
	__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#16 0xb79909e4 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.0/gtk/gtkmain.c:1144
	tmp_list = (GList *) 0x8119c28
	functions = (GList *) 0x0
	init = (GtkInitFunction *) 0x0
	loop = (GMainLoop *) 0x81154e8
#17 0x0808a800 in main (argc=2, argv=) at /build/buildd/evince-2.20.0/./shell/main.c:383
	enable_metadata = 1
	context = <value optimized out>
	args = (GHashTable *) 0x80e4840
	program = (GnomeProgram *) 0x80eb810
#18 0xb7186050 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#19 0x0805e821 in _start ()
..."

Comment 1 Milan Bouchet-Valat 2009-01-23 06:02:21 UTC

You can get a testcase here (economics lesson :-) ):
http://ledezma.ivan.googlepages.com/4thSession.pdf

Select text repeatedly with the mouse in Evince, on page 13 for example, and you'll soon get the crash (fully reproducible but somewhat random).

Please just ask if you need more informations.

Comment 2 Albert Astals Cid 2009-01-23 13:34:59 UTC

Can you try with poppler 0.10.3?

Comment 3 Milan Bouchet-Valat 2009-01-24 03:22:54 UTC

Not for now: I'll be able to try it around April, when Ubuntu 9.04 is released. Can't you try the testcase? :-p

Comment 4 Albert Astals Cid 2009-01-24 03:45:00 UTC

I don't have evince installed

Comment 5 Brad Hards 2009-01-24 03:48:49 UTC

I can't reproduce it with the Fedora 9 evince (Evince Document Viewer 2.22.2, claims to be using poppler 0.8.7 (cairo).

Comment 6 Milan Bouchet-Valat 2009-01-24 04:54:44 UTC

Brad Hards: This is strange, because I remember having experienced this problem for some time (i.e. sooner than 2.24) - though maybe with other documents than this one.

Anyway, I've installed poppler 0.10.3 and evince 2.25 with development packages (and several missing dependencies), and the bug has disappeared! I rather feared that missing libraries would make it crash all the time on my system... So it looks like you have silently fixed that in some way, which is great!

Thanks, and keep up the good work!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.