The bug has been opened on https://bugs.launchpad.net/bugs/208485 "attempting to print this pdf with evince in Hardy: http://www.linux-magazine.com/w3/issue/86/Email_Suites_Review.pdf #0 0xb6e24df1 in FT_Get_Char_Index (face=0xb54f0530, charcode=0) at /build/buildd/freetype-2.3.5/freetype-2.3.5/src/base/ftobjs.c:2794 result = <value optimized out> #1 0xb6e24ea2 in FT_Get_First_Char (face=0xb54f0530, agindex=0xb6a26e28) at /build/buildd/freetype-2.3.5/freetype-2.3.5/src/base/ftobjs.c:2812 result = <value optimized out> gindex = 0 #2 0xb75e84d1 in _cairo_ft_map_glyphs_to_unicode (abstract_font=0xb54edcd8, font_subset=0xb6a26fbc) at /build/buildd/cairo-1.5.14/src/cairo-ft-font.c:2414 unscaled = (cairo_ft_unscaled_font_t *) 0xb48676d8 face = (FT_Face) 0xb54f0530 glyph = <value optimized out> charcode = <value optimized out> i = <value optimized out> count = 50 #3 0xb75dd567 in _cairo_scaled_font_subset_create_glyph_names (subset=0xb6a26fbc) at /build/buildd/cairo-1.5.14/src/cairo-scaled-font-subsets.c:768 i = <value optimized out> status = <value optimized out> names = (cairo_hash_table_t *) 0x3057 key = {base = {hash = 3035627520}, string = 0xb4f32fa8 "%!FontType1-1.1 f-50-0 1.0\n11 dict begin\n/FontName /f-50-0 def\n/PaintType 0 def\n/FontType 1 def\n/FontMatrix [0.001 0 0 0.001 0 0] readonly def\n/FontBBox {-24 -199 857 744", ' ' <repeats 30 times>...} entry = <value optimized out> buf = "\000\000 P_·\000o¢¶\000\000\000\000¨n¢¶\032¼]·¨/ó´¨/ó´" #4 0xb75c61dd in _cairo_ps_surface_emit_unscaled_font_subset (font_subset=0xb6a26fbc, closure=0xb484b570) at /build/buildd/cairo-1.5.14/src/cairo-ps-surface.c:574 status = <value optimized out> __PRETTY_FUNCTION__ = "_cairo_ps_surface_emit_unscaled_font_subset" #5 0xb75ddaeb in _cairo_sub_font_collect (entry=0xb54fd4f0, closure=0xb6a2703c) at /build/buildd/cairo-1.5.14/src/cairo-scaled-font-subsets.c:425 subset = {scaled_font = 0xb54edcd8, font_id = 2, subset_id = 0, glyphs = 0xb5c961e0, to_unicode = 0xb5c05a50, glyph_names = 0x0, num_glyphs = 50, is_composite = 0} i = 0 j = 50 __PRETTY_FUNCTION__ = "_cairo_sub_font_collect" #6 0xb75a6dac in _cairo_hash_table_foreach (hash_table=0xb54f5ed0, hash_callback=0xb75dda00 <_cairo_sub_font_collect>, closure=0xb6a2703c) at /build/buildd/cairo-1.5.14/src/cairo-hash.c:565 i = 121 entry = (cairo_hash_entry_t *) 0x0 #7 0xb75dd931 in _cairo_scaled_font_subsets_foreach_internal (font_subsets=0xb5ce1290, font_subset_callback=0xb75c61a0 <_cairo_ps_surface_emit_unscaled_font_subset>, closure=0xb484b570, is_scaled=0) at /build/buildd/cairo-1.5.14/src/cairo-scaled-font-subsets.c:680 collection = {glyphs = 0xb5c961e0, glyphs_size = 65, max_glyph = 49, num_glyphs = 50, subset_id = 0, status = CAIRO_STATUS_SUCCESS, font_subset_callback = 0xb75c61a0 <_cairo_ps_surface_emit_unscaled_font_subset>, font_subset_callback_closure = 0xb484b570} #8 0xb75c69eb in _cairo_ps_surface_finish (abstract_surface=0xb484b570) at /build/buildd/cairo-1.5.14/src/cairo-ps-surface.c:625 status = <value optimized out> status2 = <value optimized out> i = <value optimized out> num_comments = <value optimized out> #9 0xb75b6623 in *INT_cairo_surface_finish (surface=0xb484b570) at /build/buildd/cairo-1.5.14/src/cairo-surface.c:516 status = <value optimized out> #10 0xb75c164c in _cairo_paginated_surface_finish (abstract_surface=0xb5417888) at /build/buildd/cairo-1.5.14/src/cairo-paginated-surface.c:171 status = 3040966792 #11 0xb75b6623 in *INT_cairo_surface_finish (surface=0xb5417888) at /build/buildd/cairo-1.5.14/src/cairo-surface.c:516 status = <value optimized out> #12 0xb75b66df in *INT_cairo_surface_destroy (surface=0xb5417888) at /build/buildd/cairo-1.5.14/src/cairo-surface.c:411 __PRETTY_FUNCTION__ = "cairo_surface_destroy" #13 0xb75a6315 in _cairo_gstate_fini (gstate=0xb54fd8b0) at /build/buildd/cairo-1.5.14/src/cairo-gstate.c:199 No locals. #14 0xb759ef7f in *INT_cairo_destroy (cr=0xb54fd890) at /build/buildd/cairo-1.5.14/src/cairo.c:267 __PRETTY_FUNCTION__ = "cairo_destroy" #15 0xb5e5454c in pdf_print_context_free (ctx=0xb54e7550) at /build/buildd/evince-2.22.0/./backend/pdf/ev-poppler.cc:1541 No locals. #16 0xb5e545a5 in pdf_document_file_exporter_end (exporter=0x8402450) at /build/buildd/evince-2.22.0/./backend/pdf/ev-poppler.cc:1794 No locals. #17 0xb7f50693 in ev_file_exporter_end (exporter=0x8402450) at /build/buildd/evince-2.22.0/./libdocument/ev-file-exporter.c:88 No locals. #18 0x08060739 in ev_job_print_run (job=0x872fe80) at /build/buildd/evince-2.22.0/./shell/ev-jobs.c:955 page = 7 step = 1 n_copies = <value optimized out> document = (EvDocument *) 0x8402450 fc = {format = EV_FILE_FORMAT_PS, filename = 0xb483d720 "/tmp/evince_print.ps.ZDVG8T", first_page = 0, last_page = 6, paper_width = 611.99998269869593, paper_height = 791.99998269869593, duplex = 0, pages_per_sheet = 1} rc = (EvRenderContext *) 0x8402790 fd = 19 n_pages = 7 last_page = <value optimized out> first_page = 1 i = 1 j = 1 __PRETTY_FUNCTION__ = "ev_job_print_run" #19 0x0805f584 in handle_job (job=0x872fe80) at /build/buildd/evince-2.22.0/./shell/ev-job-queue.c:141 __PRETTY_FUNCTION__ = "handle_job" #20 0x0805fa4c in ev_render_thread (data=0x0) at /build/buildd/evince-2.22.0/./shell/ev-job-queue.c:264 job = (EvJob *) 0x872fe80 #21 0xb75059ef in g_thread_create_proxy (data=0x80ee848) at /build/buildd/glib2.0-2.16.1/glib/gthread.c:635 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #22 0xb72ab4fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #23 0xb722dd4e in clone () from /lib/tls/i686/cmov/libc.so.6"
Valgrind lists those errors on the example ==2516== Conditional jump or move depends on uninitialised value(s) ==2516== at 0x4B5E062: (within /usr/lib/libz.so.1.2.3.3) ==2516== by 0x4B5CBE6: deflate (in /usr/lib/libz.so.1.2.3.3) ==2516== by 0x49DAFDE: cairo_deflate_stream_deflate (cairo-deflate-stream.c:57) ==2516== by 0x49DB0A5: _cairo_deflate_stream_close (cairo-deflate-stream.c:108) ==2516== by 0x49C7180: _cairo_output_stream_close (cairo-output-stream.c:192) ==2516== by 0x49C7FFC: _cairo_output_stream_destroy (cairo-output-stream.c:216) ==2516== by 0x49D2D9D: _cairo_pdf_surface_close_stream (cairo-pdf-surface.c:879) ==2516== by 0x49D64E8: _cairo_pdf_surface_emit_pattern (cairo-pdf-surface.c:1453) ==2516== by 0x49D7208: _cairo_pdf_surface_show_page (cairo-pdf-surface.c:3929) ==2516== by 0x49BE9DF: cairo_surface_show_page (cairo-surface.c:1746) ==2516== by 0x49CB492: _cairo_paginated_surface_show_page (cairo-paginated-surface.c:468) ==2516== by 0x49BE9DF: cairo_surface_show_page (cairo-surface.c:1746) ==2516== by 0x49AF187: _cairo_gstate_show_page (cairo-gstate.c:1082) ==2516== by 0x49A7991: cairo_show_page (cairo.c:2207) ==2516== by 0x7FA9F37: (within /usr/lib/evince/backends/libpdfdocument.so) ==2516== by 0x404D6D8: ev_file_exporter_end_page (in /usr/lib/libevbackend.so.0.0.0) ==2516== by 0x80606DC: (within /usr/bin/evince) ==2516== by 0x805F583: (within /usr/bin/evince) ==2516== by 0x805FA4B: (within /usr/bin/evince) ==2516== by 0x4AA09EE: g_thread_create_proxy (gthread.c:635) ==2516== by 0x4CDCFD9: start_thread (pthread_create.c:297) ==2516== by 0x4DB483D: clone (in /usr/lib/debug/libc-2.7.so) ==2516== ==2516== Use of uninitialised value of size 4 ==2516== at 0x4B5F655: (within /usr/lib/libz.so.1.2.3.3) ==2516== by 0x4B61491: (within /usr/lib/libz.so.1.2.3.3) ==2516== by 0x4B5E0A2: (within /usr/lib/libz.so.1.2.3.3) ==2516== by 0x4B5CBE6: deflate (in /usr/lib/libz.so.1.2.3.3) ==2516== by 0x49DAFDE: cairo_deflate_stream_deflate (cairo-deflate-stream.c:57) ==2516== by 0x49DB0A5: _cairo_deflate_stream_close (cairo-deflate-stream.c:108) ==2516== by 0x49C7180: _cairo_output_stream_close (cairo-output-stream.c:192) ==2516== by 0x49C7FFC: _cairo_output_stream_destroy (cairo-output-stream.c:216) ==2516== by 0x49D2D9D: _cairo_pdf_surface_close_stream (cairo-pdf-surface.c:879) ==2516== by 0x49D64E8: _cairo_pdf_surface_emit_pattern (cairo-pdf-surface.c:1453) ==2516== by 0x49D7208: _cairo_pdf_surface_show_page (cairo-pdf-surface.c:3929) ==2516== by 0x49BE9DF: cairo_surface_show_page (cairo-surface.c:1746) ==2516== by 0x49CB492: _cairo_paginated_surface_show_page (cairo-paginated-surface.c:468) ==2516== by 0x49BE9DF: cairo_surface_show_page (cairo-surface.c:1746) ==2516== by 0x49AF187: _cairo_gstate_show_page (cairo-gstate.c:1082) ==2516== by 0x49A7991: cairo_show_page (cairo.c:2207) ==2516== by 0x7FA9F37: (within /usr/lib/evince/backends/libpdfdocument.so) ==2516== by 0x404D6D8: ev_file_exporter_end_page (in /usr/lib/libevbackend.so.0.0.0) ==2516== by 0x80606DC: (within /usr/bin/evince) ==2516== by 0x805F583: (within /usr/bin/evince) ==2516== by 0x805FA4B: (within /usr/bin/evince) ==2516== by 0x4AA09EE: g_thread_create_proxy (gthread.c:635) ==2516== by 0x4CDCFD9: start_thread (pthread_create.c:297) ==2516== by 0x4DB483D: clone (in /usr/lib/debug/libc-2.7.so)
Does this bug still occur after updating poppler to include the following bug fix? http://bugs.freedesktop.org/show_bug.cgi?id=15216
yes that's still an issue using the current poppler tarball which has this change
I installed Hardy and could reproduce the bug. I then installed poppler 0.8.3. However due to some poppler API changes the evince in Hardy does not link with the updated poppler I installed: $ LD_LIBRARY_PATH=/home/ajohnson/lib ldd /usr/bin/evince | grep poppler libpoppler-glib.so.2 => /usr/lib/libpoppler-glib.so.2 (0xb7736000) libpoppler.so.2 => /usr/lib/libpoppler.so.2 (0xb6ee7000) Evince still reproduces the bug since it is still using the system installed poppler. So I applied the patch in bug 15216 to poppler 0.6.4, installed it and evince printed the test case without crashing. This is the same problem that was reported and fixed in bug 15216. I am attaching an updated patch for poppler 0.6.4 since the original patch does not apply cleanly to this old version of poppler that Hardy is using.
Created attachment 17119 [details] [review] Patch for 0.6.4
thanks Adrian the change indeed fix the issue, I tried previously on ubuntu intrepid which has poppler 0.8.2 and the bug was still there but maybe the change was not available yet in this version, sorry for the extra work there
the change has been backported to hardy but creates a regression, now evince is crashing when reloading documents (gdb) bt #0 FT_Done_Face (face=0xb455dd48) at /build/buildd/freetype-2.3.6/freetype-2.3.6/src/base/ftobjs.c:2020 #1 0xb75ceb0d in _ft_done_face (data=0xb455dd48) at CairoFontEngine.cc:37 #2 0xb74601b0 in _cairo_user_data_array_fini (array=0xb455dc7c) at /build/buildd/cairo-1.6.4/src/cairo-array.c:378 #3 0xb74640b3 in *INT_cairo_font_face_destroy (font_face=0xb455dc70) at /build/buildd/cairo-1.6.4/src/cairo-font-face.c:144 #4 0xb74aa8b0 in _cairo_ft_unscaled_font_destroy (abstract_font=0xb455e010) at /build/buildd/cairo-1.6.4/src/cairo-ft-font.c:495 #5 0xb7463e98 in _cairo_unscaled_font_destroy (unscaled_font=0xb455e010) at /build/buildd/cairo-1.6.4/src/cairo-font-face.c:531 #6 0xb74717e7 in _cairo_scaled_font_fini (scaled_font=0xb4560210) at /build/buildd/cairo-1.6.4/src/cairo-scaled-font.c:587 #7 0xb74718ac in *INT_cairo_scaled_font_destroy (scaled_font=0xb455e0e8) at /build/buildd/cairo-1.6.4/src/cairo-scaled-font.c:843 #8 0xb75ce0ff in CairoFont::getSubstitutionCorrection (this=0xb44046a0, gfxFont=0x83f0870) at CairoFontEngine.cc:307 #9 0xb75d1f4f in CairoOutputDev::updateFont (this=0x8411a60, state=0x84405f8) at CairoOutputDev.cc:390 #10 0xb6d0d0c2 in Gfx::opShowSpaceText () from /usr/lib/libpoppler.so.3 #11 0xb6d08e02 in Gfx::execOp () from /usr/lib/libpoppler.so.3 #12 0xb6d0905f in Gfx::go () from /usr/lib/libpoppler.so.3 #13 0xb6d0c1bf in Gfx::display () from /usr/lib/libpoppler.so.3 #14 0xb6d551cd in Page::displaySlice () from /usr/lib/libpoppler.so.3 #15 0xb75ca01a in _poppler_page_render (page=0x83bd518, cairo=0x83edda0, printing=0) at poppler-page.cc:529 #16 0xb75ca157 in poppler_page_render (page=0x83bd518, cairo=0x83edda0) at poppler-page.cc:550
corresponding valgrind log ==30405== Invalid read of size 4 ==30405== at 0x507AF64: FT_Done_Face (ftobjs.c:2017) ==30405== by 0x494EB0C: _ZL13_ft_done_facePv (CairoFontEngine.cc:37) ==30405== by 0x4A661AF: _cairo_user_data_array_fini (cairo-array.c:378) ==30405== by 0x4A6A0B2: cairo_font_face_destroy (cairo-font-face.c:144) ==30405== by 0x4AB08AF: _cairo_ft_unscaled_font_destroy (cairo-ft-font.c:495) ==30405== by 0x4A69E97: _cairo_unscaled_font_destroy (cairo-font-face.c:531) ==30405== by 0x4A777E6: _cairo_scaled_font_fini (cairo-scaled-font.c:587) ==30405== by 0x4A778AB: cairo_scaled_font_destroy (cairo-scaled-font.c:843) ==30405== by 0x4A6B4E7: _cairo_gstate_unset_scaled_font (cairo-gstate.c:1219) ==30405== by 0x4A6B53D: _cairo_gstate_set_font_face (cairo-gstate.c:1492) ==30405== by 0x4A634CE: cairo_set_font_face (cairo.c:2688) ==30405== by 0x4951F2D: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:383) ==30405== Address 0x70758d8 is 16 bytes inside a block of size 84 free'd ==30405== at 0x4023B4A: free (vg_replace_malloc.c:323) ==30405== by 0x4B455B5: g_free (gmem.c:190) ==30405== by 0x4A3CFB9: pango_parse_markup (in /usr/lib/libpango-1.0.so.0.2101.2) ==30405== by 0x458C796: (within /usr/lib/libgtk-x11-2.0.so.0.1303.0) ==30405== by 0x4AD34CE: g_object_set_property (gobject.c:697) ==30405== by 0x460A784: (within /usr/lib/libgtk-x11-2.0.so.0.1303.0) ==30405== by 0x4610904: (within /usr/lib/libgtk-x11-2.0.so.0.1303.0) ==30405== by 0x4610F04: (within /usr/lib/libgtk-x11-2.0.so.0.1303.0) ==30405== by 0x49735DA: (within /usr/lib/libgdk-x11-2.0.so.0.1303.0) ==30405== by 0x4B3B540: g_idle_dispatch (gmain.c:4168) ==30405== by 0x4B3D437: g_main_context_dispatch (gmain.c:2063) ==30405== by 0x4B4099A: g_main_context_iterate (gmain.c:2696) ==30405== ==30405== Invalid read of size 4 ==30405== at 0x507A68F: FT_List_Find (ftutil.c:250) ==30405== by 0x507AF88: FT_Done_Face (ftobjs.c:2023) ==30405== by 0x494EB0C: _ZL13_ft_done_facePv (CairoFontEngine.cc:37) ==30405== by 0x4A661AF: _cairo_user_data_array_fini (cairo-array.c:378) ==30405== by 0x4A6A0B2: cairo_font_face_destroy (cairo-font-face.c:144) ==30405== by 0x4AB08AF: _cairo_ft_unscaled_font_destroy (cairo-ft-font.c:495) ==30405== by 0x4A69E97: _cairo_unscaled_font_destroy (cairo-font-face.c:531) ==30405== by 0x4A777E6: _cairo_scaled_font_fini (cairo-scaled-font.c:587) ==30405== by 0x4A778AB: cairo_scaled_font_destroy (cairo-scaled-font.c:843) ==30405== by 0x4A6B4E7: _cairo_gstate_unset_scaled_font (cairo-gstate.c:1219) ==30405== by 0x4A6B53D: _cairo_gstate_set_font_face (cairo-gstate.c:1492) ==30405== by 0x4A634CE: cairo_set_font_face (cairo.c:2688) ==30405== Address 0x5d8928f4 is not stack'd, malloc'd or (recently) free'd ==30405== ==30405== Process terminating with default action of signal 11 (SIGSEGV) ==30405== Access not within mapped region at address 0x5D8928F4 ==30405== at 0x507A68F: FT_List_Find (ftutil.c:250) ==30405== by 0x507AF88: FT_Done_Face (ftobjs.c:2023) ==30405== by 0x494EB0C: _ZL13_ft_done_facePv (CairoFontEngine.cc:37) ==30405== by 0x4A661AF: _cairo_user_data_array_fini (cairo-array.c:378) ==30405== by 0x4A6A0B2: cairo_font_face_destroy (cairo-font-face.c:144) ==30405== by 0x4AB08AF: _cairo_ft_unscaled_font_destroy (cairo-ft-font.c:495) ==30405== by 0x4A69E97: _cairo_unscaled_font_destroy (cairo-font-face.c:531) ==30405== by 0x4A777E6: _cairo_scaled_font_fini (cairo-scaled-font.c:587) ==30405== by 0x4A778AB: cairo_scaled_font_destroy (cairo-scaled-font.c:843) ==30405== by 0x4A6B4E7: _cairo_gstate_unset_scaled_font (cairo-gstate.c:1219) ==30405== by 0x4A6B53D: _cairo_gstate_set_font_face (cairo-gstate.c:1492) ==30405== by 0x4A634CE: cairo_set_font_face (cairo.c:2688)
the 0.8.2 version has been used to get the stacktrace and valgrind log
There was a recent bug report and patch for this problem posted to the poppler mailing list: http://lists.freedesktop.org/archives/poppler/2008-June/003900.html
there is no reply on the list, should I open a new bug about the issue?
(In reply to comment #11) > there is no reply on the list, should I open a new bug about the issue? > As it is a different bug to this one, yes open a new bug.
bug #16529 opened about the issue
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.