I originally reported this against evince (https://bugzilla.gnome.org/show_bug.cgi?id=594885), but it seems to be a problem with poppler as it affects GIMP's PDF importer as well. Original text and trace: " The XHTML Form PDF example from the TCPDF (tcpdf.sf.net) package crashes evince when being opened. File is available from http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp=tcpdf_examples (Example 54, XHTML Form). This is with poppler 0.12. [New Thread 0x7fde6b810740 (LWP 14927)] [New Thread 0x7fde5fea9910 (LWP 14930)] Error: Annotation rectangle is wrong type Error: FormWidgetButton:: unable to find the on state for the button [New Thread 0x7fde5dc97910 (LWP 14931)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fde5fea9910 (LWP 14930)] 0x00007fde69413437 in pthread_mutex_lock () from /lib/libpthread.so.0 Current language: auto; currently asm (gdb) thread apply all bt full Thread 3 (Thread 0x7fde5dc97910 (LWP 14931)): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220 No locals. #1 0x00007fde69a8c546 in g_cond_timed_wait_posix_impl (cond=0x1d45034, entered_mutex=0x80, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1252674994, tv_nsec = 34573000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007fde65b30007 in g_async_queue_pop_intern_unlocked (queue=0x1d12960, try=0, end_time=0x7fde5dc97010) at gasyncqueue.c:365 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007fde65b7e149 in g_thread_pool_thread_proxy ( data=<value optimized out>) at gthreadpool.c:220 task = (gpointer) 0x1d128b0 pool = (GRealThreadPool *) 0x1d12900 #4 0x00007fde65b7cbe6 in g_thread_create_proxy (data=0x1d129c0) at gthread.c:635 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #5 0x00007fde694108fc in start_thread () from /lib/libpthread.so.0 No locals. #6 0x00007fde64e93a9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 No locals. #7 0x0000000000000000 in ?? () No symbol table info available. Thread 2 (Thread 0x7fde5fea9910 (LWP 14930)): #0 0x00007fde69413437 in pthread_mutex_lock () from /lib/libpthread.so.0 No locals. #1 0x00007fde63c22562 in CharCodeToUnicode::decRefCnt (this=0x0) at CharCodeToUnicode.cc:463 No locals. #2 0x00007fde63c0ce13 in AnnotWidget::layoutText (this=<value optimized out>, text=0x1faa2b0, outBuf=0x1e9b5e0, i=0x7fde5fea8bcc, font=0x1e9b320, width=0x7fde5fea8bc0, widthLimit=0, charCount=0x0, noReencode=0) at Annot.cc:2236 c = <value optimized out> uChar = <value optimized out> uAux = (Unicode *) 0x0 w = <value optimized out> uLen = 32734 n = <value optimized out> dx = <value optimized out> dy = 6.9462205275420164e-310 ox = 1.5838005494597003e-316 oy = 1.576644107392819e-316 unicode = 1 ccToUnicode = (CharCodeToUnicode *) 0x0 spacePrev = <value optimized out> last_i1 = <value optimized out> last_o1 = <value optimized out> last_o2 = <value optimized out> #3 0x00007fde63c0daf9 in AnnotWidget::drawListBox (this=0x1e924a0, text=0x1e29530, selection=0x204be70, nOptions=4, topIdx=0, da=<value optimized out>, fontDict=0x204ba90, quadding=0) at Annot.cc:2933 daToks = (GooList *) 0x1e6eed0 tok = (GooString *) 0x7 convertedText = (GooString *) 0x1e9b5e0 font = (class GfxFont *) 0x1e9b320 fontSize = 10 borderWidth = 1 x = 0 y = 26.5 w = 1.6731205036824976e-316 wMax = <value optimized out> tfPos = <value optimized out> tmPos = -1 i = 0 j = 0 #4 0x00007fde63c1cc36 in AnnotWidget::generateFieldAppearance (this=0x1e924a0) at Annot.cc:3323 mkObj = {type = objDict, {booln = 1476597584, intg = 1476597584, real = 6.9462139757596211e-310, string = 0x7fde58031750, name = 0x7fde58031750 "�O\001X�\177", array = 0x7fde58031750, dict = 0x7fde58031750, stream = 0x7fde58031750, ref = {num = 1476597584, gen = 32734}, cmd = 0x7fde58031750 "�O\001X�\177"}} ftObj = {type = objName, {booln = 33203104, intg = 33203104, real = 1.6404513021694076e-316, string = 0x1faa3a0, name = 0x1faa3a0 "Ch", array = 0x1faa3a0, dict = 0x1faa3a0, stream = 0x1faa3a0, ref = { num = 33203104, gen = 0}, cmd = 0x1faa3a0 "Ch"}} appearDict = {type = objNone, {booln = 0, intg = 0, real = 0, string = 0x0, name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = { num = 0, gen = 0}, cmd = 0x0}} drObj = {type = objDict, {booln = 1476487936, intg = 1476487936, real = 6.9462139703422901e-310, string = 0x7fde58016b00, name = 0x7fde58016b00 "�O\001X�\177", array = 0x7fde58016b00, dict = 0x7fde58016b00, stream = 0x7fde58016b00, ref = {num = 1476487936, gen = 32734}, cmd = 0x7fde58016b00 "�O\001X�\177"}} obj1 = {type = objArray, {booln = 1476599152, intg = 1476599152, real = 6.9462139758370905e-310, string = 0x7fde58031d70, name = 0x7fde58031d70 "�O\001X�\177", array = 0x7fde58031d70, dict = 0x7fde58031d70, stream = 0x7fde58031d70, ref = {num = 1476599152, gen = 32734}, cmd = 0x7fde58031d70 "�O\001X�\177"}} obj2 = {type = objNone, {booln = 0, intg = 0, real = 0, string = 0x0, name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0, gen = 0}, cmd = 0x0}} obj3 = {type = objNone, {booln = 31624096, intg = 31624096, real = 1.5624379414385581e-316, string = 0x1e28ba0, name = 0x1e28ba0 "/F2", array = 0x1e28ba0, dict = 0x1e28ba0, stream = 0x1e28ba0, ref = {num = 31624096, gen = 0}, cmd = 0x1e28ba0 "/F2"}} field = (Dict *) 0x7fde5802f4a0 annot = (Dict *) 0x7fde5802f4a0 acroForm = (Dict *) 0x7fde58015720 mkDict = (Dict *) 0x4 appearStream = <value optimized out> fontDict = (GfxFontDict *) 0x204ba90 w = 1 dx = 53.340000000000003 dy = 37.5 r = 6.9462246462390486e-310 dash = <value optimized out> caption = <value optimized out> da = (GooString *) 0x1e9b4f0 selection = (GBool *) 0x204be70 dashLength = <value optimized out> ff = 2097152 quadding = 0 comb = <value optimized out> nOptions = 4 topIdx = 0 i = 0 j = 0 #5 0x00007fde63c1cea6 in AnnotWidget::draw (this=0x1e924a0, gfx=0x1cf24c0, printing=32092960) at Annot.cc:3424 obj = {type = objNone, {booln = 0, intg = 0, real = 0, string = 0x0, name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0, gen = 0}, cmd = 0x0}} #6 0x00007fde63c810de in Page::displaySlice (this=<value optimized out>, out=0x1d54800, hDPI=72, vDPI=72, rotate=<value optimized out>, useMediaBox=<value optimized out>, crop=<value optimized out>, sliceX=<value optimized out>, sliceY=-1, sliceW=-1, sliceH=-1, printing=0, catalog=0x7fde58015090, abortCheckCbk=0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at Page.cc:492 annot = (class Annot *) 0x30 gfx = (Gfx *) 0x1cf24c0 obj = {type = objNone, {booln = 1476625680, intg = 1476625680, real = 6.9462139771477479e-310, string = 0x7fde58038510, name = 0x7fde58038510 "�O\001X�\177", array = 0x7fde58038510, dict = 0x7fde58038510, stream = 0x7fde58038510, ref = {num = 1476625680, gen = 32734}, cmd = 0x7fde58038510 "�O\001X�\177"}} annotList = (Annots *) 0x1cf4530 i = 9 #7 0x00007fde68fe92d1 in _poppler_page_render (page=0x1d406c0, cairo=0x1cf1c00, printing=0) at poppler-page.cc:560 output_dev = (class CairoOutputDev *) 0x1d54800 __PRETTY_FUNCTION__ = "void _poppler_page_render(PopplerPage*, cairo_t*, GBool)" #8 0x00007fde5f4a4c8b in pdf_document_render (document=<value optimized out>, rc=0x1c8ff30) at ev-poppler.cc:510 poppler_page = <value optimized out> width_points = 595.28000000000009 height_points = 841.88999999999999 width = 595 height = 842 #9 0x00007fde6abd3c01 in ev_job_render_run (job=0x1bff2d0) at ev-jobs.c:521 job_render = (EvJobRender *) 0x1bff2d0 rc = <value optimized out> #10 0x00007fde6abd4900 in ev_job_thread_proxy (data=<value optimized out>) at ev-job-scheduler.c:183 job = (EvSchedulerJob *) 0x1d12300 #11 0x00007fde65b7cbe6 in g_thread_create_proxy (data=0x1ccf890) at gthread.c:635 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #12 0x00007fde694108fc in start_thread () from /lib/libpthread.so.0 No locals. #13 0x00007fde64e93a9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 No locals. #14 0x0000000000000000 in ?? () No symbol table info available. Thread 1 (Thread 0x7fde6b810740 (LWP 14927)): #0 __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136 No locals. #1 0x00007fde69413659 in _L_lock_534 () from /lib/libpthread.so.0 No locals. #2 0x00007fde6941346e in pthread_mutex_lock () from /lib/libpthread.so.0 No locals. #3 0x00007fde6abe5593 in draw_loading_text (view=0x1c88000, page_area=0x7fff3b1a1010, expose_area=<value optimized out>) at ev-view.c:4011 loading_text = (const gchar *) 0x7fde6abe9130 "Loading..." layout = <value optimized out> font_desc = <value optimized out> logical_rect = {x = 30382560, y = 0, width = 30552352, height = 0} cr = <value optimized out> #4 0x00007fde6abe6393 in ev_view_expose_event (widget=0x1c88000, event=0x7fff3b1a1590) at ev-view.c:4104 page_area = {x = 5, y = 5, width = 1651, height = 2333} border = {left = 1, right = 4, top = 1, bottom = 4} view = (EvView *) 0x1c88000 cr = (cairo_t *) 0x1d88ca0 i = 0 #5 0x00007fde6a6d1163 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1ab8100, return_value=0x7fff3b1a1270, n_param_values=<value optimized out>, param_values=0x1d90240, invocation_hint=<value optimized out>, marshal_data=0x7fde6abe56b0) at gtkmarshalers.c:84 data1 = (gpointer) 0x1c88000 data2 = (gpointer) 0x1aafb50 v_return = <value optimized out> __PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED" #6 0x00007fde6600f54f in IA__g_closure_invoke (closure=0x1ab8100, return_value=0x7fff3b1a1270, n_param_values=2, param_values=0x1d90240, invocation_hint=0x7fff3b1a1230) at gclosure.c:767 marshal = (GClosureMarshal) 0x7fde6600da70 <g_type_class_meta_marshal> marshal_data = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #7 0x00007fde6602598a in signal_emit_unlocked_R (node=0x1ab8170, detail=0, instance=0x1c88000, emission_return=0x7fff3b1a13b0, instance_and_params=0x1d90240) at gsignal.c:3285 accumulator = (SignalAccumulator *) 0x1ab62c0 emission = {next = 0x7fff3b1a1aa0, instance = 0x1c88000, ihint = { signal_id = 45, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 29871104} class_closure = (GClosure *) 0x1ab8100 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x7fff3b1a1270 accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 45 max_sequential_handler_number = 856 return_value_altered = 0 #8 0x00007fde66027115 in IA__g_signal_emit_valist (instance=0x1c88000, signal_id=<value optimized out>, detail=0, var_args=0x7fff3b1a1410) at gsignal.c:2990 return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} error = <value optimized out> signal_return_type = 20 param_values = (GValue *) 0x1d90258 node = (SignalNode *) 0x1ab8170 i = 1 n_params = 1 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #9 0x00007fde66027753 in IA__g_signal_emit (instance=0x1cc6990, signal_id=128, detail=0) at gsignal.c:3037 var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fff3b1a14f0, reg_save_area = 0x7fff3b1a1430}} #10 0x00007fde6a7f316e in gtk_widget_event_internal (widget=0x1c88000, event=0x7fff3b1a1590) at gtkwidget.c:4767 signal_num = <value optimized out> return_val = 0 #11 0x00007fde6a6c9586 in IA__gtk_main_do_event (event=0x7fff3b1a1590) at gtkmain.c:1558 event_widget = (GtkWidget *) 0x1c88000 grab_widget = (GtkWidget *) 0x1c88000 window_group = (GtkWindowGroup *) 0x1d1ff40 rewritten_event = (GdkEvent *) 0x0 tmp_list = <value optimized out> __PRETTY_FUNCTION__ = "IA__gtk_main_do_event" #12 0x00007fde68d5c826 in _gdk_window_process_updates_recurse ( window=0x1d3e2a0, expose_region=0x1c8f890) at gdkwindow.c:4961 event = {type = GDK_EXPOSE, any = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0'}, expose = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', area = {x = 0, y = 0, width = 1660, height = 897}, region = 0x1c8f890, count = 0}, no_expose = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0'}, visibility = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', state = GDK_VISIBILITY_UNOBSCURED}, motion = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', time = 0, x = 3.522513013002352e-311, y = 4.4317688431959815e-321, axes = 0x1c8f890, state = 0, is_hint = 0, device = 0x0, x_root = 6.9462279169633077e-310, y_root = 6.9462279169862324e-310}, button = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', time = 0, x = 3.522513013002352e-311, y = 4.4317688431959815e-321, axes = 0x1c8f890, state = 0, button = 0, device = 0x0, x_root = 6.9462279169633077e-310, y_root = 6.9462279169862324e-310}, scroll = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', time = 0, x = 3.522513013002352e-311, y = 4.4317688431959815e-321, state = 29948048, direction = GDK_SCROLL_UP, device = 0x0, x_root = 0, y_root = 6.9462279169633077e-310}, key = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', time = 0, state = 0, keyval = 1660, length = 897, string = 0x1c8f890 "\002", hardware_keycode = 0, group = 0 '\0', is_modifier = 0}, crossing = { type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', subwindow = 0x67c00000000, time = 897, x = 1.4796301676804652e-316, y = 0, x_root = 0, y_root = 6.9462279169633077e-310, mode = 1758771152, detail = 32734, focus = 29936480, state = 0}, focus_change = { type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', in = 0}, configure = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', x = 0, y = 0, width = 1660, height = 897}, property = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', atom = 0x67c00000000, time = 897, state = 0}, selection = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', selection = 0x67c00000000, target = 0x381, property = 0x1c8f890, time = 0, requestor = 0}, owner_change = { type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', owner = 0, reason = GDK_OWNER_CHANGE_NEW_OWNER, selection = 0x381, time = 29948048, selection_time = 0}, proximity = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', time = 0, device = 0x67c00000000}, client = { type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', message_type = 0x67c00000000, data_format = 897, data = { b = "\220��\001", '\0' <repeats 15 times>, s = {-1904, 456, 0, 0, 0, 0, 0, 0, 0, 0}, l = {29948048, 0, 0, 140593218237952, 140593218238416}}}, dnd = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', context = 0x67c00000000, time = 897, x_root = 0, y_root = 0}, window_state = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', changed_mask = 0, new_window_state = 0}, setting = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', action = GDK_SETTING_ACTION_NEW, name = 0x67c00000000 <Address 0x67c00000000 out of bounds>}, grab_broken = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', keyboard = 0, implicit = 0, grab_window = 0x381}} child = <value optimized out> child_region = (GdkRegion *) 0x1c8f890 r = {x = 31958368, y = 0, width = 29948048, height = 0} l = (GList *) 0x1e7a560 children = (GList *) 0x0 #13 0x00007fde68d5c7d3 in _gdk_window_process_updates_recurse ( window=0x1d3e190, expose_region=0x1c8cb60) at gdkwindow.c:4934 child = (GdkWindowObject *) 0x1d3e2a0 child_region = (GdkRegion *) 0x1c8f890 r = {x = 0, y = 0, width = 1660, height = 897} l = (GList *) 0x1e7a560 children = (GList *) 0x1e7a560 #14 0x00007fde68d5c7d3 in _gdk_window_process_updates_recurse ( window=0x1bfce50, expose_region=0x1d23c40) at gdkwindow.c:4934 child = (GdkWindowObject *) 0x1d3e190 child_region = (GdkRegion *) 0x1c8cb60 r = {x = 1, y = 79, width = 1660, height = 897} l = (GList *) 0x1e7a720 children = (GList *) 0x1e7a920 #15 0x00007fde68d58751 in gdk_window_process_updates_internal ( window=0x1bfce50) at gdkwindow.c:5116 expose_region = (GdkRegion *) 0x1d23c40 save_region = <value optimized out> clip_box = {x = 0, y = 0, width = 1680, height = 977} #16 0x00007fde68d5cb76 in IA__gdk_window_process_updates (window=0x1bfce50, update_children=1) at gdkwindow.c:5268 impl_window = (GdkWindowObject *) 0x1bfce50 __PRETTY_FUNCTION__ = "IA__gdk_window_process_updates" #17 0x00007fde6a80f332 in gtk_window_check_resize ( container=<value optimized out>) at gtkwindow.c:6188 No locals. #18 0x00007fde6600f54f in IA__g_closure_invoke (closure=0x1abc6e0, return_value=0x0, n_param_values=1, param_values=0x1c9fd80, invocation_hint=0x7fff3b1a1ab0) at gclosure.c:767 marshal = (GClosureMarshal) 0x7fde6600da70 <g_type_class_meta_marshal> marshal_data = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #19 0x00007fde6602598a in signal_emit_unlocked_R (node=0x1abc730, detail=0, instance=0x1aee0f0, emission_return=0x0, instance_and_params=0x1c9fd80) at gsignal.c:3285 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x0, instance = 0x1aee0f0, ihint = {signal_id = 86, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 28295264} class_closure = (GClosure *) 0x1abc6e0 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 86 max_sequential_handler_number = 853 return_value_altered = 0 #20 0x00007fde6602724e in IA__g_signal_emit_valist (instance=0x1aee0f0, signal_id=<value optimized out>, detail=0, var_args=0x7fff3b1a1c90) at gsignal.c:2980 signal_return_type = 4 param_values = (GValue *) 0x1c9fd98 node = (SignalNode *) 0x1abc730 i = 0 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #21 0x00007fde66027753 in IA__g_signal_emit (instance=0x1cc6990, signal_id=128, detail=0) at gsignal.c:3037 var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff3b1a1d70, reg_save_area = 0x7fff3b1a1cb0}} #22 0x00007fde6a63743a in gtk_container_idle_sizer (data=<value optimized out>) at gtkcontainer.c:1350 widget = (GtkWidget *) 0x1aee0f0 #23 0x00007fde68d36487 in gdk_threads_dispatch (data=0x1d60a00) at gdk.c:506 ret = 0 #24 0x00007fde65b53e49 in IA__g_main_context_dispatch (context=0x1a67f60) at gmain.c:1960 No locals. #25 0x00007fde65b57698 in g_main_context_iterate (context=0x1a67f60, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2591 max_priority = 110 timeout = 0 some_ready = 1 nfds = 9 allocated_nfds = <value optimized out> fds = (GPollFD *) 0x1d3dba0 __PRETTY_FUNCTION__ = "g_main_context_iterate" #26 0x00007fde65b57b6d in IA__g_main_loop_run (loop=0x1a609c0) at gmain.c:2799 self = (GThread *) 0x1a5e090 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #27 0x00007fde6a6c9777 in IA__gtk_main () at gtkmain.c:1205 tmp_list = (GList *) 0x0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x0 loop = (GMainLoop *) 0x1a609c0 #28 0x000000000043d39c in main (argc=1, argv=0x7fff3b1a2108) at main.c:497 context = <value optimized out> args = (GHashTable *) 0x1ad4c00 error = (GError *) 0x0 #0 0x00007fde69413437 in pthread_mutex_lock () from /lib/libpthread.so.0 " I also did a valgrind run today and this came up in the log: ==17995== Thread 2: ==17995== Invalid read of size 4 ==17995== at 0x678E437: pthread_mutex_lock (in /lib64/libpthread-2.10.1.so) ==17995== by 0xC59F561: CharCodeToUnicode::decRefCnt() (CharCodeToUnicode.cc:463) ==17995== by 0xC589E12: AnnotWidget::layoutText(GooString*, GooString*, int*, GfxFont*, double*, double, int*, int) (Annot.cc:2236) ==17995== by 0xC58AAF8: AnnotWidget::drawListBox(GooString**, int*, int, int, GooString*, GfxFontDict*, int) (Annot.cc:2933) ==17995== by 0xC599C35: AnnotWidget::generateFieldAppearance() (Annot.cc:3323) ==17995== by 0xC599EA5: AnnotWidget::draw(Gfx*, int) (Annot.cc:3424) ==17995== by 0xC5FE0DD: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:492) ==17995== by 0x69BB2D0: _poppler_page_render(_PopplerPage*, _cairo*, int) (poppler-page.cc:560) ==17995== by 0x1220901A: ??? (ev-poppler.cc:510) ==17995== by 0x54825D0: ev_job_render_run (ev-jobs.c:521) ==17995== by 0x54832CF: ev_job_thread_proxy (ev-job-scheduler.c:183) ==17995== by 0x7BB6BE5: g_thread_create_proxy (gthread.c:635) ==17995== by 0x678B8FB: start_thread (in /lib64/libpthread-2.10.1.so) ==17995== by 0x84FBA9C: clone (clone.S:112) ==17995== Address 0x40 is not stack'd, malloc'd or (recently) free'd ==17995== ==17995== Process terminating with default action of signal 11 (SIGSEGV) ==17995== Access not within mapped region at address 0x40 ==17995== at 0x678E437: pthread_mutex_lock (in /lib64/libpthread-2.10.1.so) ==17995== by 0xC59F561: CharCodeToUnicode::decRefCnt() (CharCodeToUnicode.cc:463) ==17995== by 0xC589E12: AnnotWidget::layoutText(GooString*, GooString*, int*, GfxFont*, double*, double, int*, int) (Annot.cc:2236) ==17995== by 0xC58AAF8: AnnotWidget::drawListBox(GooString**, int*, int, int, GooString*, GfxFontDict*, int) (Annot.cc:2933) ==17995== by 0xC599C35: AnnotWidget::generateFieldAppearance() (Annot.cc:3323) ==17995== by 0xC599EA5: AnnotWidget::draw(Gfx*, int) (Annot.cc:3424) ==17995== by 0xC5FE0DD: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:492) ==17995== by 0x69BB2D0: _poppler_page_render(_PopplerPage*, _cairo*, int) (poppler-page.cc:560) ==17995== by 0x1220901A: ??? (ev-poppler.cc:510) ==17995== by 0x54825D0: ev_job_render_run (ev-jobs.c:521) ==17995== by 0x54832CF: ev_job_thread_proxy (ev-job-scheduler.c:183) ==17995== by 0x7BB6BE5: g_thread_create_proxy (gthread.c:635) ==17995== by 0x678B8FB: start_thread (in /lib64/libpthread-2.10.1.so) ==17995== by 0x84FBA9C: clone (clone.S:112) ==17995== If you believe this happened as a result of a stack overflow in your ==17995== program's main thread (unlikely but possible), you can try to increase ==17995== the size of the main thread stack using the --main-stacksize= flag. ==17995== The main thread stack size used in this run was 8388608. Happens with poppler 0.10 and 0.12.
Fixed, thanks for the report.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.