Bug 22485

Summary: Evince crashes (in poppler) on certain PDF
Product: poppler Reporter: Tobias Mueller <fdo-bugs>
Component: generalAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
URL: http://bugzilla.gnome.org/show_bug.cgi?id=585564
Whiteboard:
i915 platform: i915 features:
Attachments: crashing PDF

Description Tobias Mueller 2009-06-25 18:51:08 UTC
Created attachment 27143 [details]
crashing PDF

this bug has been reported here: http://bugzilla.gnome.org/show_bug.cgi?id=585564

Evince crashes in poppler:
muelli@xbox:/tmp$ gdb evince #/dev/shm/nocrypto-nosaved-tes3.pdf 
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(no debugging symbols found)
(gdb) r/dev/shm/nocrypto-nosaved-tes3.pdf 
Starting program: /usr/bin/evince /dev/shm/nocrypto-nosaved-tes3.pdf
(no debugging symbols found)
(no debugging symbols found)

(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0x7fb3cac29780 (LWP 23491)]
[New Thread 0x41190950 (LWP 23495)]
Error: FormWidgetButton:: unable to find the on state for the button


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41190950 (LWP 23495)]
0x00007fb3c4001973 in FormFieldButton::setState (this=0x1648c70, num=0, 
    s=<value optimized out>) at ../goo/GooString.h:85
85      ../goo/GooString.h: No such file or directory.
---Type <return> to continue, or q <return> to quit---
        in ../goo/GooString.h
Current language:  auto; currently c++
(gdb) bt
#0  0x00007fb3c4001973 in FormFieldButton::setState (this=0x1648c70, num=0, 
    s=<value optimized out>) at ../goo/GooString.h:85
#1  0x00007fb3c4001b51 in FormWidgetButton::setState (this=0x1648ce0, 
    astate=1, calledByParent=<value optimized out>) at Form.cc:198
#2  0x00007fb3c4002196 in FormWidgetButton::loadDefaults (this=0x1648ce0)
    at Form.cc:274
#3  0x00007fb3c4000766 in FormField::loadChildrenDefaults (this=0x1648c70)
    at Form.cc:790
#4  0x00007fb3c40039ff in Form::createFieldFromDict (obj=0x4118fdc0, 
    xrefA=0x12b2450, pref=@0x4118fde0) at Form.cc:1217
#5  0x00007fb3c40046de in Form (this=0x15f6f10, xrefA=0x12b2450, 
    acroFormA=<value optimized out>) at Form.cc:1153
#6  0x00007fb3c3ff8b64 in Catalog (this=0x160a2c0, xrefA=<value optimized out>)
    at Catalog.cc:62
#7  0x00007fb3c405db59 in PDFDoc::setup (this=0x15f6f70, ownerPassword=0x0, 
    userPassword=0x0) at PDFDoc.cc:215
#8  0x00007fb3c405dcc1 in PDFDoc (this=0x15f6f70, 
    fileNameA=<value optimized out>, ownerPassword=0x0, userPassword=0x0, 
    guiDataA=<value optimized out>) at PDFDoc.cc:104
#9  0x00007fb3c83886cd in poppler_document_new_from_file (
    uri=<value optimized out>, password=0x0, error=0x4118ffa8)
    at poppler-document.cc:169
#10 0x00007fb3c0220b99 in ?? () from /usr/lib/evince/backends/libpdfdocument.so
---Type <return> to continue, or q <return> to quit---
#11 0x00007fb3ca417dc0 in ev_document_factory_get_document ()
   from /usr/lib/libevbackend.so.0
#12 0x0000000000422637 in ?? ()
#13 0x0000000000420620 in ?? ()
#14 0x00007fb3c55c9284 in ?? () from /usr/lib/libglib-2.0.so.0
#15 0x00007fb3c53513ea in start_thread () from /lib/libpthread.so.0
#16 0x00007fb3c50bec6d in clone () from /lib/libc.so.6
#17 0x0000000000000000 in ?? ()
(gdb) t a a bt full

Thread 2 (Thread 0x41190950 (LWP 23495)):
#0  0x00007fb3c4001973 in FormFieldButton::setState (this=0x1648c70, num=0, 
    s=<value optimized out>) at ../goo/GooString.h:85
No locals.
#1  0x00007fb3c4001b51 in FormWidgetButton::setState (this=0x1648ce0, 
    astate=1, calledByParent=<value optimized out>) at Form.cc:198
        offStr = <value optimized out>
        obj1 = {type = objInt, {booln = 8, intg = 8, 
    real = 3.9525251667299724e-323, string = 0x8, 
    name = 0x8 <Address 0x8 out of bounds>, array = 0x8, dict = 0x8, 
    stream = 0x8, ref = {num = 8, gen = 0}, 
    cmd = 0x8 <Address 0x8 out of bounds>}}
#2  0x00007fb3c4002196 in FormWidgetButton::loadDefaults (this=0x1648ce0)
    at Form.cc:274
        dict = (Dict *) 0x1648dc0
        obj1 = {type = objName, {booln = 23369520, intg = 23369520, 
    real = 1.1546076991799928e-316, string = 0x1649730, name = 0x1649730 "Ja", 
    array = 0x1649730, dict = 0x1649730, stream = 0x1649730, ref = {
      num = 23369520, gen = 0}, cmd = 0x1649730 "Ja"}}
#3  0x00007fb3c4000766 in FormField::loadChildrenDefaults (this=0x1648c70)
    at Form.cc:790
        i = 1
---Type <return> to continue, or q <return> to quit---
#4  0x00007fb3c40039ff in Form::createFieldFromDict (obj=0x4118fdc0, 
    xrefA=0x12b2450, pref=@0x4118fde0) at Form.cc:1217
        obj2 = {type = objNone, {booln = 23369520, intg = 23369520, 
    real = 1.1546076991799928e-316, string = 0x1649730, name = 0x1649730 "Ja", 
    array = 0x1649730, dict = 0x1649730, stream = 0x1649730, ref = {
      num = 23369520, gen = 0}, cmd = 0x1649730 "Ja"}}
        field = <value optimized out>
#5  0x00007fb3c40046de in Form (this=0x15f6f10, xrefA=0x12b2450, 
    acroFormA=<value optimized out>) at Form.cc:1153
No locals.
#6  0x00007fb3c3ff8b64 in Catalog (this=0x160a2c0, xrefA=<value optimized out>)
    at Catalog.cc:62
No locals.
#7  0x00007fb3c405db59 in PDFDoc::setup (this=0x15f6f70, ownerPassword=0x0, 
    userPassword=0x0) at PDFDoc.cc:215
No locals.
#8  0x00007fb3c405dcc1 in PDFDoc (this=0x15f6f70, 
    fileNameA=<value optimized out>, ownerPassword=0x0, userPassword=0x0, 
    guiDataA=<value optimized out>) at PDFDoc.cc:104
No locals.
#9  0x00007fb3c83886cd in poppler_document_new_from_file (
    uri=<value optimized out>, password=0x0, error=0x4118ffa8)
    at poppler-document.cc:169
---Type <return> to continue, or q <return> to quit---
        newDoc = <value optimized out>
        filename_g = <value optimized out>
        password_g = <value optimized out>
        filename = <value optimized out>
#10 0x00007fb3c0220b99 in ?? () from /usr/lib/evince/backends/libpdfdocument.so
No symbol table info available.
#11 0x00007fb3ca417dc0 in ev_document_factory_get_document ()
   from /usr/lib/libevbackend.so.0
No symbol table info available.
#12 0x0000000000422637 in ?? ()
No symbol table info available.
#13 0x0000000000420620 in ?? ()
No symbol table info available.
#14 0x00007fb3c55c9284 in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#15 0x00007fb3c53513ea in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#16 0x00007fb3c50bec6d in clone () from /lib/libc.so.6
No symbol table info available.
#17 0x0000000000000000 in ?? ()
No symbol table info available.

Thread 1 (Thread 0x7fb3cac29780 (LWP 23491)):
---Type <return> to continue, or q <return> to quit---
#0  0x00007fb3c53552d9 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/libpthread.so.0
No symbol table info available.
#1  0x00007fb3c55c9a92 in g_static_rw_lock_reader_lock ()
   from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#2  0x00007fb3c5a558dd in g_type_class_peek_static ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#3  0x00007fb3c5a41a22 in g_object_newv () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#4  0x00007fb3c5a42767 in g_object_new_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#5  0x00007fb3c5a428ac in g_object_new () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#6  0x00007fb3c10edf3a in ?? ()
   from /usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
No symbol table info available.
#7  0x00007fb3c9769a02 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#8  0x00007fb3c9769efd in gtk_rc_get_style () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#9  0x00007fb3c98346f8 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#10 0x00007fb3c978af85 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#11 0x00007fb3c978b248 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#12 0x00007fb3c9733b47 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#13 0x00007fb3c5a3c1af in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#14 0x00007fb3c5a51878 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0x00007fb3c5a53608 in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0x00007fb3c5a53987 in g_signal_emit_by_name ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0x00007fb3c978b248 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#18 0x00007fb3c9829df6 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#19 0x00007fb3c5a3c1af in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#20 0x00007fb3c5a51878 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#21 0x00007fb3c5a53608 in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#22 0x00007fb3c5a53987 in g_signal_emit_by_name ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#23 0x00007fb3c978b248 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#24 0x00007fb3c983c7f0 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#25 0x00007fb3c5a3c25d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#26 0x00007fb3c5a51878 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#27 0x00007fb3c5a53608 in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#28 0x00007fb3c5a53987 in g_signal_emit_by_name ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#29 0x00007fb3c978b248 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#30 0x00007fb3c98457ba in ?? () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#31 0x00007fb3c5a3c25d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#32 0x00007fb3c5a51878 in ?? () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#33 0x00007fb3c5a53608 in g_signal_emit_valist ()
   from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#34 0x00007fb3c5a53b33 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#35 0x00007fb3c9835b66 in gtk_widget_realize ()
   from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#36 0x000000000041f403 in ?? ()
No symbol table info available.
#37 0x000000000041f594 in ?? ()
No symbol table info available.
#38 0x000000000044e334 in ?? ()
No symbol table info available.
#39 0x00007fb3c4ff6466 in __libc_start_main () from /lib/libc.so.6
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#40 0x000000000041d479 in ?? ()
No symbol table info available.
#41 0x00007fffd2c62f28 in ?? ()
No symbol table info available.
#42 0x000000000000001c in ?? ()
No symbol table info available.
#43 0x0000000000000002 in ?? ()
No symbol table info available.
#44 0x00007fffd2c645cd in ?? ()
No symbol table info available.
#45 0x0000000000000000 in ?? ()
No symbol table info available.
0x00007fb3c4001973      85      in ../goo/GooString.h
(gdb) 
muelli@xbox:/tmp$ apt-cache policy poppler-dbg libpoppler4 evince
poppler-dbg:
  Installed: 0.8.7-1ubuntu0.2
  Candidate: 0.8.7-1ubuntu0.2
  Version table:
     0.11.0-0ubuntu3 0
        300 http://de.archive.ubuntu.com karmic/main Packages
     0.10.5-1ubuntu2 0
        400 http://de.archive.ubuntu.com jaunty/main Packages
 *** 0.8.7-1ubuntu0.2 0
        550 http://security.ubuntu.com intrepid-security/main Packages
        100 /var/lib/dpkg/status
     0.8.7-1 0
        500 http://de.archive.ubuntu.com intrepid/main Packages
libpoppler4:
  Installed: (none)
  Candidate: 0.10.5-1ubuntu2
  Version table:
     0.10.6-1ubuntu1 0
        300 http://de.archive.ubuntu.com karmic/main Packages
     0.10.5-1ubuntu2 0
        400 http://de.archive.ubuntu.com jaunty/main Packages
evince:
  Installed: 2.24.1-0ubuntu1
  Candidate: 2.24.1-0ubuntu1
  Version table:
     2.27.1-0ubuntu1 0
        300 http://de.archive.ubuntu.com karmic/main Packages
     2.26.0-0ubuntu1 0
        400 http://de.archive.ubuntu.com jaunty/main Packages
 *** 2.24.1-0ubuntu1 0
        500 http://de.archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status
muelli@xbox:/tmp$ 


In fact, okular crashes on my system too.
Comment 1 Albert Astals Cid 2009-06-28 08:13:13 UTC
crash fixed, thanks for reporting
Comment 2 Tobias Mueller 2009-06-28 14:37:13 UTC
*yay* thank you :)
Could you tell us the revision id which made the patch? That helps, e.g. distros backporting that patch. TIA!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.