Bug 90093

Summary: Segmentation fault in build_ocg_state
Product: poppler Reporter: Jason Crain <jason>
Component: glib frontendAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Fix segfault when creating PopplerAction

Description Jason Crain 2015-04-18 22:34:45 UTC 
The document in bug #42823 <https://bugs.freedesktop.org/attachment.cgi?id=53405> crashes evince.

backtrace:

(gdb) r
Starting program: /home/jason/devel/install/bin/evince CNT417758-53405.pdf
...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffdbfff700 (LWP 13911)]
0x00007fffe80a88e7 in build_ocg_state (document=0x0, action=0x788c80, ocg_state=0x7fffd40dabc0) at poppler-action.cc:589
589             if (!document->layers) {
(gdb) bt
#0  0x00007fffe80a88e7 in build_ocg_state (document=0x0, action=0x788c80, ocg_state=0x7fffd40dabc0) at poppler-action.cc:589
#1  0x00007fffe80a8d4a in _poppler_action_new (document=0x0, link=0x7fffd40dabc0, title=0x0) at poppler-action.cc:671
#2  0x00007fffe80b5da1 in poppler_form_field_get_action (field=0xc64790) at poppler-form-field.cc:191
#3  0x00007fffe82ff7b1 in ev_form_field_from_poppler_field (pdf_document=0xb70b30, poppler_field=0xc64790) at ev-poppler.cc:2384
#4  0x00007fffe82ffc4b in pdf_document_forms_get_form_fields (document=0xb70b30, page=0x7fffd40e3010) at ev-poppler.cc:2504
#5  0x00007ffff7bb78aa in ev_document_forms_get_form_fields (document_forms=0xb70b30, page=0x7fffd40e3010) at ev-document-forms.c:37
#6  0x00007ffff7956477 in ev_job_page_data_run (job=0xac2ef0) at ev-jobs.c:770
#7  0x00007ffff7955004 in ev_job_run (job=0xac2ef0) at ev-jobs.c:215
#8  0x00007ffff79590eb in ev_job_thread (job=0xac2ef0) at ev-job-scheduler.c:184
#9  0x00007ffff795919e in ev_job_thread_proxy (data=0x0) at ev-job-scheduler.c:217
#10 0x00007ffff24d636c in g_thread_proxy (data=0xaf35e0) at gthread.c:764
#11 0x00007ffff74760a4 in start_thread (arg=0x7fffdbfff700) at pthread_create.c:309
#12 0x00007ffff1c7504d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Comment 1 Jason Crain 2015-04-18 22:42:34 UTC 
Created attachment 115187 [details] [review]
Fix segfault when creating PopplerAction

Attached patch fixes the segfault by modifying _poppler_annot_screen_new and poppler_form_field_get_action to pass the PopplerDocument instead of NULL.
Comment 2 Carlos Garcia Campos 2015-04-19 07:04:40 UTC 
LGTM, pushed, thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.