This report has been filled here: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/180887 "The Document Viewer won't open this PDF: http://launchpadlibrarian.net/11179656/ch2-online.pdf This is the Child Benefit claim form for the UK." Stacktrace: "Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb6999b90 (LWP 9324)] DecryptStream::getChar (this=0x8372e38) at Decrypt.cc:271 271 c = state.aes.buf[state.aes.bufIdx++]; Current language: auto; currently c++ #0 DecryptStream::getChar (this=0x8372e38) at Decrypt.cc:271 #1 0xb7b10dae in Parser::getObj (this=0x83719a8, obj=0xb6998fb0, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:127 #2 0xb7b111ef in Parser::getObj (this=0x83719a8, obj=0xb6999020, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:86 #3 0xb7b111ef in Parser::getObj (this=0x83719a8, obj=0xb6999090, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:86 #4 0xb7b111ef in Parser::getObj (this=0x83719a8, obj=0xb69991c0, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:86 #5 0xb7b1e3b3 in XRef::fetch (this=0x836fee0, num=23, gen=0, obj=0xb69991c0) at XRef.cc:906 #6 0xb7ab4b35 in Catalog (this=0x8370658, xrefA=0x836fee0) at XRef.h:79 #7 0xb7b11b26 in PDFDoc::setup (this=0x836faa0, ownerPassword=0x0, userPassword=0x0) at PDFDoc.cc:206 #8 0xb7b11db5 in PDFDoc (this=0x836faa0, fileNameA=0x836fa78, ownerPassword=0x0, userPassword=0x0, guiDataA=0x0) at PDFDoc.cc:102 #9 0xb7bf67e2 in poppler_document_new_from_file ( uri=0x834e738 "file:///home/pvillavi/ch2-online.pdf", password=0x0, error=0xb69992bc) at poppler-document.cc:143 #10 0x080a2279 in pdf_document_load (document=0x81990c8, uri=0x834e738 "file:///home/pvillavi/ch2-online.pdf", error=0x8313574) at ev-poppler.cc:284 #11 0x0809ad11 in ev_document_load (document=0x81990c8, uri=0x834e738 "file:///home/pvillavi/ch2-online.pdf", error=0x8313574) at ev-document.c:122 #12 0x0809b125 in ev_document_factory_get_document ( uri=0xc90c8 <Address 0xc90c8 out of bounds>, error=0x8313574) at ev-document-factory.c:347 #13 0x08061e90 in ev_job_load_run (job=0x8313550) at ev-jobs.c:570 #14 0x08060750 in handle_job (job=0x8313550) at ev-job-queue.c:132 #15 0x08060d3c in ev_render_thread (data=0x0) at ev-job-queue.c:263 #16 0xb6eb122f in g_thread_create_proxy (data=0x811e128) at gthread.c:635 #17 0xb7c184fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb79698ee in clone () from /lib/tls/i686/cmov/libc.so.6" "Thread 2 (Thread 0xb6999b90 (LWP 9324)): #0 DecryptStream::getChar (this=0x8372e38) at Decrypt.cc:271 in = "BDŽ· \0307\bà\216\231¶\001\000\000" c = -1 i = 137834040 #1 0xb7b10dae in Parser::getObj (this=0x83719a8, obj=0xb6998fb0, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:127 key = <value optimized out> str = <value optimized out> obj2 = {type = objNull, {booln = 137828800, intg = 137828800, real = -nan(0xfffff083719c0), string = 0x83719c0, name = 0x83719c0 "\004", array = 0x83719c0, dict = 0x83719c0, stream = 0x83719c0, ref = { num = 137828800, gen = -1}, cmd = 0x83719c0 "\004"}} num = <value optimized out> decrypt = (class DecryptStream *) 0x8372e38 s = <value optimized out> s2 = (GooString *) 0x8371820 c = <value optimized out> #2 0xb7b111ef in Parser::getObj (this=0x83719a8, obj=0xb6999020, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:86 key = 0x8370108 "Contents" str = <value optimized out> obj2 = {type = objName, {booln = 137829520, intg = 137829520, real = 6.8096830814789007e-316, string = 0x8371c90, name = 0x8371c90 "Adobe.PPKLite", array = 0x8371c90, dict = 0x8371c90, stream = 0x8371c90, ref = {num = 137829520, gen = 0}, cmd = 0x8371c90 "Adobe.PPKLite"}} num = <value optimized out> decrypt = <value optimized out> s = <value optimized out> s2 = <value optimized out> c = <value optimized out> #3 0xb7b111ef in Parser::getObj (this=0x83719a8, obj=0xb6999090, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:86 key = 0x8371960 "UR3" str = <value optimized out> obj2 = {type = objDict, {booln = 137829496, intg = 137829496, real = -nan(0xfffff08371c78), string = 0x8371c78, name = 0x8371c78 "àþ6\bš\0347\b\b", array = 0x8371c78, dict = 0x8371c78, stream = 0x8371c78, ref = {num = 137829496, gen = -1}, cmd = 0x8371c78 "àþ6\bš\0347\b\b"}} num = <value optimized out> decrypt = <value optimized out> s = <value optimized out> s2 = <value optimized out> c = <value optimized out> #4 0xb7b111ef in Parser::getObj (this=0x83719a8, obj=0xb69991c0, fileKey=0x836ff34 "\224š÷ë\033\r^s$ÅíÁ$Ä+è", encAlgorithm=cryptAES, keyLength=16, objNum=23, objGen=0) at Parser.cc:86 key = 0x8371970 "Perms" str = <value optimized out> obj2 = {type = objDict, {booln = 137822520, intg = 137822520, real = 6.8093372355268119e-316, string = 0x8370138, name = 0x8370138 "àþ6\b", array = 0x8370138, dict = 0x8370138, stream = 0x8370138, ref = {num = 137822520, gen = 0}, cmd = 0x8370138 "àþ6\b"}} num = <value optimized out> decrypt = <value optimized out> s = <value optimized out> s2 = <value optimized out> c = <value optimized out> #5 0xb7b1e3b3 in XRef::fetch (this=0x836fee0, num=23, gen=0, obj=0xb69991c0) at XRef.cc:906 e = <value optimized out> parser = (Parser *) 0x83719a8 obj1 = {type = objInt, {booln = 23, intg = 23, real = 4.3587385789441928e-269, string = 0x17, name = 0x17 <Address 0x17 out of bounds>, array = 0x17, dict = 0x17, stream = 0x17, ref = {num = 23, gen = 137823976}, cmd = 0x17 <Address 0x17 out of bounds>}} obj2 = {type = objInt, {booln = 0, intg = 0, real = -1.1196959744695033e-45, string = 0x0, name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0, gen = -1231449664}, cmd = 0x0}} obj3 = {type = objCmd, {booln = 137828888, intg = 137828888, real = 6.8096518565300836e-316, string = 0x8371a18, name = 0x8371a18 "obj", array = 0x8371a18, dict = 0x8371a18, stream = 0x8371a18, ref = {num = 137828888, gen = 0}, cmd = 0x8371a18 "obj"}} #6 0xb7ab4b35 in Catalog (this=0x8370658, xrefA=0x836fee0) at XRef.h:79 No locals. #7 0xb7b11b26 in PDFDoc::setup (this=0x836faa0, ownerPassword=0x0, userPassword=0x0) at PDFDoc.cc:206 No locals. #8 0xb7b11db5 in PDFDoc (this=0x836faa0, fileNameA=0x836fa78, ownerPassword=0x0, userPassword=0x0, guiDataA=0x0) at PDFDoc.cc:102 No locals. #9 0xb7bf67e2 in poppler_document_new_from_file ( uri=0x834e738 "file:///home/pvillavi/ch2-online.pdf", password=0x0, error=0xb69992bc) at poppler-document.cc:143 newDoc = (PDFDoc *) 0x836faa0 filename_g = (GooString *) 0x836fa78 password_g = (GooString *) 0x0 filename = <value optimized out> #10 0x080a2279 in pdf_document_load (document=0x81990c8, uri=0x834e738 "file:///home/pvillavi/ch2-online.pdf", error=0x8313574) at ev-poppler.cc:284 poppler_error = (GError *) 0x0 #11 0x0809ad11 in ev_document_load (document=0x81990c8, uri=0x834e738 "file:///home/pvillavi/ch2-online.pdf", error=0x8313574) at ev-document.c:122 retval = 823496 #12 0x0809b125 in ev_document_factory_get_document ( uri=0xc90c8 <Address 0xc90c8 out of bounds>, error=0x8313574) at ev-document-factory.c:347 document = (EvDocument *) 0x81990c8 result = <value optimized out> compression = EV_COMPRESSION_NONE uri_unc = (gchar *) 0x0 #13 0x08061e90 in ev_job_load_run (job=0x8313550) at ev-jobs.c:570 __PRETTY_FUNCTION__ = "ev_job_load_run" #14 0x08060750 in handle_job (job=0x8313550) at ev-job-queue.c:132 __PRETTY_FUNCTION__ = "handle_job" #15 0x08060d3c in ev_render_thread (data=0x0) at ev-job-queue.c:263 job = (EvJob *) 0x8313550 #16 0xb6eb122f in g_thread_create_proxy (data=0x811e128) at gthread.c:635 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #17 0xb7c184fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #18 0xb79698ee in clone () from /lib/tls/i686/cmov/libc.so.6 No symbol table info available. Thread 1 (Thread 0xb6d0b6c0 (LWP 9321)): #0 0xffffe410 in __kernel_vsyscall () No symbol table info available. #1 0xb7c1f589 in __lll_lock_wait () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #2 0xb7c1aba6 in _L_lock_95 () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #3 0xb7c1a58a in pthread_mutex_lock () from /lib/tls/i686/cmov/libpthread.so.0 No symbol table info available. #4 0x0809a776 in ev_document_fc_mutex_lock () at ev-document.c:105 No locals. #5 0x08077beb in draw_loading_text (view=0x8280028, page_area=0xbfef4d40, expose_area=<value optimized out>) at ev-view.c:3517 layout = <value optimized out> font_desc = <value optimized out> logical_rect = {x = 16, y = 135006696, width = -1212040692, height = 16777224} cr = <value optimized out> #6 0x080782f2 in ev_view_expose_event (widget=0x8280028, event=0xbfef52d4) at ev-view.c:2499 area = {x = 0, y = 0, width = 449, height = 512} view = (EvView *) 0x8280028 cr = <value optimized out> i = <value optimized out> #7 0xb755cb84 in _gtk_marshal_BOOLEAN__BOXED (closure=0x80f9128, return_value=0xbfef4f00, n_param_values=2, param_values=0xbfef4fdc, invocation_hint=0xbfef4eec, marshal_data=0x8077d40) at gtkmarshalers.c:84 data1 = (gpointer) 0x8280028 data2 = <value optimized out> v_return = <value optimized out> __PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED" #8 0xb6f301f9 in g_type_class_meta_marshal (closure=0x80f9128, return_value=0xbfef4f00, n_param_values=2, param_values=0xbfef4fdc, invocation_hint=0xbfef4eec, marshal_data=0xc8) at gclosure.c:567 callback = <value optimized out> #9 0xb6f319e3 in IA__g_closure_invoke (closure=0x80f9128, return_value=0xbfef4f00, n_param_values=2, param_values=0xbfef4fdc, invocation_hint=0xbfef4eec) at gclosure.c:490 marshal = (GClosureMarshal) 0xb6f301b0 <g_type_class_meta_marshal> marshal_data = (gpointer) 0xc8 __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #10 0xb6f4431f in signal_emit_unlocked_R (node=0x80f9328, detail=0, instance=0x8280028, emission_return=0xbfef519c, instance_and_params=0xbfef4fdc) at gsignal.c:2478 tmp = <value optimized out> handler = (Handler *) 0xbfef4eb8 accumulator = (SignalAccumulator *) 0x80f9218 emission = {next = 0x0, instance = 0x8280028, ihint = {signal_id = 43, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 136830352} class_closure = (GClosure *) 0x80f9128 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0xbfef4f00 accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 43 max_sequential_handler_number = 2402 return_value_altered = 0 #11 0xb6f44da2 in IA__g_signal_emit_valist (instance=0x8280028, signal_id=43, detail=0, var_args=0xbfef5220 "8Rï¿ÔRï¿(") at gsignal.c:2209 _flags = <value optimized out> _vtable = <value optimized out> _lcopy_format = <value optimized out> _cvalues = {{v_int = -1074834888, v_long = -1074834888, v_int64 = 3220132408, v_double = 1.5909567978528484e-314, v_pointer = 0xbfef5238}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}} return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} error = <value optimized out> instance_and_params = (GValue *) 0xbfef4fdc stack_values = {{g_type = 136830352, data = {{v_int = 136839208, v_uint = 136839208, v_long = 136839208, v_ulong = 136839208, v_int64 = 136839208, v_uint64 = 136839208, v_float = 5.05558447e-34, v_double = 6.7607551676924671e-316, v_pointer = 0x8280028}, { v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, { g_type = 135236648, data = {{v_int = -1074834732, v_uint = 3220132564, v_long = -1074834732, v_ulong = 3220132564, v_int64 = 3220132564, v_uint64 = 3220132564, v_float = -1.86971521, v_double = 1.5909568749270892e-314, v_pointer = 0xbfef52d4}, { v_int = 134217728, v_uint = 134217728, v_long = 134217728, v_ulong = 134217728, v_int64 = 134217728, v_uint64 = 134217728, v_float = 3.85185989e-34, v_double = 6.631236846766476e-316, v_pointer = 0x8000000}}}, {g_type = 4096, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = -1221656236, v_uint = 3073311060, v_long = -1221656236, v_ulong = 3073311060, v_int64 = -4616382390293561004, v_uint64 = 13830361683415990612, v_float = -1.04311221e-05, v_double = -0.978597982197281, v_pointer = 0xb72f0154}}}, {g_type = 3220131912, data = {{ v_int = -1221982988, v_uint = 3072984308, v_long = -1221982988, v_ulong = 3072984308, v_int64 = -4616382338754280204, v_uint64 = 13830361734955271412, v_float = -1.01339429e-05, v_double = -0.97860370420690268, v_pointer = 0xb72a04f4}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = -4616382255927918592, v_uint64 = 13830361817781633024, v_float = 0, v_double = -0.97861289978027344, v_pointer = 0x0}}}, { g_type = 3072984212, data = {{v_int = 136220512, v_uint = 136220512, v_long = 136220512, v_ulong = 136220512, v_int64 = -4616382341691044000, v_uint64 = 13830361732018507616, v_float = 4.7714932e-34, v_double = -0.97860337816062426, v_pointer = 0x81e8f60}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 3073311060, data = {{ v_int = -1074835284, v_uint = 3220132012, v_long = -1074835284, v_ulong = 3220132012, v_int64 = -4616382682204516180, v_uint64 = 13830361391505035436, v_float = -1.86964941, v_double = -0.97856557357092333, v_pointer = 0xbfef50ac}, { v_int = -1221873371, v_uint = 3073093925, v_long = -1221873371, v_ulong = 3073093925, v_int64 = -4616382338754170587, v_uint64 = 13830361734955381029, v_float = -1.02336389e-05, v_double = -0.97860370421907261, v_pointer = 0xb72bb125}}}, { g_type = 137633824, data = {{v_int = -1074835352, v_uint = 3220131944, v_long = -1074835352, v_ulong = 3220131944, v_int64 = -5241905292606746520, v_uint64 = 13204838781102805096, v_float = -1.8696413, v_double = -1.5256318860941175e-42, v_pointer = 0xbfef5068}, {v_int = -1220476184, v_uint = 3074491112, v_long = -1220476184, v_ulong = 3074491112, v_int64 = 3074491112, v_uint64 = 3074491112, v_float = -1.15043731e-05, v_double = 1.5190004368834523e-314, v_pointer = 0xb74102e8}}}, { g_type = 3220132232, data = {{v_int = -1221961293, v_uint = 3073006003, v_long = -1221961293, v_ulong = 3073006003, v_int64 = -4616382390293866061, v_uint64 = 13830361683415685555, v_float = -1.01536743e-05, v_double = -0.97859798216341287, v_pointer = 0xb72a59b3}, {v_int = 2, v_uint = 2, v_long = 2, v_ulong = 2, v_int64 = -4616382393366872062, v_uint64 = 13830361680342679554, v_float = 2.80259693e-45, v_double = -0.97859764099121116, v_pointer = 0x2}}}, { g_type = 137634164, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = -7378697627765833728, v_uint64 = 11068046445943717888, v_float = 0, v_double = -2.3534379293677286e-185, v_pointer = 0x0}, { v_int = 1069128089, v_uint = 1069128089, v_long = 1069128089, v_ulong = 1069128089, v_int64 = 1069128089, v_uint64 = 1069128089, v_float = 1.44999993, v_double = 5.2821945977880272e-315, v_pointer = 0x3fb99999}}}, {g_type = 137633824, data = {{ v_int = 136220512, v_uint = 136220512, v_long = 136220512, v_ulong = 136220512, v_int64 = -1374462183955591328, v_uint64 = 17072281889753960288, v_float = 4.7714932e-34, v_double = -4.9863906224439929e+216, v_pointer = 0x81e8f60}, { v_int = -1074835284, v_uint = 3220132012, v_long = -1074835284, v_ulong = 3220132012, v_int64 = -5246973577354325844, v_uint64 = 13199770496355225772, v_float = -1.86964941, v_double = -6.9516061352360553e-43, v_pointer = 0xbfef50ac}}}, { g_type = 136220512, data = {{v_int = -1074835208, v_uint = 3220132088, v_long = -1074835208, v_ulong = 3220132088, v_int64 = 3220132088, v_uint64 = 3220132088, v_float = -1.86965847, v_double = 1.5909566397518418e-314, v_pointer = 0xbfef50f8}, { v_int = 1, v_uint = 1, v_long = 1, v_ulong = 1, v_int64 = 1, v_uint64 = 1, v_float = 1.40129846e-45, v_double = 4.9406564584124654e-324, v_pointer = 0x1}}}, {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 51539607552, v_uint64 = 51539607552, v_float = 0, v_double = 2.5463949491583268e-313, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {g_type = 0, data = {{ v_int = 1072693248, v_uint = 1072693248, v_long = 1072693248, v_ulong = 1072693248, v_int64 = 1072693248, v_uint64 = 1072693248, v_float = 1.875, v_double = 5.2998088236266445e-315, v_pointer = 0x3ff00000}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = -5219704055823073280, v_uint64 = 13227040017886478336, v_float = 0, v_double = -4.5754168378574188e-41, v_pointer = 0x0}}}, {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 4607182418800017408, v_uint64 = 4607182418800017408, v_float = 0, v_double = 1, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = -5246973580574457856, v_uint64 = 13199770493135093760, v_float = 0, v_double = -6.9516035702529248e-43, v_pointer = 0x0}}}, { g_type = 136220512, data = {{v_int = -1212046031, v_uint = 3082921265, v_long = -1212046031, v_ulong = 3082921265, v_int64 = 591132604187649329, v_uint64 = 591132604187649329, v_float = -2.30843161e-05, v_double = 3.8094070061944305e-269, v_pointer = 0xb7c1a531}, {v_int = 136220524, v_uint = 136220524, v_long = 136220524, v_ulong = 136220524, v_int64 = 68855697260, v_uint64 = 68855697260, v_float = 4.77149871e-34, v_double = 3.401923453661125e-313, v_pointer = 0x81e8f6c}}}, { g_type = 3080465984, data = {{v_int = 9321, v_uint = 9321, v_long = 9321, v_ulong = 9321, v_int64 = 4606511291505321065, v_uint64 = 4606511291505321065, v_float = 1.3061503e-41, v_double = 0.92548990249737273, v_pointer = 0x2469}, { v_int = 136220524, v_uint = 136220524, v_long = 136220524, v_ulong = 136220524, v_int64 = 136220524, v_uint64 = 136220524, v_float = 4.77149871e-34, v_double = 6.7301881166893025e-316, v_pointer = 0x81e8f6c}}}} free_me = (GValue *) 0x0 signal_return_type = 20 param_values = (GValue *) 0xbfef4ff0 node = (SignalNode *) 0x80f9328 i = 1 n_params = 1 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #12 0xb6f45369 in IA__g_signal_emit (instance=0x8280028, signal_id=43, detail=0) at gsignal.c:2243 var_args = 0xbfef521c "ÔRï¿8Rï¿ÔRï¿(" #13 0xb767cd37 in gtk_widget_event_internal (widget=0x8280028, event=0xbfef52d4) at gtkwidget.c:4675 signal_num = <value optimized out> return_val = 0 #14 0xb75572b0 in IA__gtk_main_do_event (event=0xbfef52d4) at gtkmain.c:1514 event_widget = (GtkWidget *) 0x8280028 grab_widget = (GtkWidget *) 0x8280028 window_group = (GtkWindowGroup *) 0x811d140 rewritten_event = (GdkEvent *) 0x0 tmp_list = <value optimized out> __PRETTY_FUNCTION__ = "IA__gtk_main_do_event" #15 0xb73bd783 in gdk_window_process_updates_internal (window=0x82f11a0) at gdkwindow.c:2378 event = {type = GDK_EXPOSE, any = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0'}, expose = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', area = {x = 0, y = 0, width = 449, height = 512}, region = 0x832ec20, count = 0}, no_expose = { type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0'}, visibility = { type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', state = GDK_VISIBILITY_UNOBSCURED}, motion = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', time = 0, x = 9.5277611014340727e-312, y = 3.581782919572299e-269, axes = 0x0, state = 3220132632, is_hint = -9413, device = 0xb74102e8, x_root = -0.97890090942382812, y_root = -1.5256318395826248e-42}, button = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', time = 0, x = 9.5277611014340727e-312, y = 3.581782919572299e-269, axes = 0x0, state = 3220132632, button = 3074153275, device = 0xb74102e8, x_root = -0.97890090942382812, y_root = -1.5256318395826248e-42}, scroll = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', time = 0, x = 9.5277611014340727e-312, y = 3.581782919572299e-269, state = 0, direction = 3220132632, device = 0xb73bdb3b, x_root = 1.5190004368834523e-314, y_root = -1.2491116692004242e-42}, key = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', time = 0, state = 0, keyval = 449, length = 512, string = 0x832ec20 "\002", hardware_keycode = 0, group = 0 '\0', is_modifier = 0}, crossing = { type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', subwindow = 0x0, time = 0, x = 1.0864618451960549e-311, y = 6.7961188056117168e-316, x_root = -1.2491233010724399e-42, y_root = 1.5190004368834523e-314, mode = 3220132648, detail = 3074153258, focus = -1220476184, state = 137302432}, focus_change = { type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', in = -18698}, configure = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', x = 0, y = 0, width = 449, height = 512}, property = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', atom = 0x0, time = 0, state = 449}, selection = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', selection = 0x0, target = 0x0, property = 0x1c1, time = 512, requestor = 137554976}, owner_change = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', owner = 0, reason = GDK_OWNER_CHANGE_NEW_OWNER, selection = 0x1c1, time = 512, selection_time = 137554976}, proximity = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', time = 0, device = 0x0}, client = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', message_type = 0x0, data_format = 0, data = { b = "Á\001\000\000\000\002\000\000 ì2\b\000\000\000\000\030Sï¿", s = { 449, 0, 512, 0, -5088, 2098, 0, 0, 21272, -16401}, l = {449, 512, 137554976, 0, -1074834664}}}, dnd = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', context = 0x0, time = 0, x_root = 449, y_root = 0}, window_state = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', changed_mask = 0, new_window_state = 0}, setting = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', action = GDK_SETTING_ACTION_NEW, name = 0x0}, grab_broken = {type = GDK_EXPOSE, window = 0x82f11a0, send_event = 0 '\0', keyboard = 0, implicit = 0, grab_window = 0x1c1}} window_rect = {x = 0, y = 0, width = 449, height = 512} expose_region = (GdkRegion *) 0x832ec20 window_region = (GdkRegion *) 0x8310560 width = 449 height = 512 save_region = 1 #16 0xb73bde18 in IA__gdk_window_process_all_updates () at gdkwindow.c:2444 old_update_windows = (GSList *) 0x820d550 tmp_list = (GSList *) 0x820d550 #17 0xb74bfacf in gtk_container_idle_sizer (data=0x0) at gtkcontainer.c:1307 No locals. #18 0xb73a3dcb in gdk_threads_dispatch (data=0x83571c0) at gdk.c:470 ret = 0 #19 0xb6e87041 in g_idle_dispatch (source=0x834e8f8, callback=0x83633a0, user_data=0x83571c0) at gmain.c:4142 No locals. #20 0xb6e88c1f in IA__g_main_context_dispatch (context=0x80ed608) at gmain.c:2064 No locals. #21 0xb6e8c0cf in g_main_context_iterate (context=0x80ed608, block=1, dispatch=1, self=0x80c02a8) at gmain.c:2697 got_ownership = <value optimized out> max_priority = 110 timeout = 0 some_ready = 1 nfds = <value optimized out> allocated_nfds = <value optimized out> fds = (GPollFD *) 0x8341a28 __PRETTY_FUNCTION__ = "g_main_context_iterate" #22 0xb6e8c479 in IA__g_main_loop_run (loop=0x811d858) at gmain.c:2905 got_ownership = -1212046048 self = (GThread *) 0x80c02a8 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #23 0xb7557514 in IA__gtk_main () at gtkmain.c:1163 tmp_list = (GList *) 0x0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x2 loop = (GMainLoop *) 0x811d858 #24 0x0808b130 in main (argc=1, argv=Cannot access memory at address 0x84 ) at main.c:396 enable_metadata = 1 context = <value optimized out> args = (GHashTable *) 0x8117d90 program = (GnomeProgram *) 0x80c8c58 271 c = state.aes.buf[state.aes.bufIdx++];" Thanks,
Can reproduce with current poppler (master branch) using Qt4 test tools.
It is very ugly in valgrind (just spins after this): [bradh@conferta tests]$ valgrind ./test-poppler-qt4 ~/samples/pdf/bug13972.pdf ==7719== Memcheck, a memory error detector. ==7719== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==7719== Using LibVEX rev 1730, a library for dynamic binary translation. ==7719== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==7719== Using valgrind-3.4.0.SVN, a dynamic binary instrumentation framework. ==7719== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==7719== For more details, rerun with: -v ==7719== ==7719== Conditional jump or move depends on uninitialised value(s) ==7719== at 0x4F5FD9D: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:127) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F6BD07: XRef::fetch(int, int, Object*) (XRef.cc:906) ==7719== by 0x4F05963: Catalog::Catalog(XRef*) (XRef.h:79) ==7719== by 0x4F60978: PDFDoc::setup(GooString*, GooString*) (PDFDoc.cc:206) ==7719== by 0x4F60B6E: PDFDoc::PDFDoc(GooString*, GooString*, GooString*, void*) (PDFDoc.cc:102) ==7719== by 0x4C459DA: Poppler::Document::load(QString const&, QByteArray const&, QByteArray const&) (poppler-private.h:106) ==7719== by 0x404E54: main (test-poppler-qt4.cpp:108) ==7719== ==7719== Invalid read of size 1 ==7719== at 0x4F0C11E: DecryptStream::getChar() (Decrypt.cc:271) ==7719== by 0x4F5FD97: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:127) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F6BD07: XRef::fetch(int, int, Object*) (XRef.cc:906) ==7719== by 0x4F05963: Catalog::Catalog(XRef*) (XRef.h:79) ==7719== by 0x4F60978: PDFDoc::setup(GooString*, GooString*) (PDFDoc.cc:206) ==7719== by 0x4F60B6E: PDFDoc::PDFDoc(GooString*, GooString*, GooString*, void*) (PDFDoc.cc:102) ==7719== by 0x4C459DA: Poppler::Document::load(QString const&, QByteArray const&, QByteArray const&) (poppler-private.h:106) ==7719== by 0x404E54: main (test-poppler-qt4.cpp:108) ==7719== Address 0x97a7e08 is 0 bytes after a block of size 328 alloc'd ==7719== at 0x4A06579: operator new(unsigned long) (vg_replace_malloc.c:230) ==7719== by 0x4F5FD4B: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:125) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F600B4: Parser::getObj(Object*, unsigned char*, CryptAlgorithm, int, int, int) (Parser.cc:86) ==7719== by 0x4F6BD07: XRef::fetch(int, int, Object*) (XRef.cc:906) ==7719== by 0x4F05963: Catalog::Catalog(XRef*) (XRef.h:79) ==7719== by 0x4F60978: PDFDoc::setup(GooString*, GooString*) (PDFDoc.cc:206) ==7719== by 0x4F60B6E: PDFDoc::PDFDoc(GooString*, GooString*, GooString*, void*) (PDFDoc.cc:102) ==7719== by 0x4C459DA: Poppler::Document::load(QString const&, QByteArray const&, QByteArray const&) (poppler-private.h:106) ==7719== by 0x404E54: main (test-poppler-qt4.cpp:108) ==7719== ==7719== ERROR SUMMARY: 2967270 errors from 2 contexts (suppressed: 4 from 1) ==7719== malloc/free: in use at exit: 3,584,288 bytes in 3,975 blocks. ==7719== malloc/free: 25,074 allocs, 21,099 frees, 21,535,259,242 bytes allocated. ==7719== For counts of detected errors, rerun with: -v ==7719== searching for pointers to 3,975 not-freed blocks. ==7719== checked 1,292,208 bytes. ==7719== ==7719== LEAK SUMMARY: ==7719== definitely lost: 3,323,330 bytes in 32 blocks. ==7719== possibly lost: 1,656 bytes in 35 blocks. ==7719== still reachable: 259,302 bytes in 3,908 blocks. ==7719== suppressed: 0 bytes in 0 blocks. ==7719== Rerun with --leak-check=full to see details of leaked memory.
i tracked it a bit yesterday and seems like the aesDecryptBlock was not filling all the values of state.aes.buf but could not have much more in depth look, it have passed 5 years since i implemented an aes function so i really don't remember much of it :D
*** Bug 16092 has been marked as a duplicate of this bug. ***
*** Bug 17523 has been marked as a duplicate of this bug. ***
Will not crash anymore with poppler 0.9.1
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.