this report has been filed here: https://bugs.edge.launchpad.net/ubuntu/+source/poppler/+bug/633574 "Reproduces when scrolling down to page 4 of http://www.ctan.org/tex-archive/macros/latex/contrib/microtype/microtype.pdf on at least x86-64 architecture." "Hilo 5 (Thread 0xb2f12b70 (LWP 22406)): #0 OptionalContentGroup::getRef (this=0x0) at OptionalContent.cc:314 No locales. #1 0x051c58ca in get_layer_for_ref (document=<value optimized out>, layers=<value optimized out>, ref=0xb245abe0, preserve_rb=1) at poppler-action.cc:533 layer = <value optimized out> ocgRef = <value optimized out> l = 0x225017b0 #2 0x051c61b7 in build_ocg_state (document=0x22678320, link=0xb2395830, title=0x0) at poppler-action.cc:586 layer = <value optimized out> list = 0xb23e3e78 preserve_rb = 1 i = 0 layer_state = 0x0 st_list = 0xb24c33e8 j = 1 #3 _poppler_action_new (document=0x22678320, link=0xb2395830, title=0x0) at poppler-action.cc:645 No locales. #4 0x051ccf1f in poppler_page_get_link_mapping (page=0x226e7ee0) at poppler-page.cc:1261 link_action = <value optimized out> link = 0xb239b160 i = 0 obj = {type = objNone, {booln = -1303332392, intg = -1303332392, uintg = 2991634904, real = 1.4780640309659756e-314, string = 0xb250b9d8, name = 0xb250b9d8 "Ȗn\"\360\271P\262\b", array = 0xb250b9d8, dict = 0xb250b9d8, stream = 0xb250b9d8, ref = { num = -1303332392, gen = 0}, cmd = 0xb250b9d8 "Ȗn\"\360\271P\262\b"}} __PRETTY_FUNCTION__ = "GList* poppler_page_get_link_mapping(PopplerPage*)" map_list = <value optimized out> width = 595.27600000000007 height = 841.88999999999999 #5 0x00c68e7c in pdf_document_links_get_links (document_links=0x224e3ec8, page=0xb23a0e00) at /build/buildd/evince-2.31.90/./backend/pdf/ev-poppler.cc:1268 pdf_document = 0x224e3ec8 retval = 0x226ec2e8 list = <value optimized out> mapping_list = 0x0 height = <value optimized out> #6 0x00df467a in ev_document_links_get_links (document_links=0x224e3ec8, page=0xb23a0e00) at /build/buildd/evince-2.31.90/./libdocument/ev-document-links.c:63 No locales. #7 0x00599363 in ev_job_page_data_run (job=0x224a05a8) at /build/buildd/evince-2.31.90/./libview/ev-jobs.c:692 job_pd = 0x224a05a8 ev_page = 0xb23a0e00 #8 0x00596361 in ev_job_run (job=0x224a05a8) at /build/buildd/evince-2.31.90/./libview/ev-jobs.c:214 No locales. #9 0x0059a358 in ev_job_thread (data=0x0) at /build/buildd/evince-2.31.90/./libview/ev-job-scheduler.c:183 result = <value optimized out> #10 ev_job_thread_proxy (data=0x0) at /build/buildd/evince-2.31.90/./libview/ev-job-scheduler.c:213 job = 0x2273af28 #11 0x00642eef in g_thread_create_proxy (data=0x2265f3d8) at /build/buildd/glib2.0-2.25.15/glib/gthread.c:1897 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #12 0x006d3cc9 in start_thread (arg=0xb2f12b70) at pthread_create.c:304 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = 0xb2f12b70 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7229428, 0, 4001536, -1292819704, -2019742684, -1080008895}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #13 0x008706ae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locales. Hilo 4 (Thread 0xb63e2b70 (LWP 22401)): #0 0x00995416 in __kernel_vsyscall () No symbol table info available. #1 0x006d8884 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locales. #2 0x002e6ede in g_cond_timed_wait_posix_impl (cond=0xfffffdfc, entered_mutex=0x1, abs_time=0xb63e2198) at /build/buildd/glib2.0-2.25.15/gthread/gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1284062473, tv_nsec = 449946000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #3 0x005ed22c in g_async_queue_pop_intern_unlocked (queue=0x224ec720, try=<value optimized out>, end_time=0xb63e2198) at /build/buildd/glib2.0-2.25.15/glib/gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #4 0x005ed35d in g_async_queue_timed_pop (queue=0x224ec720, end_time=0xb63e2198) at /build/buildd/glib2.0-2.25.15/glib/gasyncqueue.c:549 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_timed_pop" #5 0x00644d97 in g_thread_pool_wait_for_new_pool (data=0x224ee2f0) at /build/buildd/glib2.0-2.25.15/glib/gthreadpool.c:170 end_time = {tv_sec = 1284062473, tv_usec = 449946} local_max_idle_time = 15000 local_max_unused_threads = 2 last_wakeup_thread_serial = <value optimized out> have_relayed_thread_marker = 0 #6 g_thread_pool_thread_proxy (data=0x224ee2f0) at /build/buildd/glib2.0-2.25.15/glib/gthreadpool.c:373 task = <value optimized out> pool = <value optimized out> #7 0x00642eef in g_thread_create_proxy (data=0x224ee758) at /build/buildd/glib2.0-2.25.15/glib/gthread.c:1897 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #8 0x006d3cc9 in start_thread (arg=0xb63e2b70) at pthread_create.c:304 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = 0xb63e2b70 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7229428, 0, 4001536, -1237441784, 429730861, -1080008895}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0x008706ae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locales. Hilo 2 (Thread 0xb73e4b70 (LWP 22399)): #0 0x00995416 in __kernel_vsyscall () No symbol table info available. #1 0x00861de6 in __poll (fds=0x8f9ff4, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = <value optimized out> oldtype = 0 result = <value optimized out> #2 0x0062925b in g_poll (fds=0x224eb890, nfds=3, timeout=-1) at /build/buildd/glib2.0-2.25.15/glib/gpoll.c:126 No locales. #3 0x0061bbfc in g_main_context_poll (context=0x224e9098, block=<value optimized out>, dispatch=1, self=0x224cd420) at /build/buildd/glib2.0-2.25.15/glib/gmain.c:3063 poll_func = 0x629230 <g_poll> #4 g_main_context_iterate (context=0x224e9098, block=<value optimized out>, dispatch=1, self=0x224cd420) at /build/buildd/glib2.0-2.25.15/glib/gmain.c:2745 max_priority = 2147483647 timeout = -1 some_ready = <value optimized out> nfds = 3 allocated_nfds = <value optimized out> fds = <value optimized out> __PRETTY_FUNCTION__ = "g_main_context_iterate" #5 0x0061c367 in g_main_loop_run (loop=0x224cd3d0) at /build/buildd/glib2.0-2.25.15/glib/gmain.c:2958 self = 0x224cd420 __PRETTY_FUNCTION__ = "g_main_loop_run" #6 0x004eea64 in shared_thread_func (data=0x0) at /build/buildd/glib2.0-2.25.15/gio/gdbusprivate.c:248 No locales. #7 0x00642eef in g_thread_create_proxy (data=0x224cd420) at /build/buildd/glib2.0-2.25.15/glib/gthread.c:1897 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #8 0x006d3cc9 in start_thread (arg=0xb73e4b70) at pthread_create.c:304 __res = <value optimized out> __ignore1 = <value optimized out> __ignore2 = <value optimized out> pd = 0xb73e4b70 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {7229428, 0, 4001536, -1220656376, 425536559, -1080008895}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0x008706ae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locales. Hilo 1 (Thread 0xb7781850 (LWP 22396)): #0 0x00995416 in __kernel_vsyscall () No symbol table info available. #1 0x00861de6 in __poll (fds=0x8f9ff4, nfds=5, timeout=216) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = <value optimized out> oldtype = 0 result = <value optimized out> #2 0x0062925b in g_poll (fds=0x224f58d0, nfds=5, timeout=216) at /build/buildd/glib2.0-2.25.15/glib/gpoll.c:126 No locales. #3 0x0061bbfc in g_main_context_poll (context=0x224898c8, block=<value optimized out>, dispatch=1, self=0x22472028) at /build/buildd/glib2.0-2.25.15/glib/gmain.c:3063 poll_func = 0x629230 <g_poll> #4 g_main_context_iterate (context=0x224898c8, block=<value optimized out>, dispatch=1, self=0x22472028) at /build/buildd/glib2.0-2.25.15/glib/gmain.c:2745 max_priority = 2147483647 timeout = 216 some_ready = <value optimized out> nfds = 5 allocated_nfds = <value optimized out> fds = <value optimized out> __PRETTY_FUNCTION__ = "g_main_context_iterate" #5 0x0061c367 in g_main_loop_run (loop=0x224f5b90) at /build/buildd/glib2.0-2.25.15/glib/gmain.c:2958 self = 0x22472028 __PRETTY_FUNCTION__ = "g_main_loop_run" #6 0x0100e749 in IA__gtk_main () at /build/buildd/gtk+2.0-2.21.7/gtk/gtkmain.c:1237 tmp_list = 0x0 functions = 0x0 init = 0x0 loop = 0x224f5b90 #7 0x00b05282 in main ()"
I reproduced this bug with the poppler-glib-demo included with poppler with the same PDF file. What I do reproduce the crash is I run the poppler-glib-demo included with poppler in poppler/glib/demo, go to Links, go to page 4, click "Get Links" and get a segmentation fault with the same backtrace. This is with poppler-0.14.2 which is 4 commits back. Here is the backtrace, which is like the other one attached: poppler-0.14.2.real/glib/demo/.libs/poppler-glib-demo ../../../microtype.pdf [Thread debugging using libthread_db enabled] Document successfully loaded in 0.0066 seconds Program received signal SIGSEGV, Segmentation fault. OptionalContentGroup::getRef (this=0x0) at OptionalContent.cc:314 314 OptionalContent.cc: No such file or directory. in OptionalContent.cc (gdb) backtrace full #0 OptionalContentGroup::getRef (this=0x0) at OptionalContent.cc:314 No locals. #1 0x00007ffff7bb9f20 in get_layer_for_ref (document=0x6a31c0, layers=0x84a840, ref=0x8a8ef0, preserve_rb=1) at poppler-action.cc:533 layer = 0x847080 ocgRef = {num = 9337824, gen = 0} l = 0x84a840 #2 0x00007ffff7bba77e in build_ocg_state (document=0x6a31c0, link=<value optimized out>, title=<value optimized out>) at poppler-action.cc:586 layer = <value optimized out> list = 0x8a8f10 preserve_rb = 1 i = 0 layer_state = 0x0 st_list = 0x8a8ed0 j = 1 #3 _poppler_action_new (document=0x6a31c0, link=<value optimized out>, title=<value optimized out>) at poppler-action.cc:645 No locals. #4 0x00007ffff7bc0ab3 in poppler_page_get_link_mapping (page=0x8d2b80) at poppler-page.cc:1261 link_action = <value optimized out> link = 0x75ccc0 i = 0 obj = {type = objNone, {booln = 7119280, intg = 7119280, uintg = 7119280, real = 3.5173916711246697e-317, string = 0x6ca1b0, name = 0x6ca1b0 "\340>l", array = 0x6ca1b0, dict = 0x6ca1b0, stream = 0x6ca1b0, ref = {num = 7119280, gen = 0}, cmd = 0x6ca1b0 "\340>l"}} __PRETTY_FUNCTION__ = "GList* poppler_page_get_link_mapping(PopplerPage*)" map_list = <value optimized out> width = 595.27600000000007 height = 841.88999999999999 #5 0x000000000040fc73 in pgd_links_get_links (button=<value optimized out>, demo=0x81f6c0) at links.c:80 page = 0x8d2b80 mapping = 0x8db2c0 l = <value optimized out> timer = 0x8e7ac0 #6 0x00007ffff56e7afe in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 No symbol table info available. [...]
There were actually two problems with the layers in this document. Layers tree was not correctly built, and of course the crash with the action layer. I've just fixed both issues in master and poppler-0.14 branch. Thanks for reporting.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.