Bug 4350 - segfault in JArithmeticDecoder::~JArithmeticDecoder()
Summary: segfault in JArithmeticDecoder::~JArithmeticDecoder()
Status: RESOLVED FIXED
Alias: None
Product: poppler
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: high critical
Assignee: Kristian Høgsberg
QA Contact:
URL:
Whiteboard:
Keywords: have-backtrace
: 5101 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-09-04 13:18 UTC by Nicholas Miell
Modified: 2005-12-03 14:17 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
The crashing PDF (161.07 KB, application/pdf)
2005-09-04 13:19 UTC, Nicholas Miell 		Details
View All

Description Nicholas Miell 2005-09-04 13:18:43 UTC 
When viewing a file I will attach shortly, evince crashes as follows:

Starting program: /usr/bin/evince 151108.pdf
[Thread debugging using libthread_db enabled]
[New Thread 46912496403040 (LWP 3425)]
[New Thread 1084229984 (LWP 3455)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1084229984 (LWP 3455)]
0x0000003ea79987cf in ~JArithmeticDecoder (this=0x2aaaae756020)
    at JArithmeticDecoder.cc:107
107	  return (Guint)str->getChar() & 0xff;
Current language:  auto; currently c++
$1 = (class Stream *) 0x0
#0  0x0000003ea79987cf in ~JArithmeticDecoder (this=0x2aaaae756020)
    at JArithmeticDecoder.cc:107
#1  0x0000003ea799a47a in ~JBIG2Stream (this=0x2aaaae56d320)
    at JBIG2Stream.cc:1124
#2  0x0000003ea79b06dc in Object::free (this=0x409ffed0) at Object.cc:129
#3  0x0000003ea797e220 in Gfx::opXObject (this=0x2aaaae51c910, 
    args=0x409fff20, numArgs=Variable "numArgs" is not available.
) at Gfx.cc:2526
#4  0x0000003ea797a7ae in Gfx::go (this=0x2aaaae51c910, topLevel=1)
    at Gfx.cc:551
#5  0x0000003ea797b169 in Gfx::display (this=0x2aaaae51c910, obj=Variable "obj"
is not available.
) at Gfx.cc:523
#6  0x0000003ea79b179c in Page::display (this=Variable "this" is not available.
) at Page.cc:409
#7  0x0000003ea7707c18 in poppler_page_get_text_output_dev (
    page=0x2aaaae7f7d60) at poppler-page.cc:324
#8  0x0000003ea77081bb in poppler_page_get_selection_region (page=Variable
"page" is not available.
) at poppler-page.cc:349
#9  0x0000000000442b74 in pdf_selection_get_selection_map (selection=0x7de4b0, 
    rc=Variable "rc" is not available.
) at ev-poppler.cc:1236
#10 0x000000000041e5eb in ev_job_render_run (job=Variable "job" is not available.
) at ev-jobs.c:302
#11 0x000000000041cf3a in handle_job (job=0x8354a0) at ev-job-queue.c:104
#12 0x000000000041d02f in ev_render_thread (data=Variable "data" is not available.
) at ev-job-queue.c:187
#13 0x000000309743e4da in g_thread_create_proxy (data=Variable "data" is not
available.
) at gthread.c:561
#14 0x000000309640697c in start_thread (arg=Variable "arg" is not available.
) at pthread_create.c:261
#15 0x00000030959c992e in ?? () from /lib64/libc.so.6
#16 0x0000000000000000 in ?? ()
Continuing.
Detaching after fork from child process 3456.

Program exited with code 01.
Comment 1 Nicholas Miell 2005-09-04 13:19:10 UTC 
Created attachment 3167 [details]
The crashing PDF
Comment 2 Nicholas Miell 2005-09-04 13:21:02 UTC 
Some clarification, since gdb leaves out user commands when logging:

"$1 = (class Stream *) 0x0" is the result of "print str"
Comment 3 Nickolay V. Shmyrev 2005-11-19 21:29:38 UTC 
Already 3 dups in evince bugzilla. Need to looks closer.
Comment 4 Kristian Høgsberg 2005-11-21 10:15:05 UTC 
This should be fixed on CVS HEAD, please give it a try.
Comment 5 Kristian Høgsberg 2005-11-21 10:17:38 UTC 
*** Bug 5101 has been marked as a duplicate of this bug. ***
Comment 6 Kristian Høgsberg 2005-12-04 09:17:02 UTC 
Closing bug.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.