Created attachment 82988 [details] this pdf document crashes evince. evince crashes on attached pdf. the backtrace tells it is in evince. but ther is a function in poppler that does not read the page number properly. poppler/poppler/Catalog.cc int Catalog::getNumPages() if the page number exeeds int range the type cast from double produces this error #0 g_logv (log_domain=0x7ffff578728e "GLib", log_level=G_LOG_LEVEL_ERROR, format=<optimized out>, args=args@entry=0x7fffffffd3d8) at gmessages.c:981 #1 0x00007ffff57255d2 in g_log (log_domain=log_domain@entry=0x7ffff578728e "GLib", log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x7ffff5790618 "%s: overflow allocating %lu*%lu bytes") at gmessages.c:1010 #2 0x00007ffff57240a1 in g_malloc0_n (n_blocks=n_blocks@entry=18446744071562067969, n_block_bytes=n_block_bytes@entry=8) at gmem.c:365 #3 0x00007ffff755fa8e in ev_view_build_height_to_page_cache (view=view@entry=0x9e6160, cache=cache@entry=0xa72950) at ev-view.c:321 #4 0x00007ffff75688c0 in ev_view_get_height_to_page_cache (view=0x9e6160) at ev-view.c:417 #5 setup_caches (view=0x9e6160) at ev-view.c:5170 #6 ev_view_document_changed_cb (model=0x76d460, pspec=<optimized out>, view=0x9e6160) at ev-view.c:5340 #7 0x00007ffff5a0c2a0 in g_closure_invoke (closure=0x9e5420, return_value=0x0, n_param_values=2, param_values=0x7fffffffd760, invocation_hint=0x7fffffffd700) at gclosure.c:777 #8 0x00007ffff5a1f120 in signal_emit_unlocked_R (node=node@entry=0x67b0b0, detail=detail@entry=1029, instance=instance@entry=0x76d460, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffd760) at gsignal.c:3584 #9 0x00007ffff5a2730d in g_signal_emit_valist (instance=0x76d460, signal_id=<optimized out>, detail=1029, var_args=var_args@entry=0x7fffffffd9b8) at gsignal.c:3328 #10 0x00007ffff5a27592 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3384 #11 0x00007ffff5a10d85 in g_object_dispatch_properties_changed (object=0x76d460, n_pspecs=1, pspecs=0x0) at gobject.c:1042 #12 0x00007ffff5a1344b in g_object_notify_by_spec_internal (pspec=0x758ed0, object=0x76d460) at gobject.c:1136 #13 g_object_notify (object=0x76d460, property_name=property_name@entry=0x7ffff756fc1c "document") at gobject.c:1178 #14 0x00007ffff754f9a5 in ev_document_model_set_document (model=<optimized out>, document=document@entry=0x756f00) at ev-document-model.c:381 #15 0x0000000000433a80 in ev_window_load_job_cb (job=0xa03320, data=<optimized out>) at ev-window.c:1607 #16 0x00007ffff5a0c567 in _g_closure_invoke_va (closure=0xa0b2f0, return_value=0x0, instance=0xa03320, args=0x7fffffffddf8, n_params=0, param_types=0x0) at gclosure.c:840 #17 0x00007ffff5a26d1b in g_signal_emit_valist (instance=0xa03320, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffddf8) at gsignal.c:3234 #18 0x00007ffff5a27592 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3384 #19 0x00007ffff7550da3 in emit_finished (job=<optimized out>) at ev-jobs.c:180 #20 emit_finished (job=<optimized out>) at ev-jobs.c:170 #21 0x00007ffff571e015 in g_main_dispatch (context=0x6ad190) at gmain.c:3058 #22 g_main_context_dispatch (context=context@entry=0x6ad190) at gmain.c:3634 #23 0x00007ffff571e358 in g_main_context_iterate (context=context@entry=0x6ad190, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3705 #24 0x00007ffff571e414 in g_main_context_iteration (context=0x6ad190, context@entry=0x0, may_block=may_block@entry=1) at gmain.c:3766 #25 0x00007ffff5cf34bc in g_application_run (application=0x6d14b0, argc=argc@entry=0, argv=argv@entry=0x0) at gapplication.c:1624 #26 0x000000000041c46b in main (argc=1, argv=0x7fffffffe198) at main.c:332
I don't see any of the demos, examples or commandline utils we ship in poppler crashes, yes we can return 0, but imho evince should also protect itself from bad values. Returning 0 should be easy, want to contribute a patch?
I think this was fixed in evince <https://bugzilla.gnome.org/show_bug.cgi?id=701302>. I can't get it to crash after commit 6230a6fae0 from 2013-05-31.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.