Ubuntu
evince package

evince segfaults on scrolling

Bug #307694 reported by Florian Hars
22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: evince

If I open the attached postscript file (generated by a2ps, so probably of dubious technical correctnes) with a magnification of 125% and then scroll down, I get a segfault (see below).
If I change the magnification to 150%, scroll down and up again, and then set the magnification to 125%, I can scroll down and up without crash. If I then change to 100% and scroll down and up, everything works, but if I then change to 125% and scroll down, it crashes again in the same location.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6fd9700 (LWP 14532)]
0xb7438b56 in memcpy () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7438b56 in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1 0xb2e55b34 in ?? ()
#2 0xb769cccb in ?? () from /usr/lib/libX11.so.6
#3 0xb769d1c4 in XPutImage () from /usr/lib/libX11.so.6
#4 0xb78dec14 in ?? () from /usr/lib/libcairo.so.2
#5 0xb78e283a in ?? () from /usr/lib/libcairo.so.2
#6 0xb78c77f3 in ?? () from /usr/lib/libcairo.so.2
#7 0xb78bd939 in ?? () from /usr/lib/libcairo.so.2
#8 0xb78befac in ?? () from /usr/lib/libcairo.so.2
#9 0xb78e2327 in ?? () from /usr/lib/libcairo.so.2
#10 0xb78c7549 in ?? () from /usr/lib/libcairo.so.2
#11 0xb78c9b0f in ?? () from /usr/lib/libcairo.so.2
#12 0xb78ca13a in ?? () from /usr/lib/libcairo.so.2
#13 0xb78c6ca6 in ?? () from /usr/lib/libcairo.so.2
#14 0xb78ae56e in ?? () from /usr/lib/libcairo.so.2
#15 0xb78a8893 in cairo_paint () from /usr/lib/libcairo.so.2
#16 0x0807b150 in ?? ()
#17 0xb7dd8036 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#18 0xb75fd3c9 in ?? () from /usr/lib/libgobject-2.0.so.0
#19 0xb75fec4b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#20 0xb7614d3d in ?? () from /usr/lib/libgobject-2.0.so.0
#21 0xb761662b in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#22 0xb7616c26 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#23 0xb7dd433e in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#24 0xb7cb913d in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#25 0xb78f69b5 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#26 0xb78f6fcf in gdk_window_process_all_updates ()
   from /usr/lib/libgdk-x11-2.0.so.0
#27 0xb78f6ffb in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#28 0xb78da46b in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#29 0xb74567c1 in ?? () from /usr/lib/libglib-2.0.so.0
#30 0xb74586f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#31 0xb745bda3 in ?? () from /usr/lib/libglib-2.0.so.0
#32 0xb745c2c2 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#33 0xb7cb93a9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#34 0x080917fb in ?? ()
#35 0xb72bd685 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#36 0x0805e071 in ?? ()

-----------------------------
Description: Ubuntu 8.10
Release: 8.10

evince:
  Installed: 2.24.1-0ubuntu1
  Candidate: 2.24.1-0ubuntu1
  Version table:
 *** 2.24.1-0ubuntu1 0
        500 http://de.archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

Revision history for this message
Florian Hars (hars) wrote :
  • s.ps Edit (18.2 KiB, application/postscript)
Revision history for this message
Ilya Barygin (randomaction) wrote :

Evince crashed when I opened this file and set magnification to 125%. No scrolling was required.

The output of evince:

evince: /build/buildd/cairo-1.8.0/src/cairo-xlib-surface.c:934: _draw_image_surface: Assertion `ret != 0' failed.
Aborted (core dumped)

From /var/log/apport.log:

apport (pid 6976) Sat Dec 13 18:00:05 2008: called for pid 6973, signal 6
apport (pid 6976) Sat Dec 13 18:00:05 2008: executable: /usr/bin/evince (command line "evince s.ps")
apport (pid 6976) Sat Dec 13 18:00:05 2008: Ignoring SIGABRT

FWIW, my screen resolution is 1280x1024. Version of evince is 2.24.1-0ubuntu1.

Revision history for this message
Dimitrios Symeonidis (azimout) wrote :

on my system it didn't crash when opening, but after setting zoom=125% and trying to scroll. the fact that at 100% zoom this single-page document fits on my screen might explain why it crashed on ilya's machine and not on mine or florian's...

florian, could you file this bug upstream? do you need help with that?

Changed in evince:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Connor Imes (ckimes) wrote :

I was able to reproduce this bug in Intrepid, but not in Jaunty testing. I'll mark it as Triaged and let a developer decide if the problem was already fixed, or if I just got lucky. Thank you for reporting this.

connor@jaunty-testing:~$ apt-cache policy evince
evince:
  Installed: 2.24.1-1ubuntu2
  Candidate: 2.24.1-1ubuntu2
  Version table:
 *** 2.24.1-1ubuntu2 0
        500 http://mirrors.easynews.com jaunty/main Packages
        100 /var/lib/dpkg/status

connor@jaunty-testing:~$ lsb_release -rd
Description: Ubuntu jaunty (development branch)
Release: 9.04

connor@jaunty-testing:~$ uname -a
Linux jaunty-testing 2.6.28-2-generic #3-Ubuntu SMP Thu Dec 4 21:49:06 UTC 2008 i686 GNU/Linux

Changed in evince:
status: Confirmed → Triaged
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. However, your crash report is either missing or challenging to deal with as a '.crash' file. Please follow these instructions to have apport report a new bug about your crash that can be dealt with by the automatic retracer.

 If you are running the Ubuntu Stable Release you might need to enable apport in /etc/default/apport and restart.

 If you are using Ubuntu with the Gnome desktop environment - launch nautilus and navigate to your /var/crash directory and double click on the crash report you wish to submit.

 If you are using Kubuntu or Xubuntu you can file the crash using /usr/share/apport/apport-qt --crash-file=/var/crash/_my_crash_report.crash in a terminal - where _my_crash_report.crash is the crash you would like to report.
 I'm closing this bug report since the process outlined above will automatically open a new bug report which can then dealt with more efficiently. Thanks in advance for your cooperation and understanding.

Changed in evince:
assignee: nobody → desktop-bugs
status: Triaged → Invalid
Revision history for this message
sabacon10 (sabacon10) wrote :

This bug is still present in Karmic, after scrolling to the end of a postscript file created with pcal Evince crashed, if i try to change the zoom level evince also crashes.

got this from syslog.

kernel: [25264.392283] evince[2840]: segfault at b48d5000 ip 0103b056 sp bf87a138 error 4 in libc-2.10.1.so[fc6000+13e000]

Revision history for this message
Timmy Shih Jun Yee (shijun) wrote :

I've confirmed this bug still occurs in Lucid (with Evince 2.30.3-0ubuntu1.1).

Okular does not crash with s.ps, so this is not a libspectre bug.

If anyone is wondering where the apport crash report is, that's in bug 310110.

Changed in evince (Ubuntu):
status: Invalid → Confirmed
Revision history for this message
Timmy Shih Jun Yee (shijun) wrote :

This bug does not occur on Maverick (evince 2.32.0-0ubuntu1).

Changed in evince (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.