Ubuntu
poppler package

Crashes when selecting mathematical symbols in some PDF files

Bug #41661 reported by Francesco Accattapà
12
Affects Status Importance Assigned to Milestone
poppler (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Evince crashes if I select the mathematical symbols in some PDF files. Such a file can be found at http://www.mat.uniroma2.it/~nicolo/Soluzioni.pdf; selecting the first integral symbol on the second page is sufficient to reproduce the crash on my system. Attached is a backtrace.

evince version: 0.5.2-0ubuntu1

Revision history for this message
Francesco Accattapà (callipeo) wrote : Backtrace of the crash

Backtrace of the crash

Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Confirming. Loading the PDF and highlighting the equation below the line "1) Trovare la formula di ricorrenza per l’integrale" causes evince to crash.

Changed in evince:
status: Unconfirmed → Confirmed
Revision history for this message
Gary Coady (garycoady) wrote :

valgrind output:

==29466== Invalid read of size 4
==29466== at 0x465A7D4: GfxFont::getType() (GfxFont.h:144)
==29466== by 0x4655BDA: SplashOutputDev::updateFont(GfxState*) (SplashOutputDev.cc:971)
==29466== by 0x4700BAA: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3363)
==29466== by 0x4700E09: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3400)
==29466== by 0x4701052: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3438)
==29466== by 0x47013A0: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3510)
==29466== by 0x470180F: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3583)
==29466== by 0x4701894: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3596)
==29466== by 0x4703107: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4180)
==29466== by 0x460650D: poppler_page_render_selection (poppler-page.cc:521)
==29466== by 0x80929F2: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince)
==29466== by 0x809047B: ev_selection_render_selection (in /usr/bin/evince)
==29466== Address 0x5F1B154 is 36 bytes inside a block of size 3,532 free'd
==29466== at 0x401D268: operator delete(void*) (vg_replace_malloc.c:246)
==29466== by 0x4687ACF: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:928)
==29466== by 0x468CC0C: GfxFontDict::~GfxFontDict() (GfxFont.cc:1623)
==29466== by 0x4672137: GfxResources::~GfxResources() (Gfx.cc:304)
==29466== by 0x4673390: Gfx::popResources() (Gfx.cc:3646)
==29466== by 0x467C8B0: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3476)
==29466== by 0x467D4A9: Gfx::doForm(Object*) (Gfx.cc:3302)
==29466== by 0x467D780: Gfx::opXObject(Object*, int) (Gfx.cc:2904)
==29466== by 0x4673801: Gfx::execOp(Object*, Object*, int) (Gfx.cc:712)
==29466== by 0x46739E4: Gfx::go(int) (Gfx.cc:580)
==29466== by 0x4673FB0: Gfx::display(Object*, int) (Gfx.cc:543)
==29466== by 0x46CF823: Page::display(Gfx*) (Page.cc:418)

Revision history for this message
Gary Coady (garycoady) wrote :

It's a poppler issue rendering the PDF.

Revision history for this message
Gary Coady (garycoady) wrote :

Marking as a dup of bug #24970, it has the same stack signature.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.