evince crashed with SIGSEGV in Parser::getPos()

Bug #575107 reported by smpahlman
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
poppler (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: evince

evince crashes when opening a malformed PDF.

ProblemType: Crash
DistroRelease: Ubuntu 10.04
Package: evince 2.30.0-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
CrashCounter: 1
Date: Tue May 4 15:31:52 2010
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha i386 (20100113)
KernLog:

ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-2.6.32-21-generic root=UUID=a0f9a5ba-8891-4f4a-ae71-20b4a3e95b4c ro quiet splash
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.utf8
SegvAnalysis:
 Segfault happened at: 0xa37e2e4 <_ZN3Gfx6getPosEv+36>: mov 0x4(%edx),%ecx
 PC (0x0a37e2e4) ok
 source "0x4(%edx)" (0x66656c70) not located in a known VMA region (needed readable region)!
 destination "%ecx" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 Parser::getPos (this=0xb5c43a38) at Parser.h:54
 Gfx::getPos (this=0xb5c43a38) at Gfx.cc:840
 Gfx::drawAnnot (this=0xb5c43a38, str=0xb657b034,
 AnnotWidget::draw (this=0xb5c99fe8, gfx=0xb5c43a38,
 Page::displaySlice (this=0xb5c47360, out=0x2253c600,
Title: evince crashed with SIGSEGV in Parser::getPos()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
 (polkit-gnome-authentication-agent-1:26007): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
 (gnome-terminal:26112): Gtk-CRITICAL **: gtk_accel_map_unlock_path: assertion `entry != NULL && entry->lock_count > 0' failed

Revision history for this message
smpahlman (sauli-pahlman) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 Gfx::getPos (this=0xb5c43a38) at Parser.h:54
 Gfx::drawAnnot (this=0xb5c43a38, str=0xb657b034,
 AnnotWidget::draw (this=0xb5c99fe8, gfx=0xb5c43a38,
 Page::displaySlice (this=0xb5c47360, out=0x2253c600,
 _poppler_page_render (page=0xb5c3dfc0, cairo=0xb5c436a8,

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in evince (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Revision history for this message
Tomas Hoger (thoger) wrote :

The problem here is an uninitialized Gfx::parser pointer. PDF causes Gfx::getPos() to be called (to add error location to the error message), which assumes that parser is either NULL or valid pointer to Parser instance. Attached patch modifies Gfx constructors to initialize parser to NULL.

affects: evince (Ubuntu) → poppler (Ubuntu)
Tomas Hoger (thoger)
Changed in poppler (Ubuntu):
status: New → Confirmed
Revision history for this message
Tomas Hoger (thoger) wrote :

Patch from comment #5 is committed upstream now, based on a report from Joel Voss:

http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf

visibility: private → public
Revision history for this message
madbiologist (me-again) wrote :

No longer crashing on Ubuntu 14.04 "Trusty Tahr".

poppler 0.24.5-2ubuntu4.2

Changed in poppler (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.