evince crashes in BaseStream::BaseStream(Object*)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Poppler |
Fix Released
|
Medium
|
|||
poppler (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
evince crashes with the following valgrind output.
==13963== Memcheck, a memory error detector
==13963== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==13963== Using Valgrind-
==13963== Command: evince c-flipr-1884.pdf
==13963==
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.
==13963== by 0x53EEA46: ??? (in /lib/libz.
==13963== by 0x49018A5: ??? (in /usr/lib/
==13963== by 0x49018D3: ??? (in /usr/lib/
==13963== by 0x490123A: __xmlParserInpu
==13963== by 0x4901333: xmlParserInputB
==13963== by 0x48D58D0: xmlNewInputFromFile (in /usr/lib/
==13963== by 0x4901772: xmlLoadExternal
==13963== by 0x48DA020: xmlCreateURLPar
==13963== by 0x48DA0C8: xmlCreateFilePa
==13963== by 0x48F1446: xmlSAXParseFile
==13963==
Error: PDF file is damaged - attempting to reconstruct xref table...
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.
==13963== by 0x53F4762: inflateInit_ (in /lib/libz.
==13963== by 0x517DF13: png_create_
==13963== by 0x9A493BA: ??? (in /usr/lib/
==13963== by 0x50A8839: ??? (in /usr/lib/
==13963== by 0x50A9534: gdk_pixbuf_
==13963== by 0x50A6D54: ??? (in /usr/lib/
==13963== by 0x50A6E07: gdk_pixbuf_
==13963== by 0x4BF9DC8: ??? (in /usr/lib/
==13963== by 0x4BFA4E0: gtk_icon_
==13963== by 0x4BFC869: gtk_icon_
==13963==
Error (744477): Dictionary key must be a name object
==13963== Thread 4:
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.
==13963== by 0x53EEA46: ??? (in /lib/libz.
==13963== by 0x4860712: __synctex_open (synctex_
==13963== by 0x4860923: _synctex_open (synctex_
==13963== by 0x4864BAD: synctex_
==13963== by 0x4854E27: ev_document_load (ev-document.c:332)
==13963== by 0x4856A75: ev_document_
==13963== by 0x48839AC: ev_job_load_run (ev-jobs.c:951)
==13963== by 0x4881370: ev_job_run (ev-jobs.c:214)
==13963== by 0x4885367: ev_job_thread_proxy (ev-job-
==13963== by 0x538448E: ??? (in /lib/libglib-
==13963==
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.
==13963== by 0x53EEA46: ??? (in /lib/libz.
==13963== by 0x48608BE: __synctex_open (synctex_
==13963== by 0x4860923: _synctex_open (synctex_
==13963== by 0x4864BAD: synctex_
==13963== by 0x4854E27: ev_document_load (ev-document.c:332)
==13963== by 0x4856A75: ev_document_
==13963== by 0x48839AC: ev_job_load_run (ev-jobs.c:951)
==13963== by 0x4881370: ev_job_run (ev-jobs.c:214)
==13963== by 0x4885367: ev_job_thread_proxy (ev-job-
==13963== by 0x538448E: ??? (in /lib/libglib-
==13963==
Error (188): Unknown operator '"-1.25'
Error (191): Too few (0) args to 'TD' operator
Error (188): Unknown operator '"-1.25'
Error (191): Too few (0) args to 'TD' operator
Error (335898): Dictionary key must be a name object
Error (335905): Dictionary key must be a name object
Error: Weird page contents
Error (525161): Dictionary key must be a name object
Error (526516): Dictionary key must be a name object
Error (526523): Dictionary key must be a name object
Error (526635): Dictionary key must be a name object
Error (526642): Dictionary key must be a name object
Error (383184): Dictionary key must be a name object
Error (383192): Dictionary key must be a name object
Error (396435): Bad 'Length' attribute in stream
Error (449249): Bad 'Length' attribute in stream
Error: Weird page contents
Error (335898): Dictionary key must be a name object
Error (335905): Dictionary key must be a name object
Error: Weird page contents
Error (525161): Dictionary key must be a name object
Error (526516): Dictionary key must be a name object
Error (526523): Dictionary key must be a name object
Error (526635): Dictionary key must be a name object
Error (526642): Dictionary key must be a name object
Error (383184): Dictionary key must be a name object
Error (383192): Dictionary key must be a name object
Error (396435): Bad 'Length' attribute in stream
Error (449249): Bad 'Length' attribute in stream
Error: Weird page contents
Error (740031): Dictionary key must be a name object
Error (741913): Dictionary key must be a name object
Error (741921): Dictionary key must be a name object
Error (742657): Dictionary key must be a name object
Error (742659): Dictionary key must be a name object
Error (742661): Dictionary key must be a name object
Error (742669): Dictionary key must be a name object
==13963==
==13963== Process terminating with default action of signal 11 (SIGSEGV)
==13963== Bad permissions for mapped region at address 0x6F10FFC
==13963== at 0x9B764E9: BaseStream:
==13963==
==13963== HEAP SUMMARY:
==13963== in use at exit: 25,578,382 bytes in 278,262 blocks
==13963== total heap usage: 1,030,872 allocs, 752,610 frees, 195,124,604 bytes allocated
==13963==
==13963== LEAK SUMMARY:
==13963== definitely lost: 5,252 bytes in 32 blocks
==13963== indirectly lost: 14,836 bytes in 739 blocks
==13963== possibly lost: 5,823,096 bytes in 27,773 blocks
==13963== still reachable: 19,735,198 bytes in 249,718 blocks
==13963== suppressed: 0 bytes in 0 blocks
==13963== Rerun with --leak-check=full to see details of leaked memory
==13963==
==13963== For counts of detected and suppressed errors, rerun with: -v
==13963== Use --track-origins=yes to see where uninitialised values come from
==13963== ERROR SUMMARY: 9 errors from 4 contexts (suppressed: 218 from 13)
Killed
ProblemType: Crash
DistroRelease: Ubuntu 10.10
Package: evince 2.32.0-0ubuntu1
ProcVersionSign
Uname: Linux 2.6.35-19-generic i686
Architecture: i386
CrashCounter: 1
Date: Sun Oct 10 11:51:21 2010
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha i386 (20100803.1)
KernLog:
ProcCmdline: BOOT_IMAGE=
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.utf8
SegvAnalysis: Skipped: missing required field "Disassembly"
Signal: 11
SourcePackage: evince
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
Changed in poppler (Ubuntu): | |
status: | New → Triaged |
security vulnerability: | yes → no |
visibility: | private → public |
Changed in poppler: | |
status: | Unknown → Fix Released |
Changed in poppler: | |
importance: | Unknown → Medium |
Attached file triggers fdo#28784 for me:
https:/ /bugs.freedeskt op.org/ show_bug. cgi?id= 28784
1298 0 obj
<< /Length 1298 0 R /Filter /LZWDecode >>
Valgrind output above indicates you're seeing some other crash though.