evince crashes with the following valgrind output.
==13963== Memcheck, a memory error detector
==13963== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==13963== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==13963== Command: evince c-flipr-1884.pdf
==13963==
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.so.1.2.3.4)
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.so.1.2.3.4)
==13963== by 0x53EEA46: ??? (in /lib/libz.so.1.2.3.4)
==13963== by 0x49018A5: ??? (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x49018D3: ??? (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x490123A: __xmlParserInputBufferCreateFilename (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x4901333: xmlParserInputBufferCreateFilename (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x48D58D0: xmlNewInputFromFile (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x4901772: xmlLoadExternalEntity (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x48DA020: xmlCreateURLParserCtxt (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x48DA0C8: xmlCreateFileParserCtxt (in /usr/lib/libxml2.so.2.7.7)
==13963== by 0x48F1446: xmlSAXParseFileWithData (in /usr/lib/libxml2.so.2.7.7)
==13963==
Error: PDF file is damaged - attempting to reconstruct xref table...
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.so.1.2.3.4)
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.so.1.2.3.4)
==13963== by 0x53F4762: inflateInit_ (in /lib/libz.so.1.2.3.4)
==13963== by 0x517DF13: png_create_read_struct_2 (in /lib/libpng12.so.0.44.0)
==13963== by 0x9A493BA: ??? (in /usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so)
==13963== by 0x50A8839: ??? (in /usr/lib/libgdk_pixbuf-2.0.so.0.2200.0)
==13963== by 0x50A9534: gdk_pixbuf_loader_write (in /usr/lib/libgdk_pixbuf-2.0.so.0.2200.0)
==13963== by 0x50A6D54: ??? (in /usr/lib/libgdk_pixbuf-2.0.so.0.2200.0)
==13963== by 0x50A6E07: gdk_pixbuf_new_from_stream (in /usr/lib/libgdk_pixbuf-2.0.so.0.2200.0)
==13963== by 0x4BF9DC8: ??? (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==13963== by 0x4BFA4E0: gtk_icon_info_load_icon (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==13963== by 0x4BFC869: gtk_icon_theme_load_icon (in /usr/lib/libgtk-x11-2.0.so.0.2200.0)
==13963==
Error (744477): Dictionary key must be a name object
==13963== Thread 4:
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.so.1.2.3.4)
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.so.1.2.3.4)
==13963== by 0x53EEA46: ??? (in /lib/libz.so.1.2.3.4)
==13963== by 0x4860712: __synctex_open (synctex_parser.c:2595)
==13963== by 0x4860923: _synctex_open (synctex_parser.c:2667)
==13963== by 0x4864BAD: synctex_scanner_new_with_output_file (synctex_parser.c:2514)
==13963== by 0x4854E27: ev_document_load (ev-document.c:332)
==13963== by 0x4856A75: ev_document_factory_get_document (ev-document-factory.c:235)
==13963== by 0x48839AC: ev_job_load_run (ev-jobs.c:951)
==13963== by 0x4881370: ev_job_run (ev-jobs.c:214)
==13963== by 0x4885367: ev_job_thread_proxy (ev-job-scheduler.c:183)
==13963== by 0x538448E: ??? (in /lib/libglib-2.0.so.0.2600.0)
==13963==
==13963== Conditional jump or move depends on uninitialised value(s)
==13963== at 0x53F4611: inflateReset2 (in /lib/libz.so.1.2.3.4)
==13963== by 0x53F46EC: inflateInit2_ (in /lib/libz.so.1.2.3.4)
==13963== by 0x53EEA46: ??? (in /lib/libz.so.1.2.3.4)
==13963== by 0x48608BE: __synctex_open (synctex_parser.c:2614)
==13963== by 0x4860923: _synctex_open (synctex_parser.c:2667)
==13963== by 0x4864BAD: synctex_scanner_new_with_output_file (synctex_parser.c:2514)
==13963== by 0x4854E27: ev_document_load (ev-document.c:332)
==13963== by 0x4856A75: ev_document_factory_get_document (ev-document-factory.c:235)
==13963== by 0x48839AC: ev_job_load_run (ev-jobs.c:951)
==13963== by 0x4881370: ev_job_run (ev-jobs.c:214)
==13963== by 0x4885367: ev_job_thread_proxy (ev-job-scheduler.c:183)
==13963== by 0x538448E: ??? (in /lib/libglib-2.0.so.0.2600.0)
==13963==
Error (188): Unknown operator '"-1.25'
Error (191): Too few (0) args to 'TD' operator
Error (188): Unknown operator '"-1.25'
Error (191): Too few (0) args to 'TD' operator
Error (335898): Dictionary key must be a name object
Error (335905): Dictionary key must be a name object
Error: Weird page contents
Error (525161): Dictionary key must be a name object
Error (526516): Dictionary key must be a name object
Error (526523): Dictionary key must be a name object
Error (526635): Dictionary key must be a name object
Error (526642): Dictionary key must be a name object
Error (383184): Dictionary key must be a name object
Error (383192): Dictionary key must be a name object
Error (396435): Bad 'Length' attribute in stream
Error (449249): Bad 'Length' attribute in stream
Error: Weird page contents
Error (335898): Dictionary key must be a name object
Error (335905): Dictionary key must be a name object
Error: Weird page contents
Error (525161): Dictionary key must be a name object
Error (526516): Dictionary key must be a name object
Error (526523): Dictionary key must be a name object
Error (526635): Dictionary key must be a name object
Error (526642): Dictionary key must be a name object
Error (383184): Dictionary key must be a name object
Error (383192): Dictionary key must be a name object
Error (396435): Bad 'Length' attribute in stream
Error (449249): Bad 'Length' attribute in stream
Error: Weird page contents
Error (740031): Dictionary key must be a name object
Error (741913): Dictionary key must be a name object
Error (741921): Dictionary key must be a name object
Error (742657): Dictionary key must be a name object
Error (742659): Dictionary key must be a name object
Error (742661): Dictionary key must be a name object
Error (742669): Dictionary key must be a name object
==13963==
==13963== Process terminating with default action of signal 11 (SIGSEGV)
==13963== Bad permissions for mapped region at address 0x6F10FFC
==13963== at 0x9B764E9: BaseStream::BaseStream(Object*) (Stream.cc:366)
==13963==
==13963== HEAP SUMMARY:
==13963== in use at exit: 25,578,382 bytes in 278,262 blocks
==13963== total heap usage: 1,030,872 allocs, 752,610 frees, 195,124,604 bytes allocated
==13963==
==13963== LEAK SUMMARY:
==13963== definitely lost: 5,252 bytes in 32 blocks
==13963== indirectly lost: 14,836 bytes in 739 blocks
==13963== possibly lost: 5,823,096 bytes in 27,773 blocks
==13963== still reachable: 19,735,198 bytes in 249,718 blocks
==13963== suppressed: 0 bytes in 0 blocks
==13963== Rerun with --leak-check=full to see details of leaked memory
==13963==
==13963== For counts of detected and suppressed errors, rerun with: -v
==13963== Use --track-origins=yes to see where uninitialised values come from
==13963== ERROR SUMMARY: 9 errors from 4 contexts (suppressed: 218 from 13)
Killed
ProblemType: Crash
DistroRelease: Ubuntu 10.10
Package: evince 2.32.0-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-19.28-generic 2.6.35.3
Uname: Linux 2.6.35-19-generic i686
Architecture: i386
CrashCounter: 1
Date: Sun Oct 10 11:51:21 2010
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha i386 (20100803.1)
KernLog:
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-2.6.35-19-generic root=UUID=b3362ce7-07a5-489a-a2dd-3f83cd0c19ed ro
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.utf8
SegvAnalysis: Skipped: missing required field "Disassembly"
Signal: 11
SourcePackage: evince
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
Attached file triggers fdo#28784 for me:
https:/
1298 0 obj
<< /Length 1298 0 R /Filter /LZWDecode >>
Valgrind output above indicates you're seeing some other crash though.