evince-thumbnailer crashed with SIGSEGV in free()

Bug #708404 reported by emperor on 2011-01-27
162
This bug affects 36 people
Affects Status Importance Assigned to Milestone
Evince
Fix Released
Critical
evince (Ubuntu)
Medium
Chris Coulson

Bug Description

Binary package hint: evince

Crashed using nautilus for looking at a folder with differnent kinds of files in it.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: evince 2.32.0-0ubuntu8
ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37
Uname: Linux 2.6.37-12-generic x86_64
NonfreeKernelModules: fglrx wl
Architecture: amd64
Date: Thu Jan 27 01:43:28 2011
ExecutablePath: /usr/bin/evince-thumbnailer
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcCmdline: evince-thumbnailer -s 128 file:///home/username/uni/SA_PfaffFlorian10/ausarbeitung/isasheader.pdf /tmp/.gnome_desktop_thumbnail.AXQ7PV
ProcCmdline_: BOOT_IMAGE=/boot/vmlinuz-2.6.37-12-generic root=UUID=eeca06ce-4593-4d36-977f-0097a25f6e67 ro quiet splash vt.handoff=7
ProcEnviron:
 LANGUAGE=de_DE:de:en_GB:en
 LANG=de_DE.UTF-8
 LC_MESSAGES=de_DE.utf8
 SHELL=/bin/bash
ProcVersionSignature_: Ubuntu 2.6.37-12.26-generic 2.6.37
SegvAnalysis:
 Segfault happened at: 0x7f0f1d5d61cd <free+29>: mov -0x8(%rdi),%rsi
 PC (0x7f0f1d5d61cd) ok
 source "-0x8(%rdi)" (0xfffffffffffffff9) not located in a known VMA region (needed readable region)!
 destination "%rsi" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 free () from /lib/libc.so.6
 ev_document_info_free () from /usr/lib/libevdocument.so.3
 ?? () from /usr/lib/libevdocument.so.3
 g_object_unref () from /usr/lib/libgobject-2.0.so.0
 main ()
Title: evince-thumbnailer crashed with SIGSEGV in free()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

emperor (emperor2000) wrote :
visibility: private → public

StacktraceTop:
 *__GI___libc_free (mem=0x1) at arena.c:275
 ev_document_info_free (info=0x7f0f213a39e0)
 ev_document_finalize (object=0x7f0f21374050)
 g_object_unref (_object=0x7f0f21374050)
 ?? ()

Changed in evince (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Changed in evince (Ubuntu):
status: New → Confirmed
Changed in evince:
importance: Unknown → Critical
status: Unknown → New
Dennis Sheil (dennis-sheil) wrote :

There has been an upstream bug report for this since December 29, 2010. I've posted a full stack trace to that bug report, and linked to the upstream bug here.

Dennis Sheil (dennis-sheil) wrote :

I applied the patch mentioned in the upstream (although the patch is for a different version, so I changed which lines it affected) and evince no longer crashes for me when closing.

Changed in evince (Ubuntu):
status: Confirmed → Fix Released
Dennis Sheil (dennis-sheil) wrote :

I changed the status to fix released as the current release is patched for this, and the specific commit is noted in the upstream bug report if we want to backport that one patch.

Brian Murray (brian-murray) wrote :

As far as I can tell its not fixed in the natty version of evince, which currently has the same version number as the one that appears in the bug description (2.32.0-0ubuntu8), so the Ubuntu bug task should be left open.

Changed in evince (Ubuntu):
status: Fix Released → Triaged
Changed in evince:
status: New → Incomplete
Dennis Sheil (dennis-sheil) wrote :

I've attached a patch implementing the upstream fix.

I created the debdiff according to the formula, but when I test the patch, the core changes don't patch just the changelog, I assume this is the default behavior, and it has to be adapted by the package maintainer.

tags: added: patch
Changed in evince (Ubuntu):
assignee: nobody → Chris Coulson (chrisccoulson)
Chris Coulson (chrisccoulson) wrote :

Thanks, I've uploaded this now.

One minor comment - the patch filename didn't match the changelog entry. I fixed that though, and added a proper DEP-3 header to the patch (see http://dep.debian.net/deps/dep3/)

Changed in evince (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 2.32.0-0ubuntu9

---------------
evince (2.32.0-0ubuntu9) natty; urgency=low

  * debian/patches/06_new_poppler_api_update.patch
    - fix for changes in poppler API (LP: #708404)
 -- Dennis Sheil <email address hidden> Tue, 01 Feb 2011 06:42:06 -0500

Changed in evince (Ubuntu):
status: Fix Committed → Fix Released
Changed in evince:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.