Evince

evince-thumbnailer crashed with SIGSEGV in free()

Bug #708404 reported by emperor
162
This bug affects 36 people
Affects Status Importance Assigned to Milestone
Evince
Fix Released
Critical
evince (Ubuntu)
Fix Released
Medium
Chris Coulson

Bug Description

Binary package hint: evince

Crashed using nautilus for looking at a folder with differnent kinds of files in it.

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: evince 2.32.0-0ubuntu8
ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37
Uname: Linux 2.6.37-12-generic x86_64
NonfreeKernelModules: fglrx wl
Architecture: amd64
Date: Thu Jan 27 01:43:28 2011
ExecutablePath: /usr/bin/evince-thumbnailer
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcCmdline: evince-thumbnailer -s 128 file:///home/username/uni/SA_PfaffFlorian10/ausarbeitung/isasheader.pdf /tmp/.gnome_desktop_thumbnail.AXQ7PV
ProcCmdline_: BOOT_IMAGE=/boot/vmlinuz-2.6.37-12-generic root=UUID=eeca06ce-4593-4d36-977f-0097a25f6e67 ro quiet splash vt.handoff=7
ProcEnviron:
 LANGUAGE=de_DE:de:en_GB:en
 LANG=de_DE.UTF-8
 LC_MESSAGES=de_DE.utf8
 SHELL=/bin/bash
ProcVersionSignature_: Ubuntu 2.6.37-12.26-generic 2.6.37
SegvAnalysis:
 Segfault happened at: 0x7f0f1d5d61cd <free+29>: mov -0x8(%rdi),%rsi
 PC (0x7f0f1d5d61cd) ok
 source "-0x8(%rdi)" (0xfffffffffffffff9) not located in a known VMA region (needed readable region)!
 destination "%rsi" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 free () from /lib/libc.so.6
 ev_document_info_free () from /usr/lib/libevdocument.so.3
 ?? () from /usr/lib/libevdocument.so.3
 g_object_unref () from /usr/lib/libgobject-2.0.so.0
 main ()
Title: evince-thumbnailer crashed with SIGSEGV in free()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Revision history for this message
emperor (emperor2000) wrote :
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 *__GI___libc_free (mem=0x1) at arena.c:275
 ev_document_info_free (info=0x7f0f213a39e0)
 ev_document_finalize (object=0x7f0f21374050)
 g_object_unref (_object=0x7f0f21374050)
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in evince (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Dennis Sheil (dennis-sheil)
Changed in evince (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in evince:
importance: Unknown → Critical
status: Unknown → New
Revision history for this message
Dennis Sheil (dennis-sheil) wrote :

There has been an upstream bug report for this since December 29, 2010. I've posted a full stack trace to that bug report, and linked to the upstream bug here.

Revision history for this message
Dennis Sheil (dennis-sheil) wrote :

I applied the patch mentioned in the upstream (although the patch is for a different version, so I changed which lines it affected) and evince no longer crashes for me when closing.

Changed in evince (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Dennis Sheil (dennis-sheil) wrote :

I changed the status to fix released as the current release is patched for this, and the specific commit is noted in the upstream bug report if we want to backport that one patch.

Revision history for this message
Brian Murray (brian-murray) wrote :

As far as I can tell its not fixed in the natty version of evince, which currently has the same version number as the one that appears in the bug description (2.32.0-0ubuntu8), so the Ubuntu bug task should be left open.

Changed in evince (Ubuntu):
status: Fix Released → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in evince:
status: New → Incomplete
Revision history for this message
Dennis Sheil (dennis-sheil) wrote :

I've attached a patch implementing the upstream fix.

I created the debdiff according to the formula, but when I test the patch, the core changes don't patch just the changelog, I assume this is the default behavior, and it has to be adapted by the package maintainer.

Brian Murray (brian-murray)
tags: added: patch
Chris Coulson (chrisccoulson)
Changed in evince (Ubuntu):
assignee: nobody → Chris Coulson (chrisccoulson)
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Thanks, I've uploaded this now.

One minor comment - the patch filename didn't match the changelog entry. I fixed that though, and added a proper DEP-3 header to the patch (see http://dep.debian.net/deps/dep3/)

Changed in evince (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 2.32.0-0ubuntu9

---------------
evince (2.32.0-0ubuntu9) natty; urgency=low

  * debian/patches/06_new_poppler_api_update.patch
    - fix for changes in poppler API (LP: #708404)
 -- Dennis Sheil <email address hidden> Tue, 01 Feb 2011 06:42:06 -0500

Changed in evince (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in evince:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.