evince crashed with SIGSEGV in JBIG2SymbolDict::~JBIG2SymbolDict()

Bug #320181 reported by Mario Kemper (Romario) on 2009-01-22
6
Affects Status Importance Assigned to Milestone
Poppler
Fix Released
Critical
poppler (Ubuntu)
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: evince

This bug appears reproducible when opening the attached document (maybe you need to switch pages a few times).

Description: Ubuntu 8.10
Release: 8.10

evince:
  Installiert: 2.24.1-0ubuntu1
  Kandidat: 2.24.1-0ubuntu1
  Versions-Tabelle:
 *** 2.24.1-0ubuntu1 0
        500 http://archive.ubuntu.com intrepid/main Packages
        100 /var/lib/dpkg/status

ProblemType: Crash
Architecture: amd64
Disassembly: 0x2f1:
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/evince
Package: evince 2.24.1-0ubuntu1
ProcAttrCurrent: unconfined
ProcCmdline: evince file:///home/username/Desktop/01004PT1.pdf
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: evince
StacktraceTop:
 ?? ()
 JBIG2SymbolDict::~JBIG2SymbolDict ()
 JBIG2Stream::close () from /usr/lib/libpoppler.so.3
 JBIG2Stream::~JBIG2Stream ()
 Object::free () from /usr/lib/libpoppler.so.3
Title: evince crashed with SIGSEGV in JBIG2SymbolDict::~JBIG2SymbolDict()
Uname: Linux 2.6.27-11-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev sambashare vboxusers video

Download full text (13.9 KiB)

this report has been filed here:

https://bugs.edge.launchpad.net/poppler/+bug/320181

"This bug appears reproducible when opening the attached document (maybe you need to switch pages a few times)."

pdf:

http://launchpadlibrarian.net/21544672/01004PT1.pdf

"
Thread 3 (Thread 0xb5cd8b90 (LWP 5814)):
#0 0xb80b3430 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb74f1412 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2 0xb78e613d in g_cond_timed_wait_posix_impl (cond=0x93f9fd0, entered_mutex=0x80, abs_time=0x1) at /build/buildd/glib2.0-2.19.5/gthread/gthread-posix.c:242
 result = <value optimized out>
 end_time = {tv_sec = 1232717905, tv_nsec = 312387000}
 timed_out = <value optimized out>
 __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl"
#3 0xb75132c9 in g_async_queue_pop_intern_unlocked (queue=0x91f0d58, try=<value optimized out>, end_time=0xb5cd82e4) at /build/buildd/glib2.0-2.19.5/glib/gasyncqueue.c:365
 retval = <value optimized out>
 __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked"
#4 0xb75133c7 in IA__g_async_queue_timed_pop (queue=0x91f0d58, end_time=0xb5cd82e4) at /build/buildd/glib2.0-2.19.5/glib/gasyncqueue.c:491
 retval = <value optimized out>
 __PRETTY_FUNCTION__ = "IA__g_async_queue_timed_pop"
#5 0xb7566103 in g_thread_pool_thread_proxy (data=0x9261a88) at /build/buildd/glib2.0-2.19.5/glib/gthreadpool.c:121
 task = <value optimized out>
 pool = (GRealThreadPool *) 0x0
#6 0xb7564aff in g_thread_create_proxy (data=0x9214168) at /build/buildd/glib2.0-2.19.5/glib/gthread.c:635
 __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#7 0xb74ed4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#8 0xb74693fe in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 2 (Thread 0xb6746b90 (LWP 5813)):
#0 0xb5e00441 in ?? ()
No symbol table info available.
#1 0xb71c0fd9 in JBIG2Stream::close (this=0xb5e09cb0) at JBIG2Stream.cc:1219
 _i = 0
#2 0xb71c109a in ~JBIG2Stream (this=0xb5e09cb0) at JBIG2Stream.cc:1158
No locals.
#3 0xb71d3897 in Object::free (this=0xb6745e0c) at Object.cc:143
No locals.
#4 0xb719c5ee in Gfx::opXObject (this=0xb5e07f68, args=0xb6745ec0, numArgs=1) at Gfx.cc:3553
 name = 0xb5e08958 "Im0"
 obj1 = {type = objStream, {booln = -1243571024, intg = -1243571024, real = -3.5769132151572728e-49, string = 0xb5e09cb0, name = 0xb5e09cb0 "ÈÇ)·", array = 0xb5e09cb0,
    dict = 0xb5e09cb0, stream = 0xb5e09cb0, ref = {num = -1243571024, gen = -1243563392}, cmd = 0xb5e09cb0 "ÈÇ)·"}}
 obj2 = {type = objNone, {booln = -1243572360, intg = -1243572360, real = 1.000000677545783, string = 0xb5e09778, name = 0xb5e09778 "\210ºàµe", array = 0xb5e09778,
    dict = 0xb5e09778, stream = 0xb5e09778, ref = {num = -1243572360, gen = 1072693248}, cmd = 0xb5e09778 "\210ºàµe"}}
 obj3 = {type = objNone, {booln = 0, intg = 0, real = -3.3221892305692148e-43, string = 0x0, name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0,
      gen = -1222794614}, cmd = 0x0}}
 refObj = {type = objNone, {booln = 9, intg = 9, real = 4.4465908125712189e-323, string = 0x9, name = 0x9 <Add...

StacktraceTop:?? ()
JBIG2SymbolDict::~JBIG2SymbolDict ()
JBIG2Stream::close () from /usr/lib/libpoppler.so.3
JBIG2Stream::~JBIG2Stream ()
Object::free () from /usr/lib/libpoppler.so.3

Pedro Villavicencio (pedro) wrote :

I've managed to reproduce this on jaunty, will get a better trace and forward upstream, thanks for reporting.

Changed in poppler:
assignee: nobody → desktop-bugs
importance: Undecided → Medium
status: New → Confirmed
Pedro Villavicencio (pedro) wrote :

I've sent this upstream at: https://bugs.freedesktop.org/show_bug.cgi?id=19702 ; thanks for reporting.

Changed in poppler:
status: Confirmed → Triaged
importance: Undecided → Unknown
status: New → Unknown
Changed in poppler:
status: Unknown → Confirmed

Won't crash in poppler 0.10.4 but still won't render the pages correctly.

I've opened bug 19706 for that issue.

Changed in poppler:
status: Confirmed → Fix Released
Pedro Villavicencio (pedro) wrote :

fixed upstream, fix will be available with poppler 0.10.4

Changed in poppler:
status: Triaged → Fix Committed

Thanks for your quick responses, Pedro.

The fix only addresses the crash when opening the document. Can we please open another bug for the rendering issue ( upstream bug 19706 ), so we can track this status as well?

Please let me know if i can do anything here to help out.

Pedro Villavicencio (pedro) wrote :

Mario I've opened another report for the rendering issue, bug 321561 and subscribed you to it, thanks you.

Thx!

Jonathan Thomas (echidnaman) wrote :

Popper 0.10.4 has been released to Ubuntu 9.04.

Changed in poppler:
status: Fix Committed → Fix Released
Changed in poppler:
importance: Unknown → Critical
Changed in poppler:
importance: Critical → Unknown
Changed in poppler:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.