epdfview crashed with SIGSEGV in __strlen_sse42()

Bug #783109 reported by Marcel Stimberg on 2011-05-15
This bug affects 7 people
Affects Status Importance Assigned to Milestone
epdfview (Ubuntu)
Marcel Stimberg

Bug Description

Binary package hint: epdfview

Split off from bug 669211.
In Ubuntu 11.04, many PDFs cause epdfview to crash on startup.

The attached crash is for the document referenced in the above bug (http://www.ebparks.org/files/EBRPD_files/photoguides/1-EBRPD_Wildflowers.pdf).

This bug has a severe impact as it makes epdfview completely unusable for many PDF documents. The linked branch contains backported changes from upstream rev 357 and rev 359, additional the "cosmetic" patch from rev 336 was also necessary in order for the other two patches to apply cleanly.

Open the file http://www.ebparks.org/files/EBRPD_files/photoguides/1-EBRPD_Wildflowers.pdf with epdfview
Without fix: epdfview crashes during the start
With fix: epdfview opens and displays the file

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: epdfview 0.1.7-5ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-9.43-generic
Uname: Linux 2.6.38-9-generic x86_64
Architecture: amd64
CheckboxSubmission: 476acdb7217a83354f628beaa5c14f06
CheckboxSystem: daed2f3d6643b4a84b4520a2427f8c2b
Date: Sun May 15 19:13:26 2011
ExecutablePath: /usr/bin/epdfview
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha amd64 (20100114)
ProcCmdline: epdfview 1-EBRPD_Wildflowers.pdf
 Segfault happened at: 0x7fd0fb3ee49f <__strlen_sse42+15>: pcmpeqb (%rdi),%xmm1
 PC (0x7fd0fb3ee49f) ok
 source "(%rdi)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%xmm1" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: epdfview
 __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
 g_strdup (str=0x1 <Address 0x1 out of bounds>) at /build/buildd/glib2.0-2.28.6/./glib/gstrfuncs.c:101
 ?? ()
 ?? ()
 ?? ()
Title: epdfview crashed with SIGSEGV in __strlen_sse42()
UpgradeStatus: Upgraded to natty on 2011-03-27 (48 days ago)
UserGroups: adm admin audio cdrom dialout fuse lpadmin netdev plugdev sambashare video

Related branches

visibility: private → public

Actually, Dennis Sheil mentioned the problem in his blog quite a while ago[1]. Apparently the problem is the break in the poppler API introduced in this commit:
He also submitted a patch that was applied to epdfview:
There hasn't been any release since. Debian is not affected BTW, because they are still shipping the old poppler version. However, there is already a bug report[2] for applying the necessary changes to epdfview (according to this bug report not only r357 but also r354 and r359).

[1] http://www.vartmp.com/blog/2010/10/30#20101030
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618814

rew (r-e-wolff) wrote :

(copied over from the xpdf bug, where it doesn't belong... Sorry about that).

with Xpdf not working I then switched to epdfview as my PDF viewer. I was happy for a day or two....

Then epdfview started crashing just like xpdf....

The thing is... epdfview still displays SOME pdfs. For epdfview it depends on the PDF....

A PDF that epdfview displays correctly: http://www.bea.aero/docspa/2010/ec-v100329/pdf/ec-v100329.pdf


redirects to a PDF that epdfview also crashes on. ..... For reference.. here is a stable link to the pdf that also crashes epdfview. http://prive.bitwizard.nl/AV02-0629EN+DS+HDSP-210x+02Dec2010.pdf

epdfview however crashes in strdup (libc) and not in libpoppler (like xpdf).

[Switching to Thread 0x7fffec326700 (LWP 23313)]
0x00007ffff5a3a5d1 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) where
#0 0x00007ffff5a3a5d1 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff7923062 in g_strdup () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2 0x00007ffff7fe6b85 in ?? ()
#3 0x00007ffff7febc40 in ?? ()
#4 0x00007ffff7fec2bb in ?? ()
#5 0x00007ffff7fe86c8 in ?? ()
#6 0x00007ffff7fe83f0 in ?? ()
#7 0x00007ffff792b3e4 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8 0x00007ffff5d52d8c in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#9 0x00007ffff5a9e04d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x0000000000000000 in ?? ()

I'll link a branch with backported changes from rev 357 and rev 359, additional the "cosmetic" patch from rev 336 was also necessary in order for the other two patches to apply cleanly. The changes in rev 354 I mentioned in my previous comment were already in the Ubuntu package (ubuntu_poppler-0.15.patch).

The branch/patch is meant as an SRU for natty, the patches do apply to oneiric as well (same epdfview and poppler version) but I can't build epdfview in pbuilder (seems -Werror=format-security was enabled in oneiric?).

Changed in epdfview (Ubuntu):
status: New → Confirmed

Thank you for taking the time to report this crash and helping to make Ubuntu better. This particular crash has already been reported and is a duplicate of bug #744101, so is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

tags: removed: need-amd64-retrace
Akkana Peck (akkzilla) wrote :

This has been made a duplicate of another private bug. Any chance someone can make bug #744101 public, so folks affected by the crash can find out when it gets fixed and help test the fix? Thanks!

I'm going to revert the duplicate status because bug #744101 has no discussion whereas this bug has analysis about the causes of the bug and a linked branch fixing the issues. The retraced stacktrace in bug #744101 would be useful only if the issue was still unclear. But for completeness: Here the links to the stacktraces:

Evan Broder (broder) wrote :

I'm going to unsubscribe ~ubuntu-sponsors from this bug, as opening a merge proposal against lp:ubuntu/epdfview is enough to put it in the sponsorship queue. (You don't need to both open a merge proposal and subscribe ~ubuntu-sponsors to the corresponding bug)

Scott Moser (smoser) wrote :

Per the merge proposal, this bug is fixed in Oneiric with version 0.1.8-1 .

Marcel, Daniel asked that you follow the SRU process for this to be fixed in natty.

Changed in epdfview (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Fix Released

Scott, I updated the bug description, so I think I did everything to follow the SRU process (the SRU process description als mentions to "Nominate for Series", but this is unfortunately only possible for bug control members...). I think only a positive review of the branch is missing.

description: updated
Stefano Rivera (stefanor) wrote :

Opened a task for natty

Changed in epdfview (Ubuntu Natty):
importance: Undecided → Medium
Stefano Rivera (stefanor) wrote :

Uploaded to natty-proposed, pending SRU team review

Changed in epdfview (Ubuntu Natty):
assignee: nobody → Marcel Stimberg (marcelstimberg)
status: New → Fix Committed

Accepted epdfview into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Rhys (rimmington) wrote :

I can confirm that the version in natty-proposed works with both the above test case and another document with which I had the same problem. I have the latest -release, -security and -update packages and no other packages from -proposed.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package epdfview - 0.1.7-5ubuntu1.1

epdfview (0.1.7-5ubuntu1.1) natty-proposed; urgency=low

  * debian/patches/ubuntu_poppler-0.16.patch: Backport upstream changes (r357
    and r359, in addition also r336, needed for the other patches to apply
    cleanly) to prevent crashes due to API changes in poppler 0.16. LP: #783109
 -- Marcel Stimberg <email address hidden> Fri, 19 Jun 2011 21:50:20 +0200

Changed in epdfview (Ubuntu Natty):
status: Fix Committed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.