Ubuntu
evince package

evince crashed with SIGSEGV in add_range()

Bug #1449700 reported by Laurent Bonnaud
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Evince
Expired
Medium
evince (Ubuntu)
Fix Released
Medium
Brian Avery

Bug Description

To reproduce this bug:

 - load the attached PS file into evince
 - if thumbnails are not displayed press F9 and choose to display thumbnails
 - wait for the crash

ProblemType: Crash
DistroRelease: Ubuntu 15.04
Package: evince 3.16.0-0ubuntu1~vivid1 [origin: LP-PPA-gnome3-team-gnome3-staging]
ProcVersionSignature: Error: [Errno 2] No such file or directory: '/proc/version_signature'
Uname: Linux 4.0.0-040000-generic x86_64
ApportVersion: 2.17.2-0ubuntu1
Architecture: amd64
CurrentDesktop: KDE
Date: Tue Apr 28 20:03:29 2015
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/evince
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-4.0.0-040000-generic root=UUID=749a9901-bdd3-4b5f-b80e-69414667e058 ro enable_mtrr_cleanup mtrr_spare_reg_nr=1 mtrr_gran_size=32M mtrr_chunk_size=128M quiet splash vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x7effc04a7610 <cairo_surface_set_device_scale>: mov 0x1c(%rdi),%eax
 PC (0x7effc04a7610) ok
 source "0x1c(%rdi)" (0x0000001c) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 cairo_surface_set_device_scale () at /usr/lib/x86_64-linux-gnu/libcairo.so.2
 thumbnail_job_completed_callback (job=0x268acf0 [EvJobThumbnail], sidebar_thumbnails=<optimized out>) at /build/buildd/evince-3.16.0/./shell/ev-sidebar-thumbnails.c:941
 _g_closure_invoke_va (closure=0x0, closure@entry=0x27fd230, return_value=0x2238970, return_value@entry=0x0, instance=0x26284c0, instance@entry=0x268acf0, args=0x1, args@entry=0x7ffe80214180, n_params=35867472, param_types=0x255d1f0) at /build/buildd/glib2.0-2.44.0/./gobject/gclosure.c:831
 g_signal_emit_valist (instance=0x268acf0, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffe80214180) at /build/buildd/glib2.0-2.44.0/./gobject/gsignal.c:3214
 g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at /build/buildd/glib2.0-2.44.0/./gobject/gsignal.c:3361
Title: evince crashed with SIGSEGV in cairo_surface_set_device_scale()
UpgradeStatus: Upgraded to vivid on 2015-04-26 (2 days ago)
UserGroups: adm autopilot cdrom dip fuse libvirtd lpadmin plugdev sambashare staff sudo

See original description
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

Here is the file to reproduce the bug.

affects: ubuntu-gnome → evince (Ubuntu)
description: updated
information type: Private → Public Security
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 ?? ()
 add_range (end_page=<optimized out>, start_page=<optimized out>, sidebar_thumbnails=<optimized out>) at /build/buildd/evince-3.14.2/./shell/ev-sidebar-thumbnails.c:523
 update_visible_range (end_page=<optimized out>, start_page=<optimized out>, sidebar_thumbnails=<optimized out>) at /build/buildd/evince-3.14.2/./shell/ev-sidebar-thumbnails.c:571
 adjustment_changed_cb (sidebar_thumbnails=0x268acf0) at /build/buildd/evince-3.14.2/./shell/ev-sidebar-thumbnails.c:625
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in evince (Ubuntu):
importance: Undecided → Medium
summary: - evince crashed with SIGSEGV in cairo_surface_set_device_scale()
+ evince crashed with SIGSEGV in add_range()
tags: removed: need-amd64-retrace
Bug Watch Updater (bug-watch-updater)
Changed in evince:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

thanks

Changed in evince (Ubuntu):
status: New → Triaged
Revision history for this message
Brian Avery (briansvgs) wrote :

I am able to see this defect with the same file on a fully update Ubuntu gnome install.

Brian Avery (briansvgs)
Changed in evince (Ubuntu):
assignee: nobody → Brian Avery (briansvgs)
Revision history for this message
Brian Avery (briansvgs) wrote :

I see the following stack trace. This seems to match the original description of the bug:

#0 0x00007fb1fbc00610 in cairo_surface_set_device_scale () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#1 0x00000000004416cf in thumbnail_job_completed_callback (job=0x7fb1e4005f30, sidebar_thumbnails=<optimized out>)
    at /build/buildd/evince-3.14.2/./shell/ev-sidebar-thumbnails.c:941
#2 0x00007fb1fb3ae504 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#3 0x00007fb1fb3c7fa7 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4 0x00007fb1fb3c88ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5 0x00007fb1fd55cb63 in emit_finished (job=<optimized out>) at /build/buildd/evince-3.14.2/./libview/ev-jobs.c:180
#6 0x00007fb1fb0d8b4d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#7 0x00007fb1fb0d8f20 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#8 0x00007fb1fb0d8fcc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#9 0x00007fb1fb69966c in g_application_run () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#10 0x000000000041cc22 in main (argc=1, argv=0x7ffc4af3f7b8) at /build/buildd/evince-3.14.2/./shell/main.c:316

Based on this stack trace, I have determined that the crash occurs on line 949 of ev-sidebar-thumbnails.c when the following is executed:

cairo_surface_set_device_scale (job->thumbnail_surface, device_scale, device_scale);

The crash occurs because job->thumbnail_surface is null. I have not yet figured out why it is null though.

Bug Watch Updater (bug-watch-updater)
Changed in evince:
status: Confirmed → Incomplete
Bug Watch Updater (bug-watch-updater)
Changed in evince:
status: Incomplete → Confirmed
Revision history for this message
madbiologist (me-again) wrote :

No longer crashing on Ubuntu 16.04 "Xenial Xerus" but blank thumbnails are displayed for pages 6 and 7.

evince 3.18.2-1ubuntu4
poppler 0.41.0-0ubuntu1.1

Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

This bug was about a crash and is therefore fixed. I'll open a new bug report with the new problem (blank thumbnails).

Changed in evince (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

The follow-up bug is now bug #1629633.

Bug Watch Updater (bug-watch-updater)
Changed in evince:
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.