evince crashed with SIGSEGV in g_markup_escape_text()

Bug #677971 reported by smpahlman on 2010-11-20
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evince
Fix Released
Critical
evince (Ubuntu)
Medium
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

Binary package hint: evince

Test case:
1. update evince from oneiric-proposed
2. ensure you don't get this crash anymore and no other regression

evince (3.2.1-0ubuntu1) UNRELEASED; urgency=low

  * New upstream release
    - Make sure page labels are valid utf-8 strings in PostScript
      backend (LP: #677971, Carlos Garcia Campos)
    - Update and extend man page, Added documentation for the
      --page-index command line switch, and improved wording a bit at
      various places (Wouter Bolsterlee)
    - Small fixes to markup in help pages (Tiffany Antopolski)
    - Updated transations

evince crashes when opening the attached PS with backtrace:

#0 0x0c494798 in g_markup_escape_text () from /lib/libglib-2.0.so.0
#1 0x0c494aeb in g_markup_vprintf_escaped () from /lib/libglib-2.0.so.0
#2 0x0c494bf4 in g_markup_printf_escaped () from /lib/libglib-2.0.so.0
#3 0x003b0758 in ?? ()
#4 0x003b13e0 in ?? ()
#5 0x00306058 in g_cclosure_marshal_VOID__PARAM ()
   from /usr/lib/libgobject-2.0.so.0
#6 0x002f7412 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#7 0x0030d595 in ?? () from /usr/lib/libgobject-2.0.so.0
#8 0x0030e9bc in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#9 0x0030ee62 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#10 0x002fbab1 in ?? () from /usr/lib/libgobject-2.0.so.0
#11 0x002f819f in ?? () from /usr/lib/libgobject-2.0.so.0
#12 0x002ff611 in g_object_notify () from /usr/lib/libgobject-2.0.so.0
#13 0x004c5019 in ev_document_model_set_document (model=0x2234fc90,
    document=0x2275c950)
    at /build/buildd/evince-2.32.0/./libview/ev-document-model.c:306
#14 0x0039e22d in ?? ()
#15 0x0030693c in g_cclosure_marshal_VOID__VOID ()
   from /usr/lib/libgobject-2.0.so.0
#16 0x002f7412 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#17 0x0030d595 in ?? () from /usr/lib/libgobject-2.0.so.0
#18 0x0030e9bc in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#19 0x0030ee62 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#20 0x004c66dc in emit_finished (job=0x22649e90)
    at /build/buildd/evince-2.32.0/./libview/ev-jobs.c:179
#21 0x0c48d841 in ?? () from /lib/libglib-2.0.so.0
#22 0x0c48f855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#23 0x0c493668 in ?? () from /lib/libglib-2.0.so.0
#24 0x0c493ba7 in g_main_loop_run () from /lib/libglib-2.0.so.0
#25 0x00fd01d9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#26 0x003b24f2 in main ()

ProblemType: Crash
DistroRelease: Ubuntu 10.10
Package: evince 2.32.0-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.35-19.28-generic 2.6.35.3
Uname: Linux 2.6.35-19-generic i686
Architecture: i386
Date: Sun Nov 21 00:43:44 2010
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha i386 (20100803.1)
KernLog:
 Nov 20 18:43:40 platypus kernel: [24008.107324] type=1400 audit(1290271420.140:15): apparmor="STATUS" operation="profile_replace" name="/usr/lib/cups/backend/cups-pdf" pid=24883 comm="apparmor_parser"
 Nov 20 18:43:40 platypus kernel: [24008.107489] type=1400 audit(1290271420.140:16): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/cupsd" pid=24883 comm="apparmor_parser"
 Nov 20 18:44:11 platypus kernel: [24039.156998] SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-2.6.35-19-generic root=UUID=b3362ce7-07a5-489a-a2dd-3f83cd0c19ed ro
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.utf8
SegvAnalysis:
 Segfault happened at: 0x7ce798 <g_markup_escape_text+120>: movzbl (%esi),%eax
 PC (0x007ce798) ok
 source "(%esi)" (0x22c8b000) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 g_markup_escape_text () from /lib/libglib-2.0.so.0
 g_markup_vprintf_escaped () from /lib/libglib-2.0.so.0
 g_markup_printf_escaped () from /lib/libglib-2.0.so.0
 ?? ()
 ?? ()
Title: evince crashed with SIGSEGV in g_markup_escape_text()
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
 (polkit-gnome-authentication-agent-1:1543): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
 (bluetooth-applet:1545): Gtk-CRITICAL **: IA__gtk_widget_set_sensitive: assertion `GTK_IS_WIDGET (widget)' failed
 (nautilus:1551): GConf-CRITICAL **: gconf_value_free: assertion `value != NULL' failed

smpahlman (sauli-pahlman) wrote :

StacktraceTop:
 g_markup_escape_text () from /lib/libglib-2.0.so.0
 g_markup_vprintf_escaped () from /lib/libglib-2.0.so.0
 g_markup_printf_escaped () from /lib/libglib-2.0.so.0
 ev_sidebar_thumbnails_fill_model (
 ev_sidebar_thumbnails_document_changed_cb (

Changed in evince (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
visibility: private → public
Pedro Villavicencio (pedro) wrote :

Thank you for your bug report. This bug has been reported to the developers of the software. You can track it and make comments at:
https://bugzilla.gnome.org/show_bug.cgi?id=654263

Changed in evince (Ubuntu):
status: New → Triaged
Changed in evince:
importance: Unknown → Critical
status: Unknown → Confirmed
Changed in evince:
status: Confirmed → Fix Released
Didier Roche (didrocks) on 2011-10-17
description: updated

Hello smpahlman, or anyone else affected,

Accepted evince into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in evince (Ubuntu Oneiric):
status: New → Fix Committed
tags: added: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.2.1-0ubuntu2

---------------
evince (3.2.1-0ubuntu2) oneiric-proposed; urgency=low

  * Fix --disable-gestures/-g option (LP: #873866)

evince (3.2.1-0ubuntu1) oneiric-proposed; urgency=low

  * New upstream release
    - Make sure page labels are valid utf-8 strings in PostScript
      backend (LP: #677971, Carlos Garcia Campos)
    - Update and extend man page, Added documentation for the
      --page-index command line switch, and improved wording a bit at
      various places (Wouter Bolsterlee)
    - Small fixes to markup in help pages (Tiffany Antopolski)
    - Updated transations
 -- Chase Douglas <email address hidden> Mon, 17 Oct 2011 11:57:56 -0700

Changed in evince (Ubuntu):
status: Triaged → Fix Released
Pedro Villavicencio (pedro) wrote :

I've followed the test case and evince doesn't crash anymore with the package in proposed, marking this as verification-done, thanks all.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.2.1-0ubuntu2

---------------
evince (3.2.1-0ubuntu2) oneiric-proposed; urgency=low

  * Fix --disable-gestures/-g option (LP: #873866)

evince (3.2.1-0ubuntu1) oneiric-proposed; urgency=low

  * New upstream release
    - Make sure page labels are valid utf-8 strings in PostScript
      backend (LP: #677971, Carlos Garcia Campos)
    - Update and extend man page, Added documentation for the
      --page-index command line switch, and improved wording a bit at
      various places (Wouter Bolsterlee)
    - Small fixes to markup in help pages (Tiffany Antopolski)
    - Updated transations
 -- Chase Douglas <email address hidden> Mon, 17 Oct 2011 11:57:56 -0700

Changed in evince (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.