evince crashed with SIGSEGV in g_param_spec_pool_lookup()

Bug #879926 reported by Cristian Aravena Romero on 2011-10-22
424
This bug affects 67 people
Affects Status Importance Assigned to Milestone
Evince
Invalid
Undecided
Unassigned
evince (Ubuntu)
High
Unassigned
Oneiric
High
Bartosz Kosiorek

Bug Description

TESTCASE: no obvious one, check that evince still works as it should

I'm working with libreoffice and export to file.pdf Open file.pdf and crash.

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: evince 3.2.1-0ubuntu2
ProcVersionSignature: Error: [Errno 2] No existe el archivo o el directorio: '/proc/version_signature'
Uname: Linux 3.1.0-0301rc9-generic x86_64
ApportVersion: 1.23-0ubuntu3
Architecture: amd64
Date: Sat Oct 22 10:54:06 2011
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha amd64 (20110531.1)
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-3.1.0-0301rc9-generic root=UUID=728d3c71-cd73-464b-842f-22242d594225 ro quiet splash vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x7fedac494c2a <__strchr_sse2+26>: movdqa (%rdi),%xmm0
 PC (0x7fedac494c2a) ok
 source "(%rdi)" (0x000001b0) not located in a known VMA region (needed readable region)!
 destination "%xmm0" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 __strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:33
 g_param_spec_pool_lookup (pool=0x7fedb06de3e0, param_name=0x1b1 <Address 0x1b1 out of bounds>, owner_type=140658848591936, walk_ancestors=1) at /build/buildd/glib2.0-2.30.0/./gobject/gparam.c:1058
 g_object_set_valist (object=0x7fedb0b50240, first_property_name=<optimized out>, var_args=0x7fff6db66828) at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c:1690
 g_object_set (_object=0x7fedb0b50240, first_property_name=0x7fedafc750ed "enable-gestures") at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c:1833
 ?? ()
Title: evince crashed with SIGSEGV in __strchr_sse2()
UpgradeStatus: Upgraded to oneiric on 2011-10-04 (17 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

StacktraceTop:
 __strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:33
 g_param_spec_pool_lookup (pool=0x7fedb06de3e0, param_name=0x1b1 <Address 0x1b1 out of bounds>, owner_type=140658848591936, walk_ancestors=1) at /build/buildd/glib2.0-2.30.0/./gobject/gparam.c:1058
 g_object_set_valist (object=0x7fedb0b50240, first_property_name=<optimized out>, var_args=0x7fff6db66828) at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c:1690
 g_object_set (_object=0x7fedb0b50240, first_property_name=0x7fedafc750ed "enable-gestures") at /build/buildd/glib2.0-2.30.0/./gobject/gobject.c:1833
 ev_window_init (ev_window=0x7fedb082a210) at /build/buildd/evince-3.2.1/./shell/ev-window.c:7316

Changed in evince (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
visibility: private → public
Changed in evince:
importance: Unknown → Critical
status: Unknown → New

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in evince (Ubuntu):
status: New → Confirmed
description: updated
description: updated
Changed in evince (Ubuntu):
status: Confirmed → Triaged

FYI, I tried to open a pdf and this error appeared.

tags: added: bugpattern-needed
Martin Pitt (pitti) on 2011-11-28
summary: - evince crashed with SIGSEGV in __strchr_sse2()
+ evince crashed with SIGSEGV in g_param_spec_pool_lookup()
tags: removed: bugpattern-needed
tags: added: bugpattern-written

FWIW: It crashed for me, when I reopened a document while another evince instance was open, but segfaulted. So the first evince crashed and while the SIGSEGV handler was operating, I reopened the document, i.e. called evince on the document, and it didn't open. Instead, it crashed. I don't know how reproducible that is though.

iMac (imac-netstatz) wrote :

After the crash I still was able to read the document I had just opened as well as another in the background.

Raoul Bhatia (raoul-bhatia) wrote :

i encountered this bug when i tried to open a .pdf attachment from thunderbird.

Robbt (robbt) wrote :

Evince crashed opening a PDF from Firefox. It later opened the PDF from nautilus so it's not specific to the PDF.

Chrescht (sekateur) wrote :

Encoutered when opening a pdf from Texmaker.
This is the message log I got in Texmaker (last line repeated several times):

(evince:11517): Gdk-CRITICAL **: gdk_window_get_pointer: assertion `GDK_IS_WINDOW (window)' failed (evince:11517): Gdk-CRITICAL **: gdk_window_get_pointer: assertion `GDK_IS_WINDOW (window)' failed (evince:11517): Gdk-CRITICAL **: gdk_window_get_pointer: assertion `GDK_IS_WINDOW (window)' failed (evince:11517): Gdk-CRITICAL **:

Sebastien Bacher (seb128) wrote :

Chase, those segfault all happen when setting the "enable-gestures" property, could you get somebody to check if there is anything wrong with the patch your team added to evince?

Changed in evince (Ubuntu):
importance: Medium → High
assignee: nobody → Chase Douglas (chasedouglas)
Pi Delport (pi-delport) wrote :

Apport directed me here after evince crashed while opening a link from the command line:

$ evince http://www.globalalliancepr.org/website/sites/default/files/fedeles/Code%20of%20Ethics/Code%20of%20Ethics.pdf

So far, the crash has only happened once, the first time i ran the above: subsequent invocations have been successful.

I too got this crash on Precise when trying to open a PDF created from a .odt in LibreOffice. Interestingly, I had previously opened this PDF and a couple others successfully immediately before closing them and trying to re-open the one which caused the crash; a second attempt produced the same crash, and eventually the problem went away after I opened a different PDF then tried re-opening the affected file a 3rd time.

Changed in evince (Ubuntu):
assignee: Chase Douglas (chasedouglas) → nobody
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.2.1-1ubuntu7

---------------
evince (3.2.1-1ubuntu7) precise; urgency=low

  [ Martin Pitt ]
  * debian/rules: Save some space by not shipping the synctex screencast.

  [ Sebastien Bacher ]
  * debian/patches/11_grip_gestures.patch:
    - fixes segfault by added missing NULL argument, thanks desrt
      (lp: #879926)
 -- Sebastien Bacher <email address hidden> Thu, 12 Jan 2012 15:12:11 +0100

Changed in evince (Ubuntu):
status: Triaged → Fix Released
tags: added: rls-mgr-p-tracking
Tom Reynolds (tomreyn) wrote :

Oneiric is also affected. A SRU would be nice to have.
While it's not clear to me how to reliably reproduce this bug I'll be happy to test a Oneiric fix if it becomes available before Precise does (and possibly after).

Sebastien Bacher (seb128) wrote :

ok, launchpad is too buggy to let me delete the upstream line or reassing to another project without timeouting so setting it as invalid

no longer affects: evince (Ubuntu Precise)
Changed in evince:
importance: Critical → Undecided
affects: evince → null
affects: null → evince
Changed in evince:
status: New → Invalid
Changed in evince (Ubuntu Oneiric):
importance: Undecided → High
status: New → Fix Committed
description: updated

Hello Cristian, or anyone else affected,

Accepted evince into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Bartosz Kosiorek (gang65) wrote :

I tested evince package from proposed (Oneiric), and there is no longer crashes.
It works as it should.

Changed in evince (Ubuntu Oneiric):
assignee: nobody → Bartosz Kosiorek (gang65)
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.2.1-0ubuntu2.2

---------------
evince (3.2.1-0ubuntu2.2) oneiric-proposed; urgency=low

  * debian/patches/11_grip_gestures.patch: don't forget the NULL argument
    when calling g_object_set, fixes a segfault (lp: #879926)
 -- Sebastien Bacher <email address hidden> Mon, 23 Jan 2012 20:41:39 +0100

Changed in evince (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.