evince crashed with SIGFPE
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freetype (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: evince
We see evince hit with SIGFPE when viewing:
http://
or
http://
Note: LP#27189 is marked as invalid, so I'm reporting this with a fresh coredump
ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/evince
Package: evince 2.23.6-0ubuntu1
ProcAttrCurrent: unconfined
ProcCmdline: evince file://
ProcEnviron:
PATH=/
LANG=en_GB.UTF-8
SHELL=/bin/bash
Signal: 8
SourcePackage: evince
StacktraceTop:
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
Title: evince crashed with SIGFPE
Uname: Linux 2.6.27-2-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy kvm lpadmin mythtv plugdev scanner video
We get the same crash signature for both PDFs, but alas I can't find libfreetype-dbg packages, so have to rely on apport-retrace:
$ valgrind --trace- children= yes evince fx570MS_991MS_I.pdf 3.3.1-Debian, a dynamic binary instrumentation framework. debug/libpthrea d-2.8.90. so) Write (Xtranssock.c:2171) client. c:264) client_ connect (gnome- client. c:2442) emit_unlocked_ R (gsignal.c:3174) emit_valist (gsignal.c:2977) connect (gnome- client. c:1627) post_args_ parse (gnome- client. c:1210) malloc. c:397) connect (gnome- client. c:1595) post_args_ parse (gnome- client. c:1210) postinit (in /usr/lib/ libgnome- 2.so.0. 2303.2) libgnome- 2.so.0. 2303.2) libgnome- 2.so.0. 2303.2) libgnome- 2.so.0. 2303.2) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) libfreetype. so.6.3. 18) :create( GfxFont* , XRef*, FT_LibraryRec_*, int) (in /usr/lib/ libpoppler- glib.so. 3.0.0) ::getFont( GfxFont* , XRef*) (in /usr/lib/libpo...
==20374== Memcheck, a memory error detector.
==20374== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==20374== Using LibVEX rev 1854, a library for dynamic binary translation.
==20374== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==20374== Using valgrind-
==20374== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==20374== For more details, rerun with: -v
==20374==
==20374== Syscall param write(buf) points to uninitialised byte(s)
==20374== at 0xBA47E90: __write_nocancel (in /usr/lib/
==20374== by 0x60C8EFE: _IceTransSocket
==20374== by 0x60CC787: _IceWrite (misc.c:369)
==20374== by 0x60CC863: IceFlush (misc.c:82)
==20374== by 0x5C49DFB: client_set_string (gnome-
==20374== by 0x5C4BBC2: gnome_real_
==20374== by 0xB33628C: g_closure_invoke (gclosure.c:767)
==20374== by 0xB34C91D: signal_
==20374== by 0xB34E718: g_signal_
==20374== by 0xB34EC82: g_signal_emit (gsignal.c:3034)
==20374== by 0x5C4B92E: gnome_client_
==20374== by 0x5C4CC8E: gnome_client_
==20374== Address 0x10b3343c is 12 bytes inside a block of size 1,024 alloc'd
==20374== at 0x4C24384: calloc (vg_replace_
==20374== by 0x60C5373: IceOpenConnection (connect.c:211)
==20374== by 0x5EB8CB0: SmcOpenConnection (sm_client.c:135)
==20374== by 0x5C4B8AC: gnome_client_
==20374== by 0x5C4CC8E: gnome_client_
==20374== by 0x69F6DBD: gnome_program_
==20374== by 0x69F718A: (within /usr/lib/
==20374== by 0x69F740C: gnome_program_initv (in /usr/lib/
==20374== by 0x69F7503: gnome_program_init (in /usr/lib/
==20374== by 0x44B5CC: main (main.c:346)
==20374==
==20374== Process terminating with default action of signal 8 (SIGFPE)
==20374== Integer divide by zero at address 0x40940F1C3
==20374== at 0x9A5DED1: (within /usr/lib/
==20374== by 0x9A5E02F: (within /usr/lib/
==20374== by 0x9A5E2AA: (within /usr/lib/
==20374== by 0x9A6259C: (within /usr/lib/
==20374== by 0x9A6298D: (within /usr/lib/
==20374== by 0x9A428AF: (within /usr/lib/
==20374== by 0x9A44D3D: FT_Open_Face (in /usr/lib/
==20374== by 0x9A45B21: FT_New_Face (in /usr/lib/
==20374== by 0x8A15F1C: CairoFont:
==20374== by 0x8A162FF: CairoFontEngine