Ubuntu
poppler package

evince assert failure: * Error in `evince': free(): invalid pointer: 0x0000000002b5c6d0 *

Bug #1376265 reported by Laurent Bonnaud on 2014-10-01

282

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	Poppler	Fix Released	High	gnome-bugs #730369
	poppler (Ubuntu)	Fix Released	High	Unassigned

Bug Description

evince crashes while displaying the attached PDF file (around page #79).

To reproduce the crash you need to set the following environment variables:

MALLOC_CHECK_=3
MALLOC_PERTURB_=117

ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: evince 3.14.0-0ubuntu2
ProcVersionSignature: Ubuntu 3.16.0-18.25-generic 3.16.3
Uname: Linux 3.16.0-18-generic x86_64
ApportVersion: 2.14.7-0ubuntu2
Architecture: amd64
AssertionMessage: *** Error in `evince': free(): invalid pointer: 0x0000000002b5c6d0 ***
CurrentDesktop: KDE
Date: Wed Oct 1 15:33:51 2014
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/evince
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-18-generic root=UUID=749a9901-bdd3-4b5f-b80e-69414667e058 ro quiet splash vt.handoff=7
Signal: 6
SourcePackage: evince
StacktraceTop:
__libc_message (do_abort=do_abort@entry=3, fmt=fmt@entry=0x7fc5a23b4a40 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
malloc_printerr (ptr=<optimized out>, str=0x7fc5a23b0b19 "free(): invalid pointer", action=3) at malloc.c:4996
free_check (mem=<optimized out>, caller=<optimized out>) at hooks.c:298
TextPage::getSelectionText (this=<optimized out>, selection=selection@entry=0x7fc592ed1b80, style=style@entry=selectionStyleGlyph) at TextOutputDev.cc:4762
poppler_page_get_selected_text (page=page@entry=0x20bbb80, style=style@entry=POPPLER_SELECTION_GLYPH, selection=selection@entry=0x7fc592ed1bd0) at poppler-page.cc:824
Title: evince assert failure: *** Error in `evince': free(): invalid pointer: 0x0000000002b5c6d0 ***
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dip fuse libvirtd lpadmin plugdev sambashare staff sudo

Tags:

Revision history for this message

Laurent Bonnaud (laurent-bonnaud) wrote on 2014-10-01:

#1

Dependencies.txt Edit (9.5 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (958 bytes, text/plain; charset="utf-8")
KernLog.txt Edit (20.1 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (338 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (51.7 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (853 bytes, text/plain; charset="utf-8")
Registers.txt Edit (693 bytes, text/plain; charset="utf-8")
RelatedPackageVersions.txt Edit (176 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (4.0 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (12.9 KiB, text/plain; charset="utf-8")

information type:	Private Security → Public Security
affects:	evince (Ubuntu) → poppler (Ubuntu)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-01:

#2

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in poppler (Ubuntu):
status:	New → Confirmed

Sebastien Bacher (seb128) on 2014-10-01

Changed in poppler (Ubuntu):
importance:	Undecided → High
status:	Confirmed → Triaged

Revision history for this message

Apport retracing service (apport) wrote on 2014-10-01:

#3

StacktraceTop:
__libc_message (do_abort=do_abort@entry=3, fmt=fmt@entry=0x7fc5a23b4a40 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
malloc_printerr (ptr=<optimized out>, str=0x7fc5a23b0b19 "free(): invalid pointer", action=3) at malloc.c:4996
free_check (mem=<optimized out>, caller=<optimized out>) at hooks.c:298
TextPage::getSelectionText (this=<optimized out>, selection=selection@entry=0x7fc592ed1b80, style=style@entry=selectionStyleGlyph) at TextOutputDev.cc:4762
poppler_page_get_selected_text (page=page@entry=0x20bbb80, style=style@entry=POPPLER_SELECTION_GLYPH, selection=selection@entry=0x7fc592ed1bd0) at poppler-page.cc:824

Revision history for this message

Apport retracing service (apport) wrote on 2014-10-01: Stacktrace.txt

#4

Stacktrace.txt Edit (3.3 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2014-10-01: StacktraceSource.txt

#5

StacktraceSource.txt Edit (2.3 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2014-10-01: ThreadStacktrace.txt

#6

ThreadStacktrace.txt Edit (8.7 KiB, text/plain)

tags:

removed: need-amd64-retrace

Revision history for this message

Laurent Bonnaud (laurent-bonnaud) wrote on 2014-10-01:

#7

I have also reported this bug upstream:

https://bugs.freedesktop.org/show_bug.cgi?id=84555

Bug Watch Updater (bug-watch-updater) on 2014-10-01

Changed in poppler:
importance:	Unknown → High
status:	Unknown → New

Revision history for this message

Laurent Bonnaud (laurent-bonnaud) wrote on 2015-04-28:

#8

This bug is fixed in Ubuntu 15.04 with evince 3.16 (from Gnome PPA) and poppler 0.30.0.

Changed in poppler (Ubuntu):
status:	Triaged → Fix Released

Bug Watch Updater (bug-watch-updater) on 2015-04-28

Changed in poppler:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

gnome-bugs #730369
[RESOLVED FIXED] Edit
freedesktop-bugs #84555
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.