Ubuntu
poppler package

Evince crashes when loading some pdf files

Bug #321764 reported by vlad
6
Affects Status Importance Assigned to Milestone
Poppler
Fix Released
Critical
poppler (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: libpoppler2

Ubuntu 8.04.1, evince 2.22.2-0ubuntu, libpoppler2 0.6.4-1ubuntu3
running with gdb
-------------------------
(gdb) run PowerShot_A300.pdf
Starting program: /usr/bin/evince PowerShot_A300.pdf
[Thread debugging using libthread_db enabled]
[New Thread 0xb6bcd720 (LWP 21669)]
[New Thread 0xb6a3bb90 (LWP 21670)]
Error: FormWidgetChoice:: invalid Opt entry

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6a3bb90 (LWP 21670)]
0xb6fd93ce in GooString::cmp () from /usr/lib/libpoppler.so.2
(gdb) bt
#0 0xb6fd93ce in GooString::cmp () from /usr/lib/libpoppler.so.2
#1 0xb6f52f87 in FormWidgetChoice::loadDefaults ()
   from /usr/lib/libpoppler.so.2
#2 0xb6f4e261 in FormField::loadChildrenDefaults ()
   from /usr/lib/libpoppler.so.2
#3 0xb6f518ea in Form::createFieldFromDict () from /usr/lib/libpoppler.so.2
#4 0xb6f52330 in FormField::FormField () from /usr/lib/libpoppler.so.2
#5 0xb6f518cd in Form::createFieldFromDict () from /usr/lib/libpoppler.so.2
#6 0xb6f51ba5 in Form::Form () from /usr/lib/libpoppler.so.2
#7 0xb6f47098 in Catalog::Catalog () from /usr/lib/libpoppler.so.2
#8 0xb6fa6926 in PDFDoc::setup () from /usr/lib/libpoppler.so.2
#9 0xb6fa6bc3 in PDFDoc::PDFDoc () from /usr/lib/libpoppler.so.2
#10 0xb774a3b5 in poppler_document_new_from_file ()
   from /usr/lib/libpoppler-glib.so.2
#11 0xb584da59 in pdf_document_load (document=0x8404ea0,
    uri=0x84271c0 "file:///home/vlad/PowerShot_A300.pdf", error=0x83cd314)
    at /build/buildd/evince-2.22.2/./backend/pdf/ev-poppler.cc:291
#12 0xb7fb5091 in ev_document_load (document=0x8404ea0,
    uri=0x84271c0 "file:///home/vlad/PowerShot_A300.pdf", error=0x83cd314)
    at /build/buildd/evince-2.22.2/./libdocument/ev-document.c:122
#13 0xb7fb59e5 in ev_document_factory_get_document (
    uri=0x39594420 <Address 0x39594420 out of bounds>, error=0x83cd314)
    at /build/buildd/evince-2.22.2/./libdocument/ev-document-factory.c:242
---Type <return> to continue, or q <return> to quit---
#14 0x08060c24 in ev_job_load_run (job=0x83cd2f0)
    at /build/buildd/evince-2.22.2/./shell/ev-jobs.c:568
#15 0x0805f469 in handle_job (job=0x83cd2f0)
    at /build/buildd/evince-2.22.2/./shell/ev-job-queue.c:133
#16 0x0805fa5c in ev_render_thread (data=0x0)
    at /build/buildd/evince-2.22.2/./shell/ev-job-queue.c:264
#17 0xb7566d2f in ?? () from /usr/lib/libglib-2.0.so.0
#18 0xb73464fb in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#19 0xb72c8e5e in clone () from /lib/tls/i686/cmov/libc.so.6

----------------------------
in Ubuntu 7.04 evince works fine:
evince 0.8.1-0ubuntu1, libpoppler1 0.5.4-0ubuntu8

ProblemType: Crash
Architecture: i386
Date: Tue Jan 27 09:25:03 2009
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/evince
NonfreeKernelModules: nvidia
Package: evince 2.22.2-0ubuntu2
PackageArchitecture: i386
ProcCmdline: evince file:///home/User Name/PowerShot_A300.pdf
ProcEnviron:
 PATH=/home/User Name/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=ru_RU.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: evince
StacktraceTop:
 GooString::cmp () from /usr/lib/libpoppler.so.2
 FormWidgetChoice::loadDefaults ()
 FormField::loadChildrenDefaults ()
 Form::createFieldFromDict () from /usr/lib/libpoppler.so.2
 FormField::FormField () from /usr/lib/libpoppler.so.2
Title: evince crashed with SIGSEGV in GooString::cmp()
Uname: Linux 2.6.24-23-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev scanner video

Tags: apport-crash
Revision history for this message
vlad (vladisslav) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:GooString::cmp () from /usr/lib/libpoppler.so.2
FormWidgetChoice::loadDefaults ()
FormField::loadChildrenDefaults ()
Form::createFieldFromDict () from /usr/lib/libpoppler.so.2
FormField::FormField () from /usr/lib/libpoppler.so.2

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in poppler:
importance: Undecided → Medium
Revision history for this message
In , Pedro Villavicencio (pedro) wrote :
Download full text (3.9 KiB)

this report has been filed here:

https://bugs.edge.launchpad.net/poppler/+bug/321764

example file:

http://launchpadlibrarian.net/21670487/POWER_SHOT-A300.pdf

".
Thread 2 (process 18846):
#0 0xb7f33410 in __kernel_vsyscall ()
#1 0xb72a5589 in __lll_lock_wait () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb72a0ba6 in _L_lock_95 () from /lib/tls/i686/cmov/libpthread.so.0
#3 0xb72a058a in pthread_mutex_lock ()
   from /lib/tls/i686/cmov/libpthread.so.0
#4 0xb7f0cb36 in ev_document_fc_mutex_lock ()
    at /build/buildd/evince-2.22.2/./libdocument/ev-document.c:105
No locals.
#5 0x0805e166 in ev_application_open_uri_at_dest (application=0x80da940,
    uri=0x8100888 "file:///home/vlad/PowerShot_A300.pdf", screen=0x80cc0b0,
    dest=0x0, mode=EV_WINDOW_MODE_NORMAL, search_string=0x0,
    unlink_temp_file=0, print_settings=0x0, timestamp=0)
    at /build/buildd/evince-2.22.2/./shell/ev-application.c:563
 new_window = (EvWindow *) 0x8112028
 __PRETTY_FUNCTION__ = "ev_application_open_uri_at_dest"
#6 0x0805e3d6 in ev_application_open_uri (application=0x80da940,
    uri=0x8100888 "file:///home/vlad/PowerShot_A300.pdf", args=0x80da918,
    timestamp=0, error=0x0)
    at /build/buildd/evince-2.22.2/./shell/ev-application.c:603
 dest = (EvLinkDest *) 0x0
 mode = EV_WINDOW_MODE_NORMAL
 search_string = (const gchar *) 0x0
 unlink_temp_file = 0
 print_settings = (const gchar *) 0x842cda8 "\002"
 screen = (GdkScreen *) 0x80cc0b0
#7 0x0808d480 in main (argc=2, argv=)
    at /build/buildd/evince-2.22.2/./shell/main.c:230
 enable_metadata = 1
 context = <value optimized out>
 args = (GHashTable *) 0x80da918
 program = (GnomeProgram *) 0x80ac058
.
Thread 1 (process 18847):
#0 0xb6f313ce in GooString::cmp () from /usr/lib/libpoppler.so.2
#1 0xb6eaaf87 in FormWidgetChoice::loadDefaults ()
   from /usr/lib/libpoppler.so.2
#2 0xb6ea6261 in FormField::loadChildrenDefaults ()
   from /usr/lib/libpoppler.so.2
#3 0xb6ea98ea in Form::createFieldFromDict () from /usr/lib/libpoppler.so.2
#4 0xb6eaa330 in FormField::FormField () from /usr/lib/libpoppler.so.2
#5 0xb6ea98cd in Form::createFieldFromDict () from /usr/lib/libpoppler.so.2
#6 0xb6ea9ba5 in Form::Form () from /usr/lib/libpoppler.so.2
#7 0xb6e9f098 in Catalog::Catalog () from /usr/lib/libpoppler.so.2
#8 0xb6efe926 in PDFDoc::setup () from /usr/lib/libpoppler.so.2
#9 0xb6efebc3 in PDFDoc::PDFDoc () from /usr/lib/libpoppler.so.2
#10 0xb76a23b5 in poppler_document_new_from_file ()
   from /usr/lib/libpoppler-glib.so.2
#11 0xb5a89a59 in pdf_document_load (document=0x83fb790,
    uri=0x842a740 "file:///home/vlad/PowerShot_A300.pdf", error=0x83cd314)
    at /build/buildd/evince-2.22.2/./backend/pdf/ev-poppler.cc:291
 poppler_error = (GError *) 0x0
#12 0xb7f0d091 in ev_document_load (document=0x83fb790,
    uri=0x842a740 "file:///home/vlad/PowerShot_A300.pdf", error=0x83cd314)
    at /build/buildd/evince-2.22.2/./libdocument/ev-document.c:122
 retval = 962151456
#13 0xb7f0d9e5 in ev_document_factory_get_document (
    uri=0x39594420 <Address 0x39594420 out of bounds>, error=0x83cd314)
    at /build/buildd/evince-2.22.2/./libdocument/ev-document-factory.c:242
 document = (EvDocument *) 0x83fb790
 ...

Read more...

Revision history for this message
In , Albert Astals Cid (aacid) wrote :

Will be fixed in poppler 0.10.4, thanks for the report

Revision history for this message
Pedro Villavicencio (pedro) wrote :

Thanks for the report, could you please attach the pdf file which is causing the issue? thanks.

Changed in poppler:
assignee: nobody → desktop-bugs
status: New → Incomplete
Revision history for this message
Pedro Villavicencio (pedro) wrote :

don't worry didn't saw the file you attached, will test. thanks.

Changed in poppler:
status: Incomplete → New
Revision history for this message
Pedro Villavicencio (pedro) wrote :

Managed to reproduce the same with Jaunty, I've sent this upstream at: http://bugs.freedesktop.org/show_bug.cgi?id=19790

Changed in poppler:
status: New → Triaged
Revision history for this message
Pedro Villavicencio (pedro) wrote :

this has been fixed upstream, thanks for reporting!.

Changed in poppler:
status: Triaged → Fix Committed
Pedro Villavicencio (pedro)
Changed in poppler:
importance: Undecided → Unknown
status: New → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
status: Unknown → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

the new version is in jaunty now

Changed in poppler:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Unknown → Critical
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Critical → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.