On this document there is a first crash in CairoFont::create : strObj.getTypeName() giving "null" (create is entered about 20 times with the same invalid ref on the given doc and each time fontType is also invalid). A check on the type before using the stream might be nice. For the real bug, valgrind is quite helpful : ==32431== ==32431== Invalid read of size 4 ==32431== at 0x408D4D6: GfxFont::incRefCnt() (GfxFont.cc:172) ==32431== by 0x40F1205: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3381) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== by 0x809454C: ev_selection_render_selection (in /usr/bin/evince) ==32431== by 0x806B2D4: ev_pixbuf_cache_get_selection_pixbuf (in /usr/bin/evince) ==32431== Address 0x564AE64 is 164 bytes inside a block of size 3,536 free'd ==32431== at 0x401EBFA: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x408E16F: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:939) ==32431== by 0x408D507: GfxFont::decRefCnt() (GfxFont.cc:177) ==32431== by 0x408D600: GfxFontDict::~GfxFontDict() (GfxFont.cc:1635) ==32431== by 0x4080C1A: GfxResources::~GfxResources() (Gfx.cc:304) ==32431== by 0x4080C9A: Gfx::popResources() (Gfx.cc:3649) ==32431== by 0x40872BC: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3479) ==32431== by 0x4087C19: Gfx::doForm(Object*) (Gfx.cc:3305) ==32431== by 0x4087F3D: Gfx::opXObject(Object*, int) (Gfx.cc:2907) ==32431== by 0x4082DEC: Gfx::execOp(Object*, Object*, int) (Gfx.cc:713) ==32431== by 0x4082FC3: Gfx::go(int) (Gfx.cc:581) ==32431== by 0x408352E: Gfx::display(Object*, int) (Gfx.cc:544) ==32431== ==32431== Invalid read of size 4 ==32431== at 0x4031490: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:273) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== by 0x809454C: ev_selection_render_selection (in /usr/bin/evince) ==32431== by 0x806B2D4: ev_pixbuf_cache_get_selection_pixbuf (in /usr/bin/evince) ==32431== Address 0x564ADE4 is 36 bytes inside a block of size 3,536 free'd ==32431== at 0x401EBFA: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x408E16F: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:939) ==32431== by 0x408D507: GfxFont::decRefCnt() (GfxFont.cc:177) ==32431== by 0x408D600: GfxFontDict::~GfxFontDict() (GfxFont.cc:1635) ==32431== by 0x4080C1A: GfxResources::~GfxResources() (Gfx.cc:304) ==32431== by 0x4080C9A: Gfx::popResources() (Gfx.cc:3649) ==32431== by 0x40872BC: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3479) ==32431== by 0x4087C19: Gfx::doForm(Object*) (Gfx.cc:3305) ==32431== by 0x4087F3D: Gfx::opXObject(Object*, int) (Gfx.cc:2907) ==32431== by 0x4082DEC: Gfx::execOp(Object*, Object*, int) (Gfx.cc:713) ==32431== by 0x4082FC3: Gfx::go(int) (Gfx.cc:581) ==32431== by 0x408352E: Gfx::display(Object*, int) (Gfx.cc:544) ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402F5A9: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:346) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== by 0x809454C: ev_selection_render_selection (in /usr/bin/evince) ==32431== Address 0x564ADC8 is 8 bytes inside a block of size 3,536 free'd ==32431== at 0x401EBFA: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x408E16F: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:939) ==32431== by 0x408D507: GfxFont::decRefCnt() (GfxFont.cc:177) ==32431== by 0x408D600: GfxFontDict::~GfxFontDict() (GfxFont.cc:1635) ==32431== by 0x4080C1A: GfxResources::~GfxResources() (Gfx.cc:304) ==32431== by 0x4080C9A: Gfx::popResources() (Gfx.cc:3649) ==32431== by 0x40872BC: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3479) ==32431== by 0x4087C19: Gfx::doForm(Object*) (Gfx.cc:3305) ==32431== by 0x4087F3D: Gfx::opXObject(Object*, int) (Gfx.cc:2907) ==32431== by 0x4082DEC: Gfx::execOp(Object*, Object*, int) (Gfx.cc:713) ==32431== by 0x4082FC3: Gfx::go(int) (Gfx.cc:581) ==32431== by 0x408352E: Gfx::display(Object*, int) (Gfx.cc:544) ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402F5AC: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:346) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== by 0x809454C: ev_selection_render_selection (in /usr/bin/evince) ==32431== Address 0x564ADCC is 12 bytes inside a block of size 3,536 free'd ==32431== at 0x401EBFA: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x408E16F: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:939) ==32431== by 0x408D507: GfxFont::decRefCnt() (GfxFont.cc:177) ==32431== by 0x408D600: GfxFontDict::~GfxFontDict() (GfxFont.cc:1635) ==32431== by 0x4080C1A: GfxResources::~GfxResources() (Gfx.cc:304) ==32431== by 0x4080C9A: Gfx::popResources() (Gfx.cc:3649) ==32431== by 0x40872BC: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3479) ==32431== by 0x4087C19: Gfx::doForm(Object*) (Gfx.cc:3305) ==32431== by 0x4087F3D: Gfx::opXObject(Object*, int) (Gfx.cc:2907) ==32431== by 0x4082DEC: Gfx::execOp(Object*, Object*, int) (Gfx.cc:713) ==32431== by 0x4082FC3: Gfx::go(int) (Gfx.cc:581) ==32431== by 0x408352E: Gfx::display(Object*, int) (Gfx.cc:544) ==32431== ==32431== Invalid read of size 4 ==32431== at 0x408D4E9: GfxFont::decRefCnt() (GfxFont.cc:176) ==32431== by 0x4099031: GfxState::setFont(GfxFont*, double) (GfxState.cc:4057) ==32431== by 0x40F1223: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3382) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== by 0x809454C: ev_selection_render_selection (in /usr/bin/evince) ==32431== Address 0x564AE64 is 164 bytes inside a block of size 3,536 free'd ==32431== at 0x401EBFA: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x408E16F: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:939) ==32431== by 0x408D507: GfxFont::decRefCnt() (GfxFont.cc:177) ==32431== by 0x408D600: GfxFontDict::~GfxFontDict() (GfxFont.cc:1635) ==32431== by 0x4080C1A: GfxResources::~GfxResources() (Gfx.cc:304) ==32431== by 0x4080C9A: Gfx::popResources() (Gfx.cc:3649) ==32431== by 0x40872BC: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3479) ==32431== by 0x4087C19: Gfx::doForm(Object*) (Gfx.cc:3305) ==32431== by 0x4087F3D: Gfx::opXObject(Object*, int) (Gfx.cc:2907) ==32431== by 0x4082DEC: Gfx::execOp(Object*, Object*, int) (Gfx.cc:713) ==32431== by 0x4082FC3: Gfx::go(int) (Gfx.cc:581) ==32431== by 0x408352E: Gfx::display(Object*, int) (Gfx.cc:544) ==32431== ==32431== Invalid write of size 4 ==32431== at 0x408D4F4: GfxFont::decRefCnt() (GfxFont.cc:176) ==32431== by 0x4099031: GfxState::setFont(GfxFont*, double) (GfxState.cc:4057) ==32431== by 0x40F1223: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3382) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== by 0x809454C: ev_selection_render_selection (in /usr/bin/evince) ==32431== Address 0x564AE64 is 164 bytes inside a block of size 3,536 free'd ==32431== at 0x401EBFA: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x408E16F: Gfx8BitFont::~Gfx8BitFont() (GfxFont.cc:939) ==32431== by 0x408D507: GfxFont::decRefCnt() (GfxFont.cc:177) ==32431== by 0x408D600: GfxFontDict::~GfxFontDict() (GfxFont.cc:1635) ==32431== by 0x4080C1A: GfxResources::~GfxResources() (Gfx.cc:304) ==32431== by 0x4080C9A: Gfx::popResources() (Gfx.cc:3649) ==32431== by 0x40872BC: Gfx::doForm1(Object*, Dict*, double*, double*) (Gfx.cc:3479) ==32431== by 0x4087C19: Gfx::doForm(Object*) (Gfx.cc:3305) ==32431== by 0x4087F3D: Gfx::opXObject(Object*, int) (Gfx.cc:2907) ==32431== by 0x4082DEC: Gfx::execOp(Object*, Object*, int) (Gfx.cc:713) ==32431== by 0x4082FC3: Gfx::go(int) (Gfx.cc:581) ==32431== by 0x408352E: Gfx::display(Object*, int) (Gfx.cc:544) ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402ED40: CairoFont::create(GfxFont*, XRef*, FT_LibraryRec_*, int) (CairoFontEngine.cc:68) ==32431== by 0x402F634: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:359) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== Address 0x564ADCC is 12 bytes inside a block of size 1,280 free'd ==32431== at 0x401EEBB: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x4E27D2A: _cairo_traps_fini (cairo-traps.c:84) ==32431== by 0x0: ??? ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402ED43: CairoFont::create(GfxFont*, XRef*, FT_LibraryRec_*, int) (CairoFontEngine.cc:68) ==32431== by 0x402F634: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:359) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== Address 0x564ADC8 is 8 bytes inside a block of size 1,280 free'd ==32431== at 0x401EEBB: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x4E27D2A: _cairo_traps_fini (cairo-traps.c:84) ==32431== by 0x0: ??? ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402ED46: CairoFont::create(GfxFont*, XRef*, FT_LibraryRec_*, int) (GfxFont.h:147) ==32431== by 0x402F634: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:359) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== Address 0x564ADE4 is 36 bytes inside a block of size 1,280 free'd ==32431== at 0x401EEBB: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x4E27D2A: _cairo_traps_fini (cairo-traps.c:84) ==32431== by 0x0: ??? ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402ED71: CairoFont::create(GfxFont*, XRef*, FT_LibraryRec_*, int) (GfxFont.h:153) ==32431== by 0x402F634: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:359) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== Address 0x564ADF0 is 48 bytes inside a block of size 1,280 free'd ==32431== at 0x401EEBB: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x4E27D2A: _cairo_traps_fini (cairo-traps.c:84) ==32431== by 0x0: ??? ==32431== ==32431== Invalid read of size 4 ==32431== at 0x402ED7B: CairoFont::create(GfxFont*, XRef*, FT_LibraryRec_*, int) (GfxFont.h:153) ==32431== by 0x402F634: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:359) ==32431== by 0x40314B5: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:276) ==32431== by 0x40F123B: TextSelectionPainter::visitWord(TextWord*, int, int, PDFRectangle*) (TextOutputDev.cc:3383) ==32431== by 0x40E9E27: TextWord::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3422) ==32431== by 0x40EA062: TextLine::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3460) ==32431== by 0x40EA242: TextBlock::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3532) ==32431== by 0x40F1600: TextPage::visitSelection(TextSelectionVisitor*, PDFRectangle*) (TextOutputDev.cc:3605) ==32431== by 0x40F2C71: TextPage::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:3618) ==32431== by 0x40F2CE9: TextOutputDev::drawSelection(OutputDev*, double, int, PDFRectangle*, GfxColor*, GfxColor*) (TextOutputDev.cc:4202) ==32431== by 0x402D1EA: poppler_page_render_selection (poppler-page.cc:560) ==32431== by 0x8095194: pdf_selection_render_selection(_EvSelection*, _EvRenderContext*, _GdkPixbuf**, EvRectangle*, EvRectangle*, _GdkColor*, _GdkColor*) (in /usr/bin/evince) ==32431== Address 0x564ADF4 is 52 bytes inside a block of size 1,280 free'd ==32431== at 0x401EEBB: free (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==32431== by 0x4E27D2A: _cairo_traps_fini (cairo-traps.c:84) ==32431== by 0x0: ???