Bug#927764: evince crashes in poppler on unusual pdf document

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Apr 22 21:29:56 BST 2019 

Package: libpoppler-glib8
Version: 0.71.0-3
Control: affects -1 + evince

I have a pdf document that i unfortunately cannot share here.

however, trying to open the document with evince 3.30.2-3 crashes in
this way:

0 dkg at alice:~$ evince test.pdf 
! SyncTeX Error : No file?
terminate called after throwing an instance of 'std::logic_error'
  what():  basic_string::_M_construct null not valid
Aborted
134 dkg at alice:~$  

(i think that the SyncTeX error message is a red herring, because that
shows up on every file that i open with evince; see
https://gitlab.gnome.org/GNOME/evince/commit/678410e81d0c889f4db4e995ca451ed62b8a2eee)

(i get the same crash when testing evince 3.32.0-1 from experimental)

It looks like the underlying failure might be similar to this:

     https://bbs.archlinux.org/viewtopic.php?id=242607

That report suggests that poppler 0.72.0 might fix the issue, but i have
not tested it.  If poppler 0.72.0 was in experimental, i'd be happy to
try it out.

Here is a backtrace of the crash according to gdb:

#0  0x00007ffff6e528bb in raise () at /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff6e3d535 in abort () at /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff10db983 in __gnu_cxx::__verbose_terminate_handler() () at ../../../../src/libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007ffff10e18c6 in __cxxabiv1::__terminate(void (*)()) (handler=<optimized out>) at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007ffff10e1901 in std::terminate() () at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007ffff10e1b34 in __cxxabiv1::__cxa_throw(void*, std::type_info*, void (*)(void*))
    (obj=obj at entry=0x7fffe040bc80, tinfo=0x7ffff11c5958 <typeinfo for std::logic_error>, dest=0x7ffff10f6530 <std::logic_error::~logic_error()>) at ../../../../src/libstdc++-v3/libsupc++/eh_throw.cc:95
#6  0x00007ffff10dd7d3 in std::__throw_logic_error(char const*) () at /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x00007ffff172c82c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag)
    (__end=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, __beg=0x0, this=0x7ffff1fb89f0) at /usr/include/c++/8/bits/basic_string.tcc:206
#8  0x00007ffff172c82c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct_aux<char const*>(char const*, char const*, std::__false_type)
    (__end=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, __beg=0x0, this=0x7ffff1fb89f0) at /usr/include/c++/8/bits/basic_string.h:236
#9  0x00007ffff172c82c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*)
    (__end=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, __beg=0x0, this=0x7ffff1fb89f0) at /usr/include/c++/8/bits/basic_string.h:255
#10 0x00007ffff172c82c in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (__a=..., __s=0x0, this=0x7ffff1fb89f0)
    at /usr/include/c++/8/bits/basic_string.h:516
#11 0x00007ffff172c82c in GooString::GooString(char const*) (sA=0x0, this=0x7ffff1fb89f0) at ./goo/GooString.h:63
#12 0x00007ffff172c82c in poppler_date_parse(gchar const*, time_t*) (date=date at entry=0x0, timet=timet at entry=0x7ffff1fb8aa0) at ./glib/poppler-date.cc:42
#13 0x00007ffff17ae307 in ev_annot_from_poppler_annot (page=0x7fffe0405640, poppler_annot=0x5555557c8520) at ev-poppler.cc:3285
#14 0x00007ffff17ae307 in pdf_document_annotations_get_annotations(EvDocumentAnnotations*, EvPage*) (document_annotations=<optimized out>, page=0x7fffe0405640) at ev-poppler.cc:3395
#15 0x00007ffff7f2d4fa in  () at /usr/lib/x86_64-linux-gnu/libevview3.so.3
#16 0x00007ffff7f2f4c2 in  () at /usr/lib/x86_64-linux-gnu/libevview3.so.3
#17 0x00007ffff71f6425 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007ffff6fe3fa3 in start_thread () at /lib/x86_64-linux-gnu/libpthread.so.0
#19 0x00007ffff6f1482f in clone () at /lib/x86_64-linux-gnu/libc.so.6

Thanks for maintaining poppler in debian!

       --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20190422/9f70d23f/attachment.sig>

More information about the Pkg-freedesktop-maintainers mailing list