Bug#963813: evince: segmentation fault in evince opening rfc8798.pdf
smcv at debian.org
smcv at debian.org
Tue Jun 30 14:38:56 BST 2020
Control: reassign -1 libpoppler-glib8 0.71.0-6
Control: affects -1 + evince
Control: notfound -1 0.85.0-1
On Sat, 27 Jun 2020 at 21:44:46 +0200, Erik Auerswald wrote:
> I wanted to read the PDF version of the IETF RFC 8798 document using
> evince, the GNOME Document Viewer. This public standard document is
> accessible at https://www.rfc-editor.org/rfc/rfc8798.pdf .
>
> When trying to open the PDF file with evince using
>
> evince rfc8708.pdf
>
> the GNOME Document Viewer "evince" crashes with a segmentation fault.
I can reproduce this on unstable (note to poppler maintainers: the
original report was against buster). Here's a backtrace.
It looks as though a PopplerAttachment somehow has an invalid pointer
at attachment->checksum, so I'm guessing this is more likely to be a
bug in the poppler library than in evince.
This appears to have been fixed in libpoppler-glib8_0.85.0-1 in
experimental (or at least, I can't reproduce it in that version) so
perhaps there is a fix that can be backported.
Regards,
smcv
Thread 6 "EvJobScheduler" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f491e4ec700 (LWP 139528)]
0x00007f4926f67c7c in g_string_free (string=0xffffffff, free_segment=free_segment at entry=1) at ../../../glib/gstring.c:215
215 ../../../glib/gstring.c: No such file or directory.
(gdb) bt full
#0 0x00007f4926f67c7c in g_string_free (string=0xffffffff, free_segment=free_segment at entry=1) at ../../../glib/gstring.c:215
_g_boolean_var_ = <optimized out>
segment = <optimized out>
__func__ = "g_string_free"
#1 0x00007f491dc22c53 in poppler_attachment_finalize(GObject*) (obj=0x55d1dde5d460 [PopplerAttachment])
at ./glib/poppler-attachment.cc:88
attachment = 0x55d1dde5d460 [PopplerAttachment]
#2 0x00007f492703509e in g_object_unref (_object=<optimized out>) at ../../../gobject/gobject.c:3499
weak_locations = <optimized out>
old_ref = <optimized out>
__func__ = "g_object_unref"
object = 0x55d1dde5d460 [PopplerAttachment]
__func__ = "g_object_unref"
#3 g_object_unref (_object=0x55d1dde5d460) at ../../../gobject/gobject.c:3391
object = 0x55d1dde5d460 [PopplerAttachment]
__func__ = "g_object_unref"
#4 0x00007f491dc9817e in pdf_document_attachments_get_attachments(EvDocumentAttachments*) (document=<optimized out>)
at ev-poppler.cc:4222
ev_attachment = <optimized out>
data = 0x55d1de094960 "<?xml version='1.0' encoding='utf-8'?>\n<rfc xmlns:xi=\"http://www.w3.org/2001/XInclude\" version=\"3\" category=\"std\" consensus=\"true\" docName=\"draft-ietf-core-senml-more-units-06\" indexInclude=\"true\" ipr"...
attachment = 0x55d1dde5d460 [PopplerAttachment]
size = 51880
error = 0x0
pdf_document = <optimized out>
attachments = <optimized out>
list = 0x55d1ddb16c20 = {0x55d1dde5d460}
retval = 0x55d1ddb17180 = {0x55d1dde3b560}
#5 0x00007f4927d8b77a in ev_job_attachments_run (job=0x55d1dde5d630 [EvJobAttachments]) at ev-jobs.c:472
job_attachments = 0x55d1dde5d630 [EvJobAttachments]
#6 0x00007f4927d8d7da in ev_job_thread (job=0x55d1dde5d630 [EvJobAttachments]) at ev-job-scheduler.c:184
result = <optimized out>
job = 0x55d1ddc582f0
#7 ev_job_thread_proxy (data=<optimized out>) at ev-job-scheduler.c:217
job = 0x55d1ddc582f0
#8 0x00007f4926f6e52d in g_thread_proxy (data=0x55d1dde36580) at ../../../glib/gthread.c:807
thread = 0x55d1dde36580
__func__ = "g_thread_proxy"
#9 0x00007f4926d97f27 in start_thread (arg=<optimized out>) at pthread_create.c:479
ret = <optimized out>
pd = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {139952017819392, 4879852856656241710, 140730885663534, 140730885663535, 139952017816704, 139952017819392, -4815890835605576658, -4815766494322252754}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 0
#10 0x00007f4926cc931f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
More information about the Pkg-freedesktop-maintainers
mailing list