Bug#602545: evince: signal SIGFPE on certain PDF, may be a pattern rendering problem

Martin Weis Martin.Weis.newsadress at gmx.de
Fri Nov 5 18:47:36 UTC 2010 

Package: evince
Version: 2.30.3-1
Severity: normal
Tags: upstream


evince crashes reproducibly with signal SIGFPE on a certain PDF (similarly created/featured documents, too) on the squeeze release.
The document is rendered fine by kpdf/acroread. 

The document seems to contain an unreasonably high number of (identical) bitmaps, and this may be the reason for the failure.
pdfimages extracted no less than 73667 small (texture) images from the document...
This bug may be located/triggered in libpoppler, if so: sorry for the inconvenience.

I attach the backtrace and the PDF file for tests.

Thank you, evince usually runs fine.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages evince depends on:
ii  evince-common           2.30.3-1         Document (postscript, pdf) viewer 
ii  gconf2                  2.28.1-5         GNOME configuration database syste
ii  gnome-icon-theme        2.30.3-1         GNOME Desktop icon theme
ii  libatk1.0-0             1.30.0-1         The ATK accessibility toolkit
ii  libc6                   2.11.2-6         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-6         The Cairo 2D vector graphics libra
ii  libdbus-1-3             1.2.24-3         simple interprocess messaging syst
ii  libdbus-glib-1-2        0.88-2           simple interprocess messaging syst
ii  libevince2              2.30.3-1         Document (postscript, pdf) renderi
ii  libfontconfig1          2.8.0-2.1        generic font configuration library
ii  libfreetype6            2.4.2-1          FreeType 2 font engine, shared lib
ii  libgconf2-4             2.28.1-5         GNOME configuration database syste
ii  libglib2.0-0            2.24.2-1         The GLib library of C routines
ii  libgnome-keyring0       2.30.1-1         GNOME keyring services library
ii  libgtk2.0-0             2.20.1-2         The GTK+ graphical user interface 
ii  libice6                 2:1.0.6-1        X11 Inter-Client Exchange library
ii  libnautilus-extension1  2.30.1-2         libraries for nautilus components 
ii  libpango1.0-0           1.28.3-1         Layout and rendering of internatio
ii  libsm6                  2:1.1.1-1        X11 Session Management library
ii  libx11-6                2:1.3.3-3        X11 client-side library
ii  libxml2                 2.7.7.dfsg-4     GNOME XML library
ii  shared-mime-info        0.71-3           FreeDesktop.org shared MIME databa
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages evince recommends:
ii  dbus-x11                      1.2.24-3   simple interprocess messaging syst
ii  gvfs                          1.6.4-2    userspace virtual filesystem - ser

Versions of packages evince suggests:
ii  nautilus                      2.30.1-2   file manager and graphical shell f
pn  poppler-data                  <none>     (no description available)
ii  unrar                         1:3.9.10-1 Unarchiver for .rar files (non-fre

-- no debconf information
-------------- next part --------------
Starting program: /usr/bin/evince 
[Thread debugging using libthread_db enabled]
[New Thread 0xaee3bb70 (LWP 5258)]
[New Thread 0xae549b70 (LWP 5259)]
[New Thread 0xad983b70 (LWP 5260)]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0xae549b70 (LWP 5259)]
0xb727bd11 in repeat (image=0xad012540, offset=460, line=386, width=511, buffer=0xae541db0, mask=0xae5425ac, mask_bits=4294967295) at ../../pixman/pixman-bits-image.c:144
144	../../pixman/pixman-bits-image.c: Datei oder Verzeichnis nicht gefunden.
	in ../../pixman/pixman-bits-image.c
#0  0xb727bd11 in repeat (image=0xad012540, offset=460, line=386, width=511, buffer=0xae541db0, mask=0xae5425ac, mask_bits=4294967295) at ../../pixman/pixman-bits-image.c:144
#1  bits_image_fetch_pixel_bilinear (image=0xad012540, offset=460, line=386, width=511, buffer=0xae541db0, mask=0xae5425ac, mask_bits=4294967295)
    at ../../pixman/pixman-bits-image.c:210
#2  bits_image_fetch_pixel_filtered (image=0xad012540, offset=460, line=386, width=511, buffer=0xae541db0, mask=0xae5425ac, mask_bits=4294967295)
    at ../../pixman/pixman-bits-image.c:336
#3  bits_image_fetch_transformed (image=0xad012540, offset=460, line=386, width=511, buffer=0xae541db0, mask=0xae5425ac, mask_bits=4294967295)
    at ../../pixman/pixman-bits-image.c:395
#4  0xb724edd9 in _pixman_image_get_scanline_32 (image=0xad012540, x=460, y=386, width=511, buffer=0xae541db0, mask=0xae5425ac, mask_bits=4294967295)
    at ../../pixman/pixman-image.c:151
#5  0xb7274a6d in general_composite_rect (imp=0x8230500, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, 
    dest_x=460, dest_y=386, width=511, height=72) at ../../pixman/pixman-general.c:211
#6  0xb727c80a in walk_region_internal (imp=<value optimized out>, op=<value optimized out>, src_image=0xad012540, mask_image=0xad008930, dst_image=0xad015e40, src_x=460, 
    src_y=386, mask_x=0, mask_y=0, dest_x=460, dest_y=386, width=511, height=72, src_repeat=0, mask_repeat=0, region=0xae547efc, 
    composite_rect=0xb7274770 <general_composite_rect>) at ../../pixman/pixman-utils.c:447
#7  0xb727da2a in _pixman_walk_composite_region (imp=0x8230500, op=PIXMAN_OP_OVER, src_image=0xad012540, mask_image=0xad008930, dst_image=0xad015e40, src_x=460, 
    src_y=<value optimized out>, mask_x=0, mask_y=<value optimized out>, dest_x=<value optimized out>, dest_y=386, width=511, height=72, 
    composite_rect=0xb7274770 <general_composite_rect>) at ../../pixman/pixman-utils.c:493
#8  0xb7274763 in general_composite (imp=0x8230500, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=<value optimized out>, 
    src_y=<value optimized out>, mask_x=<value optimized out>, mask_y=<value optimized out>, dest_x=<value optimized out>, dest_y=<value optimized out>, 
    width=<value optimized out>, height=<value optimized out>) at ../../pixman/pixman-general.c:270
#9  0xb724f953 in _pixman_implementation_composite (imp=0x8230500, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, 
    dest_x=460, dest_y=386, width=511, height=72) at ../../pixman/pixman-implementation.c:229
#10 0xb727675e in fast_path_composite (imp=0x8230908, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, dest_x=460, 
    dest_y=386, width=511, height=72) at ../../pixman/pixman-fast-path.c:1314
#11 0xb724f953 in _pixman_implementation_composite (imp=0x8230908, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, 
    dest_x=460, dest_y=386, width=511, height=72) at ../../pixman/pixman-implementation.c:229
#12 0xb7281b63 in mmx_composite (imp=0x8230d10, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, dest_x=460, 
    dest_y=386, width=511, height=72) at ../../pixman/pixman-mmx.c:3326
#13 0xb724f953 in _pixman_implementation_composite (imp=0x8230d10, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, 
    dest_x=460, dest_y=386, width=511, height=72) at ../../pixman/pixman-implementation.c:229
#14 0xb7288289 in sse2_composite (imp=0x8231118, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, dest_x=460, 
    dest_y=386, width=511, height=72) at ../../pixman/pixman-sse2.c:5709
#15 0xb724f953 in _pixman_implementation_composite (imp=0x8231118, op=PIXMAN_OP_OVER, src=0xad012540, mask=0xad008930, dest=0xad015e40, src_x=460, src_y=386, mask_x=0, mask_y=0, 
    dest_x=460, dest_y=386, width=511, height=72) at ../../pixman/pixman-implementation.c:229
#16 0xb72755df in pixman_image_composite (op=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece.
) at ../../pixman/pixman.c:204
#17 0xb791269e in _cairo_image_surface_composite (op=CAIRO_OPERATOR_OVER, src_pattern=0xad0088c8, mask_pattern=0xae5485a4, abstract_dst=0xad005aa0, src_x=<value optimized out>, 
    src_y=<value optimized out>, mask_x=0, mask_y=0, dst_x=<value optimized out>, dst_y=<value optimized out>, width=<value optimized out>, height=<value optimized out>)
    at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-image-surface.c:994
#18 0xb7928926 in _cairo_surface_composite (op=CAIRO_OPERATOR_OVER, src=0xad0088c8, mask=0xae5485a4, dst=0xad005aa0, src_x=460, src_y=386, mask_x=0, mask_y=0, dst_x=460, 
    dst_y=386, width=511, height=72) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-surface.c:1295
#19 0xb792a415 in _clip_and_composite_with_mask (clip=<value optimized out>, op=CAIRO_OPERATOR_OVER, src=0xad0088c8, draw_func=0xb792b490 <_composite_traps_draw_func>, 
    draw_closure=0xae5487c8, dst=0xad005aa0, extents=0xae5487b8) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-surface-fallback.c:175
#20 _clip_and_composite (clip=<value optimized out>, op=CAIRO_OPERATOR_OVER, src=0xad0088c8, draw_func=0xb792b490 <_composite_traps_draw_func>, draw_closure=0xae5487c8, 
    dst=0xad005aa0, extents=0xae5487b8) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-surface-fallback.c:383
#21 0xb792aed7 in _clip_and_composite_trapezoids (src=<value optimized out>, op=CAIRO_OPERATOR_OVER, dst=0xad005aa0, traps=0xae548824, clip=0xad0079d4, 
    antialias=CAIRO_ANTIALIAS_DEFAULT) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-surface-fallback.c:660
#22 0xb792b47a in _cairo_surface_fallback_fill (surface=0xad005aa0, op=CAIRO_OPERATOR_OVER, source=0xad0088c8, path=0xad0163c8, fill_rule=CAIRO_FILL_RULE_EVEN_ODD, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-surface-fallback.c:902
#23 0xb7927987 in _cairo_surface_fill (surface=0xad005aa0, op=CAIRO_OPERATOR_OVER, source=0xae548954, path=0xad0163c8, fill_rule=CAIRO_FILL_RULE_EVEN_ODD, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-surface.c:1692
#24 0xb790e7e6 in _cairo_gstate_fill (gstate=0xad007950, path=0xad0163c8) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo-gstate.c:1021
#25 0xb790891d in *INT_cairo_fill_preserve (cr=0xad016240) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo.c:2179
#26 0xb7908942 in cairo_fill (cr=0xad016240) at /build/buildd-cairo_1.8.10-6-i386-6jOwL1/cairo-1.8.10/src/cairo.c:2155
#27 0xadd12429 in CairoOutputDev::tilingPatternFill (this=0x822aa68, state=0xad007ab8, str=0xad006364, paintType=1, resDict=0xad012a10, mat=0xae548d00, bbox=0xad0062f8, x0=275, 
    y0=-275, x1=582, y1=-231, xStep=0.96000000000000008, yStep=0.96000000000000008) at CairoOutputDev.cc:714
#28 0xadab6477 in Gfx::doTilingPatternFill (this=0xad004d90, tPat=0xad0062e8, stroke=0, eoFill=1) at Gfx.cc:2009
#29 0xadabac23 in Gfx::doPatternFill (this=0xad004d90, eoFill=1) at Gfx.cc:1806
#30 0xadabb260 in Gfx::opEOFill (this=0xad004d90, args=0xae548e44, numArgs=0) at Gfx.cc:1701
#31 0xadab1256 in Gfx::execOp (this=0xad004d90, cmd=0xae548fe4, args=0xae548e44, numArgs=0) at Gfx.cc:794
#32 0xadab1879 in Gfx::go (this=0xad004d90, topLevel=1) at Gfx.cc:665
#33 0xadab2269 in Gfx::display (this=0xad004d90, obj=0xae5490e4, topLevel=1) at Gfx.cc:634
#34 0xadaff1f0 in Page::displaySlice (this=0x8248398, out=0x822aa68, hDPI=72, vDPI=72, rotate=0, useMediaBox=0, crop=1, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=0, 
    catalog=0x82486c8, abortCheckCbk=0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at Page.cc:474
#35 0xadd07f51 in _poppler_page_render (page=0x822ac20, cairo=0xad016240, printing=0) at poppler-page.cc:560
#36 0xadd45fa9 in pdf_page_render (document=0x8208578, rc=0x822ac40) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./backend/pdf/ev-poppler.cc:402
#37 pdf_document_render (document=0x8208578, rc=0x822ac40) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./backend/pdf/ev-poppler.cc:452
#38 0xb7faf938 in ev_document_render (document=0x8208578, rc=0x822ac40) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./libdocument/ev-document.c:445
#39 0xb7f7fed1 in ev_job_render_run (job=0x818c5a0) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./libview/ev-jobs.c:491
#40 0xb7f7ce11 in ev_job_run (job=0x818c5a0) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./libview/ev-jobs.c:210
#41 0xb7f809f8 in ev_job_thread (data=0x0) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./libview/ev-job-scheduler.c:183
#42 ev_job_thread_proxy (data=0x0) at /build/buildd-evince_2.30.3-1-i386-YyrmzQ/evince-2.30.3/./libview/ev-job-scheduler.c:213
#43 0xb74df6cf in g_thread_create_proxy (data=0x8237a88) at /build/buildd-glib2.0_2.24.2-1-i386-AScyie/glib2.0-2.24.2/glib/gthread.c:1893
#44 0xb75e4955 in start_thread (arg=0xae549b70) at pthread_create.c:300
#45 0xb73c4e7e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
A debugging session is active.

	Inferior 1 [process 5255] will be killed.

Quit anyway? (y or n) 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dummy_text.pdf
Type: application/pdf
Size: 98013 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20101105/196cfa89/attachment-0001.pdf>

More information about the pkg-gnome-maintainers mailing list