FS#70909 - [poppler] [evince] Evince crashes viewing PDF

Attached to Project: Arch Linux
Opened by Rabin Adhikari (rabinadk1) - Sunday, 16 May 2021, 16:48 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 06 June 2021, 09:25 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Andreas Radke (AndyRTR)
Jan Alexander Steffens (heftig)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
It has been multiple times when I am viewing a PDF and highlighting some texts and evince crashes unexpectedly.

Journalctl Stack Trace:
```
Process 25986 (evince) of user 1000 dumped core.

Stack trace of thread 25998:
#0 0x00007ffa608f8ef5 raise (libc.so.6 + 0x3cef5)
#1 0x00007ffa608e2862 abort (libc.so.6 + 0x26862)
#2 0x00007ffa6093af38 __libc_message (libc.so.6 + 0x7ef38)
#3 0x00007ffa60942bea malloc_printerr (libc.so.6 + 0x86bea)
#4 0x00007ffa60943acc unlink_chunk.constprop.0 (libc.so.6 + 0x87acc)
#5 0x00007ffa6094650a _int_malloc (libc.so.6 + 0x8a50a)
#6 0x00007ffa609477a1 malloc (libc.so.6 + 0x8b7a1)
#7 0x00007ffa5527f08c _ZN11Gfx8BitFontC2EP4XRefPKc3RefP9GooString11GfxFontTypeS4_P4Dict (libpoppl>
#8 0x00007ffa552837c1 _ZN7GfxFont8makeFontEP4XRefPKc3RefP4Dict (libpoppler.so.110 + 0x1607c1)
#9 0x00007ffa55283a25 n/a (libpoppler.so.110 + 0x160a25)
#10 0x00007ffa5526298d _ZN12GfxResourcesC2EP4XRefP4DictPS_ (libpoppler.so.110 + 0x13f98d)
#11 0x00007ffa5526f406 _ZN3GfxC2EP6PDFDocP9OutputDeviP4DictddPK12PDFRectangleS8_iPFbPvES9_P4XRef (>
#12 0x00007ffa552cdf3f _ZN4Page9createGfxEP9OutputDevddibbiiiibPFbPvES2_P4XRef (libpoppler.so.110 >
#13 0x00007ffa5548aada n/a (libpoppler-glib.so.8 + 0x23ada)
#14 0x00007ffa5548da7a poppler_page_get_image_mapping (libpoppler-glib.so.8 + 0x26a7a)
#15 0x00007ffa554e944d n/a (libpdfdocument.so + 0xb44d)
#16 0x00007ffa61b40804 n/a (libevview3.so.3 + 0x1e804)
#17 0x00007ffa61b3fed2 n/a (libevview3.so.3 + 0x1ded2)
#18 0x00007ffa6199f0c1 n/a (libglib-2.0.so.0 + 0x820c1)
#19 0x00007ffa6067d299 start_thread (libpthread.so.0 + 0x9299)
#20 0x00007ffa609bb053 __clone (libc.so.6 + 0xff053)

Stack trace of thread 26271:
#0 0x00007ffa609b5a9d syscall (libc.so.6 + 0xf9a9d)
#1 0x00007ffa619bf06b g_cond_wait_until (libglib-2.0.so.0 + 0xa206b)
#2 0x00007ffa619408b3 n/a (libglib-2.0.so.0 + 0x238b3)
#3 0x00007ffa619a1ddb n/a (libglib-2.0.so.0 + 0x84ddb)
#4 0x00007ffa6199f0c1 n/a (libglib-2.0.so.0 + 0x820c1)
#5 0x00007ffa6067d299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007ffa609bb053 __clone (libc.so.6 + 0xff053)

Stack trace of thread 26000:
#0 0x00007ffa609b037f __poll (libc.so.6 + 0xf437f)
#1 0x00007ffa544a1654 n/a (libpulse.so.0 + 0x33654)
#2 0x00007ffa5448a9a9 pa_mainloop_poll (libpulse.so.0 + 0x1c9a9)
#3 0x00007ffa54495281 pa_mainloop_iterate (libpulse.so.0 + 0x27281)
#4 0x00007ffa54495331 pa_mainloop_run (libpulse.so.0 + 0x27331)
#5 0x00007ffa544a57fe n/a (libpulse.so.0 + 0x377fe)
#6 0x00007ffa5443f5cc n/a (libpulsecommon-14.2.so + 0x565cc)
#7 0x00007ffa6067d299 start_thread (libpthread.so.0 + 0x9299)
#8 0x00007ffa609bb053 __clone (libc.so.6 + 0xff053)

Stack trace of thread 25986:
#0 0x00007ffa609b037f __poll (libc.so.6 + 0xf437f)
#1 0x00007ffa5fd4463b n/a (libxcb.so.1 + 0xc63b)
#2 0x00007ffa5fd4608f n/a (libxcb.so.1 + 0xe08f)
#3 0x00007ffa5fd46203 xcb_wait_for_reply64 (libxcb.so.1 + 0xe203)
#4 0x00007ffa5fee26e9 _XReply (libX11.so.6 + 0x416e9)
#5 0x00007ffa5ffef6ce XIQueryPointer (libXi.so.6 + 0xd6ce)
#6 0x00007ffa610bb10a n/a (libgdk-3.so.0 + 0x7f10a)
#7 0x00007ffa610d0905 n/a (libgdk-3.so.0 + 0x94905)
#8 0x00007ffa6108760e gdk_window_get_device_position_double (libgdk-3.so.0 + 0x4b60e)
#9 0x00007ffa6108780e gdk_window_get_device_position (libgdk-3.so.0 + 0x4b80e)
#10 0x00007ffa61b0a714 ev_document_misc_get_pointer_position (libevdocument3.so.4 + 0x18714)
#11 0x00007ffa61b5da75 n/a (libevview3.so.3 + 0x3ba75)
#12 0x00007ffa61970f30 g_main_context_dispatch (libglib-2.0.so.0 + 0x53f30)
#13 0x00007ffa619c4b59 n/a (libglib-2.0.so.0 + 0xa7b59)
#14 0x00007ffa6196e781 g_main_context_iteration (libglib-2.0.so.0 + 0x51781)
#15 0x00007ffa60da428e g_application_run (libgio-2.0.so.0 + 0xcd28e)
#16 0x00005650b9835650 n/a (evince + 0x1a650)
#17 0x00007ffa608e3b25 __libc_start_main (libc.so.6 + 0x27b25)
#18 0x00005650b98358be n/a (evince + 0x1a8be)

Stack trace of thread 25990:
#0 0x00007ffa609b037f __poll (libc.so.6 + 0xf437f)
#1 0x00007ffa619c4ae8 n/a (libglib-2.0.so.0 + 0xa7ae8)
#2 0x00007ffa61970593 g_main_loop_run (libglib-2.0.so.0 + 0x53593)
#3 0x00007ffa60dd95b8 n/a (libgio-2.0.so.0 + 0x1025b8)
#4 0x00007ffa6199f0c1 n/a (libglib-2.0.so.0 + 0x820c1)
#5 0x00007ffa6067d299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007ffa609bb053 __clone (libc.so.6 + 0xff053)

Stack trace of thread 25989:
#0 0x00007ffa609b037f __poll (libc.so.6 + 0xf437f)
#1 0x00007ffa619c4ae8 n/a (libglib-2.0.so.0 + 0xa7ae8)
#2 0x00007ffa6196e781 g_main_context_iteration (libglib-2.0.so.0 + 0x51781)
#3 0x00007ffa6196e7d2 n/a (libglib-2.0.so.0 + 0x517d2)
#4 0x00007ffa6199f0c1 n/a (libglib-2.0.so.0 + 0x820c1)
#5 0x00007ffa6067d299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007ffa609bb053 __clone (libc.so.6 + 0xff053)

Stack trace of thread 25997:
#0 0x00007ffa609b037f __poll (libc.so.6 + 0xf437f)
#1 0x00007ffa619c4ae8 n/a (libglib-2.0.so.0 + 0xa7ae8)
#2 0x00007ffa6196e781 g_main_context_iteration (libglib-2.0.so.0 + 0x51781)
#3 0x00007ffa565d3ebe n/a (libdconfsettings.so + 0x5ebe)
#4 0x00007ffa6199f0c1 n/a (libglib-2.0.so.0 + 0x820c1)
#5 0x00007ffa6067d299 start_thread (libpthread.so.0 + 0x9299)
#6 0x00007ffa609bb053 __clone (libc.so.6 + 0xff053)
```

Steps to reproduce:
View some PDFs and highlight some texts
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Sunday, 06 June 2021, 09:25 GMT
Reason for closing:  Fixed
Comment by SATO Tatsuya (tattsan) - Friday, 21 May 2021, 10:24 GMT
I downgraded evince to 3.38.2-1, but the app still crashes.
Around the same time that evince was upgraded to 40.1-1 , poppler was also upgraded.
I tried downgrading poppler to 21.04.0-2, and so far no crash has occurred.
Comment by Andreas Radke (AndyRTR) - Friday, 21 May 2021, 18:11 GMT
I can mark some text in a random PDF here with no issues. Please allow to check your PDF file or even better
ask/report upstream (poppler) to confirm whether your PDF is broken or there's some true bug in poppler/evince.
Comment by SATO Tatsuya (tattsan) - Saturday, 22 May 2021, 11:17 GMT
In my case, the crashes are random and not frequent. Because of this, I have not yet found a reproducible procedure and it will take some time to report accurately.
Comment by Marcin Mielniczuk (marmistrz) - Tuesday, 01 June 2021, 10:24 GMT
This is probably the same issue: https://gitlab.gnome.org/GNOME/evince/-/issues/1608
You can also find a core dump in the upstream issue.

A workaround is to use `G_SLICE=always-malloc`
Comment by SATO Tatsuya (tattsan) - Friday, 04 June 2021, 17:22 GMT
Poppler developer says that this bug may be fixed.
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1087
The fixed version of poppler is 21.06.1.

I'll continue testing with the Arch's poppler package 21.06.1-1.
Comment by Jan Alexander Steffens (heftig) - Friday, 04 June 2021, 18:21 GMT
Our poppler 21.06.0-1 contains an identical fix.

Loading...