Ubuntu
poppler package

evince crashed with SIGSEGV in INT_cairo_set_source()

Bug #1034229 reported by userdce
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Poppler
Fix Released
Medium
poppler (Ubuntu)
Fix Released
Medium
Unassigned
Quantal
Won't Fix
Low
Unassigned

Bug Description

Tried to move to next page in pdf file and this bug appeared.

ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: evince 3.5.5-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-8.8-generic 3.5.0
Uname: Linux 3.5.0-8-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.4-0ubuntu6
Architecture: amd64
Date: Tue Aug 7 22:50:45 2012
ExecutablePath: /usr/bin/evince
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120804.1)
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-3.5.0-8-generic root=UUID=c2749d03-1d36-4f0a-87e2-434efa3540a2 ro quiet splash vt.handoff=7
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f4b8d832c81 <cairo_set_source+1>: mov 0x4(%rdi),%eax
 PC (0x7f4b8d832c81) ok
 source "0x4(%rdi)" (0x00000004) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
 cairo_set_source () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
 CairoOutputDev::setSoftMaskFromImageMask(GfxState*, Object*, Stream*, int, int, bool, bool, double*) () from /usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
 Gfx::doPatternImageMask(Object*, Stream*, int, int, bool, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.26
 Gfx::doImage(Object*, Stream*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.26
 Gfx::opXObject(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.26
Title: evince crashed with SIGSEGV in cairo_set_source()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Revision history for this message
userdce (userdce) wrote :
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 INT_cairo_set_source (cr=0x0, source=0x7f4b48172d60) at /build/buildd/cairo-1.12.2/src/cairo.c:794
 CairoOutputDev::setSoftMaskFromImageMask(GfxState*, Object*, Stream*, int, int, bool, bool, double*) () from /tmp/tmpcpmN27/usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
 Gfx::doPatternImageMask(Object*, Stream*, int, int, bool, bool) () from /tmp/tmpcpmN27/usr/lib/x86_64-linux-gnu/libpoppler.so.26
 Gfx::doImage(Object*, Stream*, bool) () from /tmp/tmpcpmN27/usr/lib/x86_64-linux-gnu/libpoppler.so.26
 Gfx::opXObject(Object*, int) () from /tmp/tmpcpmN27/usr/lib/x86_64-linux-gnu/libpoppler.so.26

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in evince (Ubuntu):
importance: Undecided → Medium
summary: - evince crashed with SIGSEGV in cairo_set_source()
+ evince crashed with SIGSEGV in INT_cairo_set_source()
tags: removed: need-amd64-retrace
Jamie Strandboge (jdstrand)
tags: removed: apparmor
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in evince (Ubuntu):
status: New → Confirmed
Revision history for this message
Linards Ticmanis (ticmanis) wrote :

My bug report would've included a much more complete stack trace, but still I was sent here. Oh well...

Revision history for this message
In , Ross Lagerwall (rosslagerwall) wrote :

Created attachment 70006
test case

The attached file causes poppler to segfault when poppler_page_get_image_mapping () is called.

The reason being that:
> image_dev = new CairoImageOutputDev();
 is run and eventually:
CairoOutputDev::setSoftMaskFromImageMask()
is called but image_dev->setCairo() is never called.

This was introduced in 9c092e17e8f0cf0335b431a223e6e44bddc27e64, "[xpdf] More Splash and Gfx changes from Thomas."

To repeat, open broken.pdf with evince.

Revision history for this message
In , Adrian Johnson (ajohnson-redneon) wrote :

Created attachment 70065
fix crash

Revision history for this message
In , Ross Lagerwall (rosslagerwall) wrote :

I can confirm the patch does fix the crash.

Revision history for this message
In , Albert Astals Cid (aacid) wrote :

Carlos are you handling this?

Revision history for this message
In , Carlos Garcia Campos (carlosgc) wrote :

Comment on attachment 70065
fix crash

Review of attachment 70065:
-----------------------------------------------------------------

LGTM, please push it, thanks!

Revision history for this message
In , Adrian Johnson (ajohnson-redneon) wrote :

pushed

Revision history for this message
madbiologist (me-again) wrote :

Sorry about that Linards. If I recall correctly you can overide that by selecting "This is not my bug" or "No. Report a new bug" or something similar. I might be mistaken though.

Anyway, I think this bug might be the same as https://bugs.freedesktop.org/show_bug.cgi?id=57067 which is fixed upstream in poppler 0.21.2 (0.22 Beta 2), as per:

core:
CairoOutputDev: Fix crash in CairoImageOutputDev with setSoftMaskFromImageMask (Bug #57067)

Sebastien Bacher (seb128)
affects: evince (Ubuntu) → poppler (Ubuntu)
Changed in poppler (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Sebastien Bacher (seb128) wrote :

The issue got fixed in http://cgit.freedesktop.org/poppler/poppler/commit/?id=e0d0177562ff546b59b3bc8eb68a08dc740d6f6c ... that should be backported to raring

Revision history for this message
madbiologist (me-again) wrote :

Raring is not targeting poppler 0.22? It would be good to backport (or even SRU) the commit mentioned in comment #9 to Quantal and to Precise.

Revision history for this message
Sebastien Bacher (seb128) wrote :

No, it's not, we are defaulting to track stable serie of GNOME and other desktop components for increasing stability

Changed in poppler (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package poppler - 0.20.5-0ubuntu2

---------------
poppler (0.20.5-0ubuntu2) raring; urgency=low

  * debian/patches/git_mask_segfault.patch:
    - don't segfault in setSoftMaskFromImageMask (lp: #1034229)
  * debian/patches/git_no_buggy_check.patch:
    "Don't do a check for sanity that then we don't use" (lp: #1020162)
 -- Sebastien Bacher <email address hidden> Mon, 03 Dec 2012 18:47:40 +0100

Changed in poppler (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
In , Adrian Johnson (ajohnson-redneon) wrote :

*** Bug 52230 has been marked as a duplicate of this bug. ***

Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Unknown → Medium
status: Unknown → Fix Released
Revision history for this message
madbiologist (me-again) wrote :

Any chance of an SRU for Quantal?

Revision history for this message
Sebastien Bacher (seb128) wrote :

@SRU for Quantal: that seems like a valid candidate, there is an SRU already in proposed that needs to be cleared out first though

Changed in poppler (Ubuntu Quantal):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Rolf Leggewie (r0lf) wrote :

quantal has seen the end of its life and is no longer receiving any updates. Marking the quantal task for this ticket as "Won't Fix".

Changed in poppler (Ubuntu Quantal):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.