Bug 16432

Summary: Evince segfaults on document update.
Product: Mageia Reporter: Herbert Poetzl <herbert>
Component: RPM PackagesAssignee: GNOME maintainers <gnome>
Status: RESOLVED OLD QA Contact:
Severity: critical    
Priority: Normal CC: danielosmari, herbert, jani.valimaa, marja11, olav
Version: 5   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: evince-3.14.0-1.mga5.src.rpm CVE:
Status comment:

Description Herbert Poetzl 2015-07-21 12:09:22 CEST 
Description of problem:
When a document is opened and it gets updated, evince crashes with a segfault.

Version-Release number of selected component (if applicable):
GNOME Document Viewer 3.14.0

How reproducible:
Always

Steps to Reproduce:
1. echo test | a2ps >test.ps
2. evince test.ps &
3. echo test | a2ps >test.ps

Program received signal SIGSEGV, Segmentation fault.
0x0000000000438d32 in ev_window_title_update ()
(gdb) where
#0  0x0000000000438d32 in ev_window_title_update ()
#1  0x0000000000434a2e in ev_window_document_changed_cb ()
#5  0x00007ffff5a37082 in <emit signal notify:document on instance 0x8bb980 [EvDocumentModel]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3365
    #2  0x00007ffff5a1d0e5 in g_closure_invoke (closure=0xb08cc0, return_value=0x0, n_param_values=2, param_values=0x7fffffffd500, invocation_hint=0x7fffffffd4a0) at gclosure.c:768
    #3  0x00007ffff5a2e75c in signal_emit_unlocked_R (node=node@entry=0x676450, detail=detail@entry=1278, instance=instance@entry=0x8bb980, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffffffd500) at gsignal.c:3553
    #4  0x00007ffff5a36e4c in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd698) at gsignal.c:3309
#6  0x00007ffff5a21505 in g_object_dispatch_properties_changed (object=0xbed380, n_pspecs=11070736, pspecs=0x25) at gobject.c:1056
#7  0x00007ffff5a2383b in g_object_notify (pspec=<optimized out>, object=0x8bb980 [EvDocumentModel]) at gobject.c:1149
#8  0x00007ffff5a2383b in g_object_notify (object=0x8bb980 [EvDocumentModel], property_name=<optimized out>) at gobject.c:1197
#9  0x0000000000432d0c in ev_window_reload_job_cb ()
#10 0x00007ffff5a1d314 in _g_closure_invoke_va (closure=0xbed380, closure@entry=0xbb7dd0, return_value=0xa8ed10, return_value@entry=0x0, instance=0x25, instance@entry=0x7fffe4003b20, args=0xbed380, 
    args@entry=0x7fffffffd9d8, n_params=65264, param_types=0x8bbc00) at gclosure.c:831
#11 0x00007ffff5a36788 in g_signal_emit_valist (instance=0x7fffe4003b20, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffd9d8) at gsignal.c:3218
#12 0x00007ffff5a37082 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3365
#13 0x00007ffff796a7c3 in emit_finished () at /lib64/libevview3.so.3
#14 0x00007ffff5748b7d in g_main_context_dispatch (context=0x6a98d0) at gmain.c:3111
#15 0x00007ffff5748b7d in g_main_context_dispatch (context=context@entry=0x6a98d0) at gmain.c:3710
#16 0x00007ffff5748f18 in g_main_context_iterate (context=context@entry=0x6a98d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3781
#17 0x00007ffff5748fbc in g_main_context_iteration (context=0x6a98d0, context@entry=0x0, may_block=may_block@entry=1) at gmain.c:3842
#18 0x00007ffff5d0071c in g_application_run (application=0x845110 [EvApplication], argc=0, argv=0x0) at gapplication.c:2282
#19 0x000000000041c373 in main ()


Reproducible: 

Steps to Reproduce:
Thierry Vignaud 2015-07-31 09:32:45 CEST

CC: (none) => olav

Comment 1 Jani Välimaa 2015-08-04 16:29:20 CEST 
Is this still happening with evince 3.14.2-1.mga5 (and glib 2.42.1-2.1.mga5) updates from bug 16516?

CC: (none) => jani.valimaa

Comment 2 Herbert Poetzl 2015-08-04 17:37:23 CEST 
Yep, actually evince now segfaults when opening the PS file.

Starting program: /usr/bin/evince test.ps
warning: the debug information found in "/usr/lib/debug/usr/lib64/libglib-2.0.so.0.4200.1.debug" does not match "/lib64/libglib-2.0.so.0" (CRC mismatch).

warning: the debug information found in "/usr/lib/debug//usr/lib64/libglib-2.0.so.0.4200.1.debug" does not match "/lib64/libglib-2.0.so.0" (CRC mismatch).

warning: the debug information found in "/usr/lib/debug/usr/lib64//libglib-2.0.so.0.4200.1.debug" does not match "/lib64/libglib-2.0.so.0" (CRC mismatch).

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffebd30700 (LWP 3516)]
[New Thread 0x7fffea4b7700 (LWP 3517)]
[New Thread 0x7fffe9cb6700 (LWP 3518)]
[New Thread 0x7fffdbfff700 (LWP 3519)]
[New Thread 0x7fffdb7fe700 (LWP 3520)]
[New Thread 0x7fffd2e90700 (LWP 3522)]
[New Thread 0x7fffd268f700 (LWP 3523)]
undefined -21

(evince:3511): EvinceDocument-CRITICAL **: ev_document_misc_pixbuf_from_surface: assertion 'surface' failed
undefined -21
undefined -21

Program received signal SIGSEGV, Segmentation fault.
INT_cairo_surface_set_device_scale (surface=0x0, x_scale=1, y_scale=1) at cairo-surface.c:1686
1686	    if (unlikely (surface->status))
(gdb) where
#0  0x00007ffff64b3ac0 in INT_cairo_surface_set_device_scale (surface=0x0, x_scale=1, y_scale=1) at cairo-surface.c:1686
#1  0x0000000000440b2f in thumbnail_job_completed_callback ()
#2  0x00007ffff5a1d314 in _g_closure_invoke_va (closure=0x0, closure@entry=0xc76310, return_value=0x67f570, return_value@entry=0x0, instance=0xb3c0c0, instance@entry=0x705730, args=0x1, 
    args@entry=0x7fffffffd9b8, n_params=6788928, param_types=0xa56ef0) at gclosure.c:831
#3  0x00007ffff5a36788 in g_signal_emit_valist (instance=0x705730, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fffffffd9b8) at gsignal.c:3218
#4  0x00007ffff5a37082 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3365
#5  0x00007ffff796a7c3 in emit_finished () at /lib64/libevview3.so.3
#6  0x00007ffff5748b7d in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#7  0x00007ffff5748f18 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#8  0x00007ffff5748fbc in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#9  0x00007ffff5d0071c in g_application_run (application=0x86e120, argc=0, argv=0x0) at gapplication.c:2282
#10 0x000000000041c4d3 in main ()

CC: (none) => herbert

Daniel Osmari 2015-08-11 14:42:22 CEST

CC: (none) => danielosmari

Olav Vitters 2016-09-19 10:32:03 CEST

Assignee: bugsquad => gnome

Comment 3 Marja Van Waes 2018-04-29 09:26:43 CEST 
Hi Herbert,

Thank you for having taken the needed time to report this issue!

Did this bug get fixed? If so, please change its status to RESOLVED - FIXED

If it didn't, then we regret that we weren't able to fix it in Mageia 5. Mageia 5 has officially reached its End of Life on December 31st, 2017 https://blog.mageia.org/en/2017/11/07/mageia-5-eol-postponed/
It only continued to get important security updates since then, because we are waiting for a big Plasma5 update in Mageia 6, that'll fix many of the Mageia 5 => 6 upgrade issues.

If you haven't seen that this bug got fixed, then please check whether this bug still exists in Mageia 6. If it does, then please change the Version (near the top, at the left) to "6". If you know it exists in Cauldron, then change Version to Cauldron. If you see it in both Cauldron and Mageia 6, then please set Version to Cauldron and add MGA6TOO on the Whiteboard.

Thanks,
Marja

CC: (none) => marja11

Comment 4 Marja Van Waes 2018-10-07 16:24:39 CEST 
No reply, so closing as OLD since Mageia 5 is no longer maintained.

Resolution: (none) => OLD
Status: NEW => RESOLVED