234369 – Okular crashes when opening some PDF files

Bug 234369 - Okular crashes when opening some PDF files

Summary: Okular crashes when opening some PDF files

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	okular
Classification:	Applications
Component:	general (show other bugs)
Version:	0.10.2
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Okular developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-04-14 18:35 UTC by Giovanni Beltrame
Modified:	2011-07-11 02:12 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
A sample input file that crashes okular (11.47 KB, application/pdf) 2010-04-14 21:03 UTC, Giovanni Beltrame	Details
A sample file that does NOT crash okular (25.48 KB, application/pdf) 2010-04-14 21:05 UTC, Giovanni Beltrame	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Giovanni Beltrame 2010-04-14 18:35:19 UTC

Application: okular (0.10.2)
KDE Platform Version: 4.4.2 (KDE 4.4.2)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-20-generic-pae i686
Distribution: Ubuntu lucid (development branch)

-- Information about the crash:
Some PDF files (generated either with LaTeX or MS Word) cause okular (or libpoppler) to crash on opening. The issue might be related to X, as the same files open without crashing when using NX.


The crash can be reproduced every time.

 -- Backtrace:
Application: Okular (okular), signal: Aborted
[Current thread is 1 (Thread 0xb55d4930 (LWP 20230))]

Thread 2 (Thread 0xb2367b70 (LWP 20231)):
[KCrash Handler]
#6  0xb77cd430 in __kernel_vsyscall ()
#7  0xb5f4a641 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb5f4da72 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb5f8148d in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb5f8b581 in ?? () from /lib/tls/i686/cmov/libc.so.6
#11 0xb5f8cdd8 in ?? () from /lib/tls/i686/cmov/libc.so.6
#12 0xb5f8febd in free () from /lib/tls/i686/cmov/libc.so.6
#13 0xb24dcab1 in gfree (p=0x0) at gmem.cc:310
#14 0xb24fd2f7 in ~SplashBitmap (this=0x400, __in_chrg=<value optimized out>) at SplashBitmap.cc:111
#15 0xb24116b6 in SplashOutputDev::startPage (this=0x8839900, pageNum=0, state=0xb2366a50) at SplashOutputDev.cc:977
#16 0xb25a34fd in Poppler::Page::renderToImage (this=0x88381d8, xres=122.64562992628628, yres=122.63834942807256, x=-1, y=-1, w=-1, h=-1, rotate=Poppler::Page::Rotate0) at poppler-page.cc:239
#17 0xb26066c7 in PDFPixmapGeneratorThread::run (this=0x87505c0) at ../../../../okular/generators/poppler/generator_pdf.cpp:1836
#18 0xb6c6532e in QThreadPrivate::start (arg=0x87505c0) at thread/qthread_unix.cpp:248
#19 0xb5b0d96e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#20 0xb5fed9de in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb55d4930 (LWP 20230)):
#0  0xb77cd430 in __kernel_vsyscall ()
#1  0xb5ffacc3 in ?? () from /lib/tls/i686/cmov/libc.so.6
#2  0xb5f91687 in ?? () from /lib/tls/i686/cmov/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Possible duplicates by query: bug 228512.

Reported using DrKonqi

Comment 1 Albert Astals Cid 2010-04-14 19:57:38 UTC

Attach any of those pdf please, also say which poppler version you are using.

Comment 2 Giovanni Beltrame 2010-04-14 21:03:26 UTC

Created attachment 42790 [details]
A sample input file that crashes okular

Comment 3 Giovanni Beltrame 2010-04-14 21:05:28 UTC

Created attachment 42791 [details]
A sample file that does NOT crash okular

Comment 4 Giovanni Beltrame 2010-04-14 21:07:38 UTC

I generated both examples using the same pdflatex (the bulk one from texlive/Ubuntu Lucid). My libpoppler version is 0.12.4-0ubuntu4.

Comment 5 Albert Astals Cid 2010-04-14 21:24:48 UTC

Works for me, can you please run the program though valgrind
$ valgrind okular somepdf.pdf
and paste the output here?

Comment 6 Giovanni Beltrame 2010-04-14 21:39:14 UTC

Valgrind doesn't seem to find anything special, and it prevents the glibc detected abort.
I have also noticed that Okular::Part works, for example, opening the same pdf in Kile's embedded viewer doesn't produce any crash.

I tried downgrading libpoppler to 0.12.0 (the only version readily available with packages) and it effectively prevents crashing, but also prevents any rendering (i.e. I see only white pages) :) 

Here is what glibc finds:

*** glibc detected *** okular: free(): invalid pointer: 0xb1010008 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b581)[0xb5f0c581]
/lib/tls/i686/cmov/libc.so.6(+0x6cdd8)[0xb5f0ddd8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb5f10ebd]
/usr/lib/libpoppler.so.5(gfree+0x21)[0xb244dab1]
/usr/lib/libpoppler.so.5(_ZN12SplashBitmapD1Ev+0x37)[0xb246e2f7]
[...]

Valgrind:

==30616== Memcheck, a memory error detector
==30616== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==30616== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==30616== Command: /usr/bin/okular cv.pdf
==30616== 
==30616== Conditional jump or move depends on uninitialised value(s)
==30616==    at 0x4F4E750: QX11PaintEngine::updateMatrix(QTransform const&) (qpaintengine_x11.cpp:2035)
==30616==    by 0x4F5A56A: QX11PaintEngine::updateState(QPaintEngineState const&) (qpaintengine_x11.cpp:1077)
==30616==    by 0x4E966F3: QPainterPrivate::updateStateImpl(QPainterState*) (qpainter.cpp:892)
==30616==    by 0x4E967BB: QPainterPrivate::updateState(QPainterState*) (qpainter.cpp:920)
==30616==    by 0x4EA17A6: QPainter::drawLines(QLineF const*, int) (qpainter.cpp:4616)
==30616==    by 0x68D5460: OxygenStyle::standardIconImplementation(QStyle::StandardPixmap, QStyleOption const*, QWidget const*) const (qpainter.h:534)
==30616==    by 0x68C7CD3: OxygenStyle::qt_metacall(QMetaObject::Call, int, void**) (oxygen.moc:80)
==30616==    by 0x4AE5C99: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==30616==    by 0x4AE9AC4: QMetaMethod::invoke(QObject*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) const (qmetaobject.cpp:1533)
==30616==    by 0x4AEA0CE: QMetaObject::invokeMethod(QObject*, char const*, Qt::ConnectionType, QGenericReturnArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument, QGenericArgument) (qmetaobject.cpp:1113)
==30616==    by 0x505558B: QStyle::standardIcon(QStyle::StandardPixmap, QStyleOption const*, QWidget const*) const (qstyle.cpp:2279)
==30616==    by 0x5216C9D: QToolBarExtension::setOrientation(Qt::Orientation) (qtoolbarextension.cpp:67)
==30616== 
okular(30616)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::writeConfig:
okular(30616)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::writeConfig:
okular(30616)/kdecore (KConfigSkeleton) KCoreConfigSkeleton::writeConfig:
==30616== Conditional jump or move depends on uninitialised value(s)
==30616==    at 0x7197E3F: PageView::resizeEvent(QResizeEvent*) (pageview.cpp:1235)
==30616==    by 0x4D89642: QWidget::event(QEvent*) (qwidget.cpp:8152)
==30616==    by 0x5185FD2: QFrame::event(QEvent*) (qframe.cpp:557)
==30616==    by 0x5220381: QAbstractScrollArea::viewportEvent(QEvent*) (qabstractscrollarea.cpp:1036)
==30616==    by 0x719DC4F: PageView::viewportEvent(QEvent*) (pageview.cpp:2241)
==30616==    by 0x5222C64: QAbstractScrollAreaFilter::eventFilter(QObject*, QEvent*) (qabstractscrollarea_p.h:100)
==30616==    by 0x4ADFCD9: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:819)
==30616==    by 0x4D2B4B8: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4296)
==30616==    by 0x4D320F8: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4265)
==30616==    by 0x44CBF29: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302)
==30616==    by 0x4AE0A3A: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704)
==30616==    by 0x4DDDA80: QWidgetPrivate::setGeometry_sys(int, int, int, int, bool) (qcoreapplication.h:215)
==30616== 
QInotifyFileSystemWatcherEngine::addPaths: inotify_add_watch failed: No such file or directory
QFileSystemWatcher: failed to add paths: /home/beltrame/.config/ibus/bus
Bus::open: Can not get ibus-daemon's address. 
IBusInputContext::createInputContext: no connection to ibus-daemon 
==30616== 
==30616== HEAP SUMMARY:
==30616==     in use at exit: 1,117,736 bytes in 6,323 blocks
==30616==   total heap usage: 611,127 allocs, 604,804 frees, 287,081,191 bytes allocated
==30616== 
==30616== LEAK SUMMARY:
==30616==    definitely lost: 984 bytes in 9 blocks
==30616==    indirectly lost: 858,240 bytes in 2,985 blocks
==30616==      possibly lost: 136,478 bytes in 1,179 blocks
==30616==    still reachable: 122,034 bytes in 2,150 blocks
==30616==         suppressed: 0 bytes in 0 blocks
==30616== Rerun with --leak-check=full to see details of leaked memory
==30616== 
==30616== For counts of detected and suppressed errors, rerun with: -v
==30616== Use --track-origins=yes to see where uninitialised values come from
==30616== ERROR SUMMARY: 31 errors from 2 contexts (suppressed: 223 from 15)

Comment 7 Albert Astals Cid 2010-04-14 22:04:46 UTC

I'm sorry, but if valgrind doesn't find nothing, i can only conclude ubuntu glibc is broken and is crashing on its own, maybe it's the return of the evil bug 196207 i don't know.

Comment 8 Albert Astals Cid 2010-07-11 17:41:52 UTC

Can you still reproduce the problem? Which glibc version do you use?

Comment 9 Albert Astals Cid 2011-07-10 20:53:51 UTC

The reporter doesn't seem to care anymore

Comment 10 Giovanni Beltrame 2011-07-11 02:12:18 UTC

I have switched to Ubuntu and I can't reproduce the issue anymore, no idea of what it might had been.