Bug 378696 - Selecting annotation and reloading file crashes Okular
Summary: Selecting annotation and reloading file crashes Okular
Status: RESOLVED FIXED
Alias: None
Product: okular
Classification: Applications
Component: PDF backend (show other bugs)
Version: 1.0.0
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Okular developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-12 13:33 UTC by Oliver Sander
Modified: 2017-04-13 17:18 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Example pdf file with a single annotation (8.45 KB, application/pdf)
2017-04-12 13:33 UTC, Oliver Sander
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Sander 2017-04-12 13:33:19 UTC
Created attachment 104988 [details]
Example pdf file with a single annotation

The attached sample file contains nothing but a single freetext annotation.  It was created using LaTeX and the pdfcomment package.

1) Open the file in Okular
2) Click on the annotation
3) Press F5 to reload the file
4) -> Okular segfaults reproducibly

This happens with the current git master.  The backtrace is

Thread 1 "okular" received signal SIGSEGV, Segmentation fault.
0x00007fffd70d684b in Okular::AnnotationUtils::annotationGeometry (ann=0x555555ebec70, scaledWidth=256, scaledHeight=213461900)
    at /home/sander/okular/core/annotations.cpp:158
158         if ( ann->subType() == Annotation::AText && ( ( (TextAnnotation*)ann )->textType() == TextAnnotation::Linked ) )
(gdb) bt
#0  0x00007fffd70d684b in Okular::AnnotationUtils::annotationGeometry (ann=0x555555ebec70, scaledWidth=256, scaledHeight=213461900)
    at /home/sander/okular/core/annotations.cpp:158
#1  0x00007fffd74f86bd in MouseAnnotation::routePaint (this=0x555555becf90, painter=0x7fffffffac98, paintRect=...)
    at /home/sander/okular/ui/pageviewmouseannotation.cpp:275
#2  0x00007fffd750502e in PageView::paintEvent (this=0x555555bf5e10, pe=0x7fffffffb230) at /home/sander/okular/ui/pageview.cpp:1757
#3  0x00007ffff4945278 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#4  0x00007ffff4a2da0e in QFrame::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#5  0x00007fffd750dd32 in PageView::viewportEvent (this=0x555555bf5e10, e=0x7fffffffb230) at /home/sander/okular/ui/pageview.cpp:3318
#6  0x00007ffff3f8e741 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007ffff48fdb65 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#8  0x00007ffff4905341 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#9  0x00007ffff3f8e9e0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x00007ffff493dfda in QWidgetPrivate::sendPaintEvent(QRegion const&) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007ffff493e646 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#12 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#13 0x00007ffff493f239 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#15 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#16 0x00007ffff493f239 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#17 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#18 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#20 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#21 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#22 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#23 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#24 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#25 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#26 0x00007ffff493f34c in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#27 0x00007ffff493e1a4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#28 0x00007ffff490df8a in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#29 0x00007ffff490e147 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#30 0x00007ffff492cf8f in QWidgetPrivate::syncBackingStore() () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#31 0x00007ffff4945348 in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#32 0x00007ffff4a4492b in QMainWindow::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#33 0x00007ffff6dc8097 in KMainWindow::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5
#34 0x00007ffff6e0cbb5 in KXmlGuiWindow::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libKF5XmlGui.so.5
#35 0x00007ffff48fdb8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#36 0x00007ffff4905341 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#37 0x00007ffff3f8e9e0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#38 0x00007ffff490e965 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#39 0x00007ffff490f62d in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#40 0x00007ffff492f9c8 in QWidget::repaint(QRect const&) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#41 0x00007fffd750de67 in PageView::scrollContentsBy (this=0x555555bf5e10, dx=0, dy=1) at /home/sander/okular/ui/pageview.cpp:3330
#42 0x00007ffff4ab65e1 in QAbstractScrollAreaPrivate::_q_vslide(int) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#43 0x00007ffff3fba5e9 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#44 0x00007ffff49e947e in QAbstractSlider::valueChanged(int) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#45 0x00007ffff49e9b0b in QAbstractSlider::setValue(int) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#46 0x00007fffd75126e5 in PageView::scrollTo (this=0x555555bf5e10, x=0, y=4) at /home/sander/okular/ui/pageview.cpp:4148
#47 0x00007fffd7512621 in PageView::center (this=0x555555bf5e10, cx=688, cy=503) at /home/sander/okular/ui/pageview.cpp:4135
#48 0x00007fffd7502fc8 in PageView::slotRealNotifyViewportChanged (this=0x555555bf5e10, smoothMove=false) at /home/sander/okular/ui/pageview.cpp:1279
#49 0x00007fffd7517dba in PageView::qt_static_metacall (_o=0x555555bf5e10, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x555555e5f2e0)
    at /home/sander/okular/build/moc_pageview.cpp:301
#50 0x00007ffff3fbb499 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#51 0x00007ffff494546b in QWidget::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#52 0x00007ffff4a2da0e in QFrame::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#53 0x00007ffff4ab6e03 in QAbstractScrollArea::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#54 0x00007fffd7503bc2 in PageView::event (this=0x555555bf5e10, event=0x555555eb8a90) at /home/sander/okular/ui/pageview.cpp:1512
#55 0x00007ffff48fdb8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#56 0x00007ffff4905341 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#57 0x00007ffff3f8e9e0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#58 0x00007ffff3f9116d in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#59 0x00007ffff3fe2c43 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#60 0x00007fffef1f47f7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#61 0x00007fffef1f4a60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#62 0x00007fffef1f4b0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#63 0x00007ffff3fe304f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#64 0x00007ffff3f8c9ca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#65 0x00007ffff3f9513c in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#66 0x0000555555561308 in main (argc=2, argv=0x7fffffffe0d8) at /home/sander/okular/shell/main.cpp:85
Comment 1 Oliver Sander 2017-04-12 13:48:01 UTC
valgrind trace seems useful:

==24464== Invalid read of size 4
==24464==    at 0x1F11765C: QRect::height() const (qrect.h:261)
==24464==    by 0x1F19EC2B: PageViewItem::uncroppedHeight() const (pageviewutils.cpp:97)
==24464==    by 0x1F170676: MouseAnnotation::routePaint(QPainter*, QRect const&) (pageviewmouseannotation.cpp:275)
==24464==    by 0x1F17D02D: PageView::paintEvent(QPaintEvent*) (pageview.cpp:1757)
==24464==    by 0x7FAB277: QWidget::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
==24464==    by 0x8093A0D: QFrame::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
==24464==    by 0x1F185D31: PageView::viewportEvent(QEvent*) (pageview.cpp:3318)
==24464==    by 0x8CB0740: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1)
==24464==    by 0x7F63B64: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
==24464==    by 0x7F6B340: QApplication::notify(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
==24464==    by 0x8CB09DF: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1)
==24464==    by 0x7FA3FD9: QWidgetPrivate::sendPaintEvent(QRegion const&) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
==24464==  Address 0x1d06ebd0 is 48 bytes inside a block of size 104 free'd
==24464==    at 0x4C2D2DB: operator delete(void*) (vg_replace_malloc.c:576)
==24464==    by 0x1F17967F: PageView::notifySetup(QVector<Okular::Page*> const&, int) (pageview.cpp:962)
==24464==    by 0x1F4ED719: Okular::Document::closeDocument() (document.cpp:2614)
==24464==    by 0x1F0FDE99: Okular::Part::closeUrl(bool) (part.cpp:1660)
==24464==    by 0x1F0FDFFB: Okular::Part::closeUrl() (part.cpp:1681)
==24464==    by 0x1F0FE811: Okular::Part::slotDoFileDirty() (part.cpp:1805)
==24464==    by 0x1F103048: Okular::Part::slotReload() (part.cpp:2725)
==24464==    by 0x1F10ED57: QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (Okular::Part::*)()>::call(void (Okular::Part::*)(), Okular::Part*, void**) (qobjectdefs_impl.h:141)
==24464==    by 0x1F10DD8E: void QtPrivate::FunctionPointer<void (Okular::Part::*)()>::call<QtPrivate::List<>, void>(void (Okular::Part::*)(), Okular::Part*, void**) (qobjectdefs_impl.h:160)
==24464==    by 0x1F10C230: QtPrivate::QSlotObject<void (Okular::Part::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (qobject_impl.h:120)
==24464==    by 0x8CDC95D: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1)
==24464==    by 0x7F5D1C1: QAction::triggered(bool) (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
==24464==  Block was alloc'd at
==24464==    at 0x4C2C21F: operator new(unsigned long) (vg_replace_malloc.c:334)
==24464==    by 0x1F179767: PageView::notifySetup(QVector<Okular::Page*> const&, int) (pageview.cpp:976)
==24464==    by 0x1F4EC73A: Okular::Document::openDocument(QString const&, QUrl const&, QMimeType const&, QString const&) (document.cpp:2452)
==24464==    by 0x1F0FB57A: Okular::Part::doOpenFile(QMimeType const&, QString const&, bool*) (part.cpp:1292)
==24464==    by 0x1F0FC236: Okular::Part::openFile() (part.cpp:1414)
==24464==    by 0x4E5F810: ??? (in /usr/lib/x86_64-linux-gnu/libKF5Parts.so.5.28.0)
==24464==    by 0x4E606A3: KParts::ReadOnlyPart::openUrl(QUrl const&) (in /usr/lib/x86_64-linux-gnu/libKF5Parts.so.5.28.0)
==24464==    by 0x1F0FD58F: Okular::Part::openUrl(QUrl const&) (part.cpp:1567)
==24464==    by 0x11BB87: Shell::openUrl(QUrl const&, QString const&) (shell.cpp:277)
==24464==    by 0x11B666: Shell::openDocument(QUrl const&, QString const&) (shell.cpp:218)
==24464==    by 0x118ABB: Okular::main(QStringList const&, QString const&) (okular_main.cpp:170)
==24464==    by 0x1152AB: main (main.cpp:72)
==24464==
Comment 2 Oliver Sander 2017-04-12 13:50:45 UTC
As may be guessed from the valgrind trace, simply closing the document instead of reloading it triggers the crash as well.
Comment 3 Tobias Deiminger 2017-04-13 07:44:31 UTC
See https://git.reviewboard.kde.org/r/130087 for an attempt to fix this.

I have only limited possibilities to test the patch at the moment, sorry. Could you give it a try and tell me how it works for you?
Comment 4 Oliver Sander 2017-04-13 08:00:14 UTC
Hi Tobias,
thanks for the quick fix.  I tested it and it solves the problem for me.
--
Oliver
Comment 5 Albert Astals Cid 2017-04-13 17:18:56 UTC
Git commit 69dca1e7dd885f9a34c957994eafa7b69a752728 by Albert Astals Cid, on behalf of Tobias Deiminger.
Committed on 13/04/2017 at 17:17.
Pushed by aacid into branch 'Applications/17.04'.

Fix segfault when document is closed while annotation is selected

Prevent MouseAnnotation from accessing PageViewItem widgets any longer
after PageView deletes them in PageView::notifySetup().
REVIEW: 130087

M  +3    -0    ui/pageview.cpp
M  +7    -0    ui/pageviewmouseannotation.cpp
M  +3    -0    ui/pageviewmouseannotation.h

https://commits.kde.org/okular/69dca1e7dd885f9a34c957994eafa7b69a752728