415261 – Okular crash when trying to open certain djvu file

Bug 415261 - Okular crash when trying to open certain djvu file

Summary: Okular crash when trying to open certain djvu file

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	okular
Classification:	Applications
Component:	general (show other bugs)
Version:	1.4.0
Platform:	Debian stable Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Okular developers

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2019-12-16 21:17 UTC by Alex Dănilă
Modified:	2020-01-06 10:49 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
New crash information added by DrKonqi (8.18 KB, text/plain) 2020-01-05 12:03 UTC, Alex Dănilă	Details
valgrind output (6.28 KB, text/plain) 2020-01-05 12:10 UTC, Alex Dănilă	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Dănilă 2019-12-16 21:17:46 UTC

Application: okular (1.4.0)

Qt Version: 5.12.5
Frameworks Version: 5.62.0
Operating System: Linux 5.3.0-2-amd64 x86_64
Distribution: Debian GNU/Linux bullseye/sid

-- Information about the crash:
- What I was doing when the application crashed:
Tried to open a .djvu file. This replicates every time. The file is 90 MiB, but I can provide it privately. I'm almost sure I was able to open this file previously, less than a year ago.

The crash can be reproduced every time.

-- Backtrace:
Application: Okular (okular), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f676ff96800 (LWP 564425))]

Thread 4 (Thread 0x7f675ffff700 (LWP 564428)):
#0  futex_wait_cancelable (private=0, expected=0, futex_word=0x55b4550b8448) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
#1  __pthread_cond_wait_common (abstime=0x0, mutex=0x55b4550b83f8, cond=0x55b4550b8420) at pthread_cond_wait.c:502
#2  __pthread_cond_wait (cond=0x55b4550b8420, mutex=0x55b4550b83f8) at pthread_cond_wait.c:655
#3  0x00007f67648873eb in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#4  0x00007f6764887007 in ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#5  0x00007f6772fdcfb7 in start_thread (arg=<optimized out>) at pthread_create.c:486
#6  0x00007f6773a9a2df in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 3 (Thread 0x7f6767df1700 (LWP 564427)):
#0  0x00007f6773a8fd1f in __GI___poll (fds=0x7f6760004e30, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f677260309e in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f6760004e30, timeout=<optimized out>, context=0x7f6760000bf0) at ../../../glib/gmain.c:4216
#2  g_main_context_iterate (context=context@entry=0x7f6760000bf0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:3912
#3  0x00007f67726031bf in g_main_context_iteration (context=0x7f6760000bf0, may_block=may_block@entry=1) at ../../../glib/gmain.c:3978
#4  0x00007f677400d80b in QEventDispatcherGlib::processEvents (this=0x7f6760000b20, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#5  0x00007f6773fb671b in QEventLoop::exec (this=this@entry=0x7f6767df0d70, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:140
#6  0x00007f6773df7751 in QThread::exec (this=this@entry=0x7f677430bd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at ../../include/QtCore/../../src/corelib/global/qflags.h:120
#7  0x00007f677428a4e6 in QDBusConnectionManager::run (this=0x7f677430bd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at qdbusconnection.cpp:178
#8  0x00007f6773df88d2 in QThreadPrivate::start (arg=0x7f677430bd80 <(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at thread/qthread_unix.cpp:361
#9  0x00007f6772fdcfb7 in start_thread (arg=<optimized out>) at pthread_create.c:486
#10 0x00007f6773a9a2df in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 0x7f676ef8b700 (LWP 564426)):
#0  0x00007f6773a8fd1f in __GI___poll (fds=fds@entry=0x7f676ef8aca8, nfds=nfds@entry=1, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007f6773204cf7 in poll (__timeout=-1, __nfds=1, __fds=0x7f676ef8aca8) at /usr/include/x86_64-linux-gnu/bits/poll2.h:46
#2  _xcb_conn_wait (c=c@entry=0x55b454f16ea0, cond=cond@entry=0x55b454f16ee0, vector=vector@entry=0x0, count=count@entry=0x0) at ../../src/xcb_conn.c:479
#3  0x00007f677320691a in xcb_wait_for_event (c=c@entry=0x55b454f16ea0) at ../../src/xcb_in.c:697
#4  0x00007f676fb87cd0 in QXcbEventQueue::run (this=0x55b454f06610) at qxcbeventqueue.cpp:228
#5  0x00007f6773df88d2 in QThreadPrivate::start (arg=0x55b454f06610) at thread/qthread_unix.cpp:361
#6  0x00007f6772fdcfb7 in start_thread (arg=<optimized out>) at pthread_create.c:486
#7  0x00007f6773a9a2df in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f676ff96800 (LWP 564425)):
[KCrash Handler]
#6  std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=<error reading variable: Cannot access memory at address 0x5>) at /usr/include/c++/9/bits/atomic_base.h:413
#7  QAtomicOps<int>::load<int> (_q_value=<error reading variable: Cannot access memory at address 0x5>) at ../../include/QtCore/../../src/corelib/thread/qatomic_cxx11.h:227
#8  QBasicAtomicInteger<int>::load (this=<error reading variable: Cannot access memory at address 0x5>) at ../../include/QtCore/../../src/corelib/thread/qbasicatomic.h:103
#9  QtPrivate::RefCount::deref (this=<error reading variable: Cannot access memory at address 0x5>) at ../../include/QtCore/../../src/corelib/tools/qrefcount.h:66
#10 QString::operator= (this=0x5, other=...) at tools/qstring.cpp:2417
#11 0x00007f675f761c19 in Okular::Generator::walletDataForFile(QString const&, QString*, QString*, QString*) const () from /usr/lib/x86_64-linux-gnu/libOkular5Core.so.8
#12 0x00007f676697747a in Layers::notifySetup (this=0x55b4553df700) at ./ui/layers.cpp:54
#13 0x00007f67665b8a3b in Okular::Document::openDocument(QString const&, QUrl const&, QMimeType const&, QString const&) () from /usr/lib/x86_64-linux-gnu/libOkular5Core.so.9
#14 0x00007f67668db08b in Okular::Part::doOpenFile (this=this@entry=0x55b455025380, mimeA=..., fileNameToOpenA=..., isCompressedFile=isCompressedFile@entry=0x7ffc59f83ad7) at ./part.cpp:1383
#15 0x00007f67668db6d7 in Okular::Part::openFile (this=0x55b455025380) at ./part.cpp:1515
#16 0x00007f677570d85d in ?? () from /usr/lib/x86_64-linux-gnu/libKF5Parts.so.5
#17 0x00007f677570e7e6 in KParts::ReadOnlyPart::openUrl(QUrl const&) () from /usr/lib/x86_64-linux-gnu/libKF5Parts.so.5
#18 0x00007f67668ce486 in Okular::Part::openUrl (this=0x55b455025380, _url=..., swapInsteadOfOpening=<optimized out>) at ./part.cpp:1700
#19 0x000055b4549237ed in Shell::openUrl (this=this@entry=0x55b454f388f0, url=..., serializedOptions=...) at ./shell/shell.cpp:280
#20 0x000055b454923a12 in Shell::openDocument (this=this@entry=0x55b454f388f0, url=..., serializedOptions=...) at ./shell/shell.cpp:221
#21 0x000055b454923ab6 in Shell::openDocument (this=this@entry=0x55b454f388f0, url=..., serializedOptions=...) at ./shell/shell.cpp:208
#22 0x000055b45491d10c in Okular::main (paths=..., serializedOptions=...) at ./shell/okular_main.cpp:170
#23 0x000055b45491c7b5 in main (argc=<optimized out>, argv=<optimized out>) at ./shell/main.cpp:74
[Inferior 1 (process 564425) detached]

Possible duplicates by query: bug 414147, bug 413706, bug 413301, bug 410844, bug 410345.

Reported using DrKonqi

Comment 1 Tobias Deiminger 2019-12-17 00:33:55 UTC

Can you provide me with the file? I'll have a look.

From
> #10 QString::operator= (this=0x5, other=...) at tools/qstring.cpp:2417
> #11 0x00007f675f761c19 in Okular::Generator::walletDataForFile(QString const&, QString*, QString*, QString*) const () from /usr/lib/x86_64-linux-gnu/libOkular5Core.so.8
> #12 0x00007f676697747a in Layers::notifySetup (this=0x55b4553df700) at ./ui/layers.cpp:54
we see walletDataForFile is called with invalid pointers (0x5) to QString, and copy assignment segfaults in consequence.

But I don't see a possible code path to Okular::Generator::walletDataForFile via Layers::notifySetup as recorded in the backtrace (anyone?). Might be a vtable lookup on a bad instance, or something related to compiler optimization / inlining.

Comment 2 Albert Astals Cid 2019-12-17 22:27:48 UTC

We're going to need the file

Comment 3 Tobias Deiminger 2019-12-21 20:26:56 UTC

Can't reproduce a crash when opening your file. Tried with latest okular, and with packaged okular on Debian bullseye.

Can you try opening the file in djview4 instead of okular? If a crash happens there too, it would indicate an issue in the underlying libdjvulibre.

You could also try installing debug symbols and see if the next backtrace becomes more revealing:

echo "deb http://deb.debian.org/debian-debug/ bullseye-debug main" > /etc/apt/sources.list.d/debug.list
apt update && apt install libdjvulibre21-dbgsym libqt5core5a-dbgsym okular-dbgsym libokular5core8-dbgsym okular-extra-backends-dbgsym

Comment 4 Albert Astals Cid 2019-12-22 10:37:57 UTC

also maybe run okular throught valgrind and tell us the trace it gives you

valgrind okular filepath.djvu

Comment 5 Alex Dănilă 2020-01-05 12:03:23 UTC

Created attachment 124900 [details]
New crash information added by DrKonqi

okular (1.4.0) using Qt 5.12.5

Attached new information with more dbg packages installed. Will also do valgrind.

-- Backtrace (Reduced):
#6  0x00007ff0a905f5d3 in QHash<Okular::DocumentInfo::Key, QHashDummyValue>::findNode (this=this@entry=0x1, akey=akey@entry=@0x7ffd8d255060: Okular::DocumentInfo::MimeType, ahp=ahp@entry=0x0) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qhash.h:928
#7  0x00007ff0a905d616 in QHash<Okular::DocumentInfo::Key, QHashDummyValue>::contains (akey=@0x7ffd8d255060: Okular::DocumentInfo::MimeType, this=0x1) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qhash.h:906
#8  QSet<Okular::DocumentInfo::Key>::contains (value=@0x7ffd8d255060: Okular::DocumentInfo::MimeType, this=0x1) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qset.h:96
#9  DjVuGenerator::generateDocumentInfo (this=0x55a70ef9c828, keys=...) at ./generators/djvu/generator_djvu.cpp:127
#10 0x00007ff0aa5c790d in TOC::notifySetup (this=0x55a70efdf290, setupFlags=<optimized out>) at ./ui/toc.cpp:70

Comment 6 Alex Dănilă 2020-01-05 12:10:18 UTC

Created attachment 124901 [details]
valgrind output

Comment 7 Tobias Deiminger 2020-01-05 22:11:57 UTC

The new backtrace again shows a seemingly impossible call stack (DjVuGenerator::generateDocumentInfo should not be reachable via TOC::notifySetup).

This kind of error could happen if okular loads a binary incompatible version of the DjVu generator plugin okularGenerator_djvu.so. It seems at least possible, because
- Debian distributes okular and DjVu plugin in two different packages okular and okular-extra-backends
- bullseye is testing, something might have gone wrong during dist upgrade, leaving both packages out of sync
- generator API core/generator.h occasionally changed in a binary incompatible way

Can you check if both packages show same version? For me it's

$ dpkg -s okular | grep '^Version:'
Version: 4:17.12.2-2.2+b1
$ dpkg -s okular-extra-backends | grep '^Version:'
Version: 4:17.12.2-2.2+b1

Comment 8 Alex Dănilă 2020-01-06 06:45:02 UTC

You are right. Sorry for all this noise, I used to remember to check this stuff before reporting bugs (I often use KDE from Unstable to get newer versions of software).

$ dpkg -s okular | grep '^Version:'
Version: 4:18.04.0-1
$ dpkg -s okular-extra-backends | grep '^Version:'
Version: 4:17.12.2-2.2+b1

I installed a tested with a compatible okular-extra-backends from Experimental and it worked.