Bug 435626 - Okular crashes when trying to modify a form-pdf
Summary: Okular crashes when trying to modify a form-pdf
Status: RESOLVED UPSTREAM
Alias: None
Product: okular
Classification: Applications
Component: general (show other bugs)
Version: 1.11.1
Platform: Fedora RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: Okular developers
URL:
Keywords: drkonqi
Depends on:
Blocks:
 
Reported: 2021-04-11 18:22 UTC by Emanuele Spirito
Modified: 2021-04-19 22:22 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
The pdf-form written in the bug description (698.89 KB, application/pdf)
2021-04-12 09:49 UTC, Emanuele Spirito
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Emanuele Spirito 2021-04-11 18:22:03 UTC
Application: okular (1.11.1)

Qt Version: 5.15.2
Frameworks Version: 5.79.0
Operating System: Linux 5.11.11-200.fc33.x86_64 x86_64
Windowing system: X11
Distribution: Fedora 33 (KDE Plasma)

-- Information about the crash:
- What I was doing when the application crashed:
I opened a pdf with okular. The pdf has been opened correctly. The pdf contained a form, so I used the suggestion (Visualize->See forms) to start the modify-mode. When entered the modify-mode, I saw changing font of the form field. So, I clicked on one field and okular crashed. 
Something odd I noticed is that not all the form field of the pdf were marked up as form field while in the modify-mode. Indeed I opened the same pdf-form with Chromium and there I could see many more fields than the ones seen in okular.

The crash can be reproduced every time.

-- Backtrace:
Application: Okular (okular), signal: Segmentation fault

[KCrash Handler]
#4  0x00007f75b0361bf1 in Poppler::Document::formCalculateOrder() const () from /lib64/libpoppler-qt5.so.1
#5  0x00007f75b03e3d4f in PDFGenerator::metaData(QString const&, QVariant const&) const () from /usr/lib64/qt5/plugins/okular/generators/okularGenerator_poppler.so
#6  0x00007f75b3560a61 in Okular::Document::metaData(QString const&, QVariant const&) const () from /lib64/libOkular5Core.so.9
#7  0x00007f75b3550343 in Okular::DocumentPrivate::recalculateForms() () from /lib64/libOkular5Core.so.9
#8  0x00007f75b3576fd7 in Okular::EditFormButtonsCommand::redo() () from /lib64/libOkular5Core.so.9
#9  0x00007f75ccd1019a in QUndoStack::push(QUndoCommand*) () from /lib64/libQt5Widgets.so.5
#10 0x00007f75cbe8f386 in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt5Core.so.5
#11 0x00007f75b81bd4b2 in FormWidgetsController::slotButtonClicked(QAbstractButton*) () from /usr/lib64/qt5/plugins/okularpart.so
#12 0x00007f75cbe8f386 in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt5Core.so.5
#13 0x00007f75cca765d3 in QButtonGroup::buttonClicked(QAbstractButton*) () from /lib64/libQt5Widgets.so.5
#14 0x00007f75cca71d7f in QAbstractButtonPrivate::emitClicked() () from /lib64/libQt5Widgets.so.5
#15 0x00007f75cca73673 in QAbstractButtonPrivate::click() () from /lib64/libQt5Widgets.so.5
#16 0x00007f75cca73855 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /lib64/libQt5Widgets.so.5
#17 0x00007f75cc9c2b1e in QWidget::event(QEvent*) () from /lib64/libQt5Widgets.so.5
#18 0x00007f75cc981ec3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#19 0x00007f75cc988eeb in QApplication::notify(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#20 0x00007f75cbe5fbd8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#21 0x00007f75cc987efa in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) () from /lib64/libQt5Widgets.so.5
#22 0x00007f75cc9db375 in QWidgetWindow::handleMouseEvent(QMouseEvent*) () from /lib64/libQt5Widgets.so.5
#23 0x00007f75cc9de6be in QWidgetWindow::event(QEvent*) () from /lib64/libQt5Widgets.so.5
#24 0x00007f75cc981ec3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt5Widgets.so.5
#25 0x00007f75cbe5fbd8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt5Core.so.5
#26 0x00007f75cc328143 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /lib64/libQt5Gui.so.5
#27 0x00007f75cc3098cc in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Gui.so.5
#28 0x00007f75ba55e47e in xcbSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQt5XcbQpa.so.5
#29 0x00007f75ca63fa9f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#30 0x00007f75ca691a98 in g_main_context_iterate.constprop () from /lib64/libglib-2.0.so.0
#31 0x00007f75ca63ce73 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#32 0x00007f75cbeac6f3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#33 0x00007f75cbe5e57b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt5Core.so.5
#34 0x00007f75cbe661b4 in QCoreApplication::exec() () from /lib64/libQt5Core.so.5
#35 0x000055d0165be8ce in main ()
[Inferior 1 (process 3678) detached]

The reporter indicates this bug may be a duplicate of or related to bug 234280.

Possible duplicates by query: bug 395029, bug 366785, bug 366617, bug 334348, bug 332693.

Reported using DrKonqi
Comment 1 Albert Astals Cid 2021-04-11 21:26:59 UTC
can we have that file?
Comment 2 Emanuele Spirito 2021-04-12 09:49:58 UTC
Created attachment 137525 [details]
The pdf-form written in the bug description

To reproduce the bug: open the PDF-form, click on See forms, then you will see in the first page, above on the right, the section "Death saves, success and failure" which becomes editable, so you can select and unselect the squares. Furthermore, all the sections of the sheet are text boxes forms, but they are not editable with okular.
Comment 3 Emanuele Spirito 2021-04-12 09:52:38 UTC
Of course. I forgot it. So, if you click in the squares following what described here above, okular will crash
Comment 4 Albert Astals Cid 2021-04-12 22:10:49 UTC
Doesn't crash here :/

2 things:

a) Which poppler version are you running?

b) can you run in a terminal
   valgrind okular thefile.pdf
and try to make it crash? Even if it doesn't crash, can you attach the valgrind output?
Comment 5 Yuri Chornoivan 2021-04-13 06:05:45 UTC
(In reply to Albert Astals Cid from comment #4)
> Doesn't crash here :/

I can reproduce this with poppler 20.12.1, so it must have been fixed somewhere in between.
Comment 6 Emanuele Spirito 2021-04-13 06:40:16 UTC
To Albert: 
(0) Even without reproducing that specific bug, can you see all the form-fields? As descripted in the description of the attachment mostly of the pdf is editable
(1) Poppler version I'm using: Poppler 0.90.0
(2) I reproduced the bug and the outcome was the same. Here it is the valgrind output:
[espirito@localhost Scrivania]$ valgrind okular Presticulo_47775440.pdf 
==3701== Memcheck, a memory error detector
==3701== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3701== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==3701== Command: okular Presticulo_47775440.pdf
==3701== 
==3701== Conditional jump or move depends on uninitialised value(s)
==3701==    at 0x21A40C61: ???
==3701==    by 0x1DEDA5A7: ???
==3701== 
==3701== Conditional jump or move depends on uninitialised value(s)
==3701==    at 0x21A40C61: ???
==3701==    by 0x1DE8EA27: ???
==3701== 
==3701== Conditional jump or move depends on uninitialised value(s)
==3701==    at 0x1C28316A: ??? (in /usr/lib64/qt5/plugins/okularpart.so)
==3701==    by 0x5133573: QWidget::event(QEvent*) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x51DC6F1: QFrame::event(QEvent*) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x5F53994: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (in /usr/lib64/libQt5Core.so.5.15.2)
==3701==    by 0x50F1EB1: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x5F53BD7: QCoreApplication::notifyInternal2(QObject*, QEvent*) (in /usr/lib64/libQt5Core.so.5.15.2)
==3701==    by 0x512985F: QWidgetPrivate::setGeometry_sys(int, int, int, int, bool) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x512A6DF: QWidget::setGeometry(QRect const&) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x51DDB76: QAbstractScrollAreaPrivate::layoutChildren_helper(bool*, bool*) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x51DE01E: QAbstractScrollAreaPrivate::layoutChildren() (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x51DF633: QAbstractScrollArea::event(QEvent*) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701==    by 0x50F1EC2: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQt5Widgets.so.5.15.2)
==3701== 
==3701== Thread 12 Okular::PixmapGe:
==3701== Use of uninitialised value of size 8
==3701==    at 0x2B2343C8: GfxImageColorMap::getRGBXLine(unsigned char*, unsigned char*, int) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B2DA1E5: SplashOutputDev::imageSrc(void*, unsigned char*, unsigned char*) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B2EFF21: Splash::scaleImageYdXd(bool (*)(void*, unsigned char*, unsigned char*), void*, SplashColorMode, int, bool, int, int, int, int, SplashBitmap*) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B2F46D3: Splash::scaleImage(bool (*)(void*, unsigned char*, unsigned char*), void*, SplashColorMode, int, bool, int, int, int, int, bool, bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B2F95E0: Splash::drawImage(bool (*)(void*, unsigned char*, unsigned char*), void (*)(void*, SplashBitmap*), void*, SplashColorMode, bool, int, int, double*, bool, bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B2E0757: SplashOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, Stream*, int, int, GfxImageColorMap*, bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B2174C3: Gfx::doImage(Object*, Stream*, bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B211012: Gfx::opXObject(Object*, int) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B206BD1: Gfx::go(bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B207593: Gfx::display(Object*, bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B26B362: Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) (in /usr/lib64/libpoppler.so.101.0.0)
==3701==    by 0x2B0591CB: Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation, void (*)(QImage const&, QVariant const&), bool (*)(QVariant const&), bool (*)(QVariant const&), QVariant const&) const (in /usr/lib64/libpoppler-qt5.so.1.25.0)
==3701== 
QSocketNotifier: Invalid socket 8 and type 'Read', disabling...
QSocketNotifier: Invalid socket 9 and type 'Read', disabling...
==3627== 
==3627== HEAP SUMMARY:
==3627==     in use at exit: 52,897,422 bytes in 115,284 blocks
==3627==   total heap usage: 2,143,872 allocs, 2,028,588 frees, 1,459,454,060 bytes allocated
==3627== 
==3627== LEAK SUMMARY:
==3627==    definitely lost: 8 bytes in 1 blocks
==3627==    indirectly lost: 32 bytes in 1 blocks
==3627==      possibly lost: 1,245,720 bytes in 4,401 blocks
==3627==    still reachable: 51,651,662 bytes in 110,881 blocks
==3627==                       of which reachable via heuristic:
==3627==                         newarray           : 456 bytes in 13 blocks
==3627==                         multipleinheritance: 142,456 bytes in 173 blocks
==3627==         suppressed: 0 bytes in 0 blocks
==3627== Rerun with --leak-check=full to see details of leaked memory
==3627== 
==3627== Use --track-origins=yes to see where uninitialised values come from
==3627== For lists of detected and suppressed errors, rerun with: -s
==3627== ERROR SUMMARY: 3479134 errors from 5 contexts (suppressed: 0 from 0)
==3701== Thread 1:
==3701== Invalid read of size 8
==3701==    at 0x2B04CBF1: Poppler::Document::formCalculateOrder() const (in /usr/lib64/libpoppler-qt5.so.1.25.0)
==3701==    by 0x2AFB8D4E: ??? (in /usr/lib64/qt5/plugins/okular/generators/okularGenerator_poppler.so)
==3701==  Address 0x50 is not stack'd, malloc'd or (recently) free'd
==3701== 
KCrash: Application 'okular' crashing...
KCrash: Attempting to start /usr/libexec/drkonqi
[1]   Uscita 253              valgrind okular Presticulo_47775440.pdf

[2]+  Fermato                 valgrind okular Presticulo_47775440.pdf
Comment 7 Emanuele Spirito 2021-04-13 06:44:59 UTC
To Albert and Yuri: 
After this valgrind output of the bug: do you think it is just due to my old version of Poppler? If so, how can I update it to a version which is supported and stable?
Comment 8 Yuri Chornoivan 2021-04-13 11:42:13 UTC
(In reply to Emanuele Spirito from comment #7)
> To Albert and Yuri: 
> After this valgrind output of the bug: do you think it is just due to my old
> version of Poppler? If so, how can I update it to a version which is
> supported and stable?

I can confirm that the file does not crash Okular with poppler 21.04 (the current version from git). I think that the most constructive way to fix it would be filing bug report in Fedora Bugzilla with the hash of the commit that fixes the bug (Albert knows better as the fix was probably made by him).

The wrong way which breaks Inkscape, Okular and other packages, as they should be recompiled, is building it from scratch:

http://www.linuxfromscratch.org/blfs/view/svn/general/poppler.html
Comment 9 Emanuele Spirito 2021-04-13 16:12:32 UTC
(In reply to Yuri Chornoivan from comment #8)
> I can confirm that the file does not crash Okular with poppler 21.04 (the
> current version from git). I think that the most constructive way to fix it
> would be filing bug report in Fedora Bugzilla with the hash of the commit
> that fixes the bug (Albert knows better as the fix was probably made by him).

Ok, so, I wait for Albert reply, then I open a bug report in bugzilla for the poppler component with:
- description of the issue of opening that pdf (ecc...);
- the current bug report;
- I'll say that the latest git poppler version doesn't have that problem;
- I put the commit of the fix you cited above.
Do I have your permission to put you two in cc list for that bug in bugzilla?

> The wrong way which breaks Inkscape, Okular and other packages, as they
> should be recompiled, is building it from scratch:
> 
> http://www.linuxfromscratch.org/blfs/view/svn/general/poppler.html

Ok, I won't do that!
Comment 10 Albert Astals Cid 2021-04-19 22:22:59 UTC
I don't really have the time to figure out which of the commits in poppler fixed this issue, but since both me and Yuri can confirm that with modern versions of it it doesn't crash i'm closing the bug.

I understand that's not super helpful for you that still have a crash issue, you may want to try https://flathub.org/apps/details/org.kde.okular that should provide a recent enough okular+poppler combination.