Bug 4326

Summary: crash when clicking on pictures and moving the mouse
Product: poppler Reporter: Giacomo Perale <ghepeu>
Component: generalAssignee: Kristian Høgsberg <krh>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: high CC: peterzelezny
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Giacomo Perale 2005-08-31 12:49:12 UTC 
If I click with the left button of the mouse on a picture and then I move the
mouse without releasing the button, a segfault in poppler causes a crash of
evince. This happens with many pdf but not with all the images; usually it
occurs with pictures (originally jpg/bmp/png files? I don't know exactly how pdf
 works) but not with other kinds of graphics (maps, schemas).

This pdf is a good example, try with the picture at page 4 (126):
http://www-cgsc.army.mil/carl/download/csipubs/Block/chp5_Block%20by%20Block.pdf

At the moment I'm using self compiled cairo 1.0, poppler 0.4.1 and evince 0.4.0.
This is the backtrace I can get in gdb: 

ghepeu@KazeNoTani ~ $ gdb /usr/local/bin/evince
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library
"/lib/tls/libthread_db.so.1".

(gdb) run Battle.for.Hue.pdf
Starting program: /usr/local/bin/evince Battle.for.Hue.pdf

Program received signal SIGSEGV, Segmentation fault.
TextBlock::visitSelection (this=0x84c3c28, visitor=0xbff575b0,
    selection=0xbff575b0) at TextOutputDev.cc:3441
3441        if (p->next == end) {
Current language:  auto; currently c++
(gdb) bt full
#0  TextBlock::visitSelection (this=0x84c3c28, visitor=0xbff575b0,
    selection=0xbff575b0) at TextOutputDev.cc:3441
        begin = (TextLine *) 0x84a33c8
        end = (TextLine *) 0x84853e8
        child_selection = {x1 = 0, y1 = 0, x2 = 612, y2 = 792}
        start_x = 389.94690265486724
        stop_y = 216.63716814159289
        p = (TextLine *) 0x0
        start_y = 217.72035398230088
        stop_x = 391.03008849557523
#1  0xb73f35a6 in TextPage::visitSelection (this=0x840c8d0,
    visitor=0xbff575b0, selection=0xb7450f80) at TextOutputDev.cc:3522
        i = 1
        begin = 0
        end = 1
        child_selection = {x1 = 391.03008849557523, y1 = 216.63716814159289,
  x2 = 389.94690265486724, y2 = 217.72035398230088}
        start_x = 0.5
        stop_y = 217.72035398230088
        start_y = 216.63716814159289
        stop_x = 0
        b = (TextBlock *) 0xbff575b0
#2  0xb73f3766 in TextPage::getSelectionRegion (this=0x840c8d0,
    selection=0xb7450f80, scale=216.63716814159289) at TextOutputDev.cc:3543
        sizer = {<TextSelectionVisitor> = {
    _vptr.TextSelectionVisitor = 0xb7450f80, page = 0x840c8d0},
  list = 0x840e4e0, scale = 0.92320263385772705}
#3  0xb73f4bde in TextOutputDev::getSelectionRegion (this=0xb7450f80,
    selection=0xb7450f80, scale=216.63716814159289) at TextOutputDev.cc:4109
No locals.
#4  0xb754d1de in poppler_page_get_selection_region (page=0xb7450f80,
    scale=216.63716814159289, selection=0x8595c80) at poppler-page.cc:350
        poppler_selection = {x1 = 391.03008849557523, y1 = 216.63716814159289,
  x2 = 389.94690265486724, y2 = 217.72035398230088}
        list = (GooList *) 0xbff57648
        rect = {x = -1074432392, y = -1208675760, width = 0,
  height = -536866816}
        region = (GdkRegion *) 0xb75515e8
        i = 0
        text_dev = (class TextOutputDev *) 0xb7450f80
#5  0x080970ea in pdf_selection_get_selection_region (selection=0xb7450f80,
    rc=0x82ee648, points=0xb7450f80) at ev-poppler.cc:1215
        pdf_document = (PdfDocument *) 0xb7450f80
        retval = (GdkRegion *) 0xb7450f80
#6  0x0808bd51 in ev_selection_get_selection_region (selection=0x8211fe0,
    rc=0x8595c80, points=0x8595c80) at ev-selection.c:83
        iface = (EvSelectionIface *) 0xb7450f80
#7  0x080669db in ev_pixbuf_cache_get_selection_pixbuf (
    pixbuf_cache=0x8253f90, page=0, scale=0.923202634, region=0xbff5774c)
    at ev-pixbuf-cache.c:840
        old_points = (EvRectangle *) 0x0
        text = (GdkColor *) 0xb8
        base = (GdkColor *) 0x821dc10
        job_info = (CacheJobInfo *) 0x844aa24
        __PRETTY_FUNCTION__ = "ev_pixbuf_cache_get_selection_pixbuf"
#8  0x0806de44 in selection_update_idle_cb (view=0x816be58) at ev-view.c:3126
        tmp_region = (GdkRegion *) 0x0
        point = {x = 367, y = 2429}
#9  0xb703d9e0 in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#10 0x0816be58 in ?? ()
No symbol table info available.
#11 0x080c4668 in ?? ()
No symbol table info available.
#12 0x00000000 in ?? ()
No symbol table info available.
#13 0x00000000 in ?? ()
No symbol table info available.
#14 0xbff57818 in ?? ()
No symbol table info available.
#15 0xb703d9c6 in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#16 0xb709617c in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#17 0xb703a6d7 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#18 0xbff57838 in ?? ()
No symbol table info available.
#19 0xb7559240 in pthread_mutex_unlock () from /lib/tls/libpthread.so.0
No symbol table info available.
#20 0xb709617c in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#21 0x00000001 in ?? ()
No symbol table info available.
#22 0x080d01f0 in ?? ()
No symbol table info available.
#23 0x00000009 in ?? ()
No symbol table info available.
#24 0xb703c05e in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#25 0x080d01f0 in ?? ()
No symbol table info available.
#26 0x000000c8 in ?? ()
No symbol table info available.
#27 0x08212158 in ?? ()
No symbol table info available.
#28 0x00000009 in ?? ()
No symbol table info available.
#29 0x00000009 in ?? ()
No symbol table info available.
#30 0xb7559240 in pthread_mutex_unlock () from /lib/tls/libpthread.so.0
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
Comment 1 Dax Kelson 2005-09-07 13:04:15 UTC 
*** Bug 4368 has been marked as a duplicate of this bug. ***
Comment 2 Anderson Lizardo 2005-10-07 06:51:24 UTC 
I could trigger this bug when selecting text too. Here is the steps to reproduce
it consistently:

1) Download http://www.lpi.org.br/downloads/ficha_10x_manaus.pdf
2) Open it with evince:

$ evince ficha_10x_manaus.pdf

3) Select the text "ID" from "LPI ID:"
4) Click with the mouse's left button on the white space at the right of "LPI
ID:" and keep the button pressed.
5) Now move the mouse (keeping the left button pressed) and the application
should crash.

System Details:
- OS: Ubuntu 5.10 RC1
- libpoppler0c2   0.4.2-0ubuntu5
- libcairo2   1.0.2-0ubuntu1
- evince   0.4.0-0ubuntu4
Comment 3 Kristian Høgsberg 2005-12-04 08:46:16 UTC 
Closing bug as dupe of #4402, which is fixed in CVS head.  I couldn't download
the document mentioned in comment #2, if the bug is still reproducible with that
document, please reopen this bug and attach document. Thanks.

*** This bug has been marked as a duplicate of 4402 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.