Bug 4929

Summary: text selection eventually leads to crash
Product: poppler Reporter: Simon Morgan <freedesktop.domain.sjmorgan>
Component: generalAssignee: Kristian Høgsberg <krh>
Status: RESOLVED DUPLICATE QA Contact:
Severity: critical    
Priority: high    
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Simon Morgan 2005-10-30 05:06:40 UTC
libpoppler is prone to crashing while selecting blocks of text. Unfortunately I
can't seem to pinpoint the exact circumstances whcih cause a crash, but simply
repeatedly selecting text (left click, drag back and forward, rinse, repeat) for
long enough has resulted in a crash with every PDF I've tried. I'm using Evince
to view them.

I've enclosed 2 stack traces of crashes at seperate points in the code which may
be seperate bugs, but seeing as they both happen under the same circumstances
I'm assuming that they're at least related.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1228380480 (LWP 4677)]
0xb758752a in TextBlock::visitSelection (this=0x82eb4e0, visitor=0xbffc3bf8, 
    selection=0xbffc3b90) at TextOutputDev.cc:3441
3441	    if (p->next == end) {
Current language:  auto; currently c++
(gdb) thread apply all bt

Thread 2 (Thread -1230120016 (LWP 4681)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7028c96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb711d8b7 in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3  0x08061c93 in ev_document_types_add_filters ()
#4  0xb72298c4 in g_static_private_free () from /usr/lib/libglib-2.0.so.0
#5  0xb7026361 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6  0xb7110bde in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread -1228380480 (LWP 4677)):
#0  0xb758752a in TextBlock::visitSelection (this=0x82eb4e0, 
    visitor=0xbffc3bf8, selection=0xbffc3b90) at TextOutputDev.cc:3441
#1  0xb7587756 in TextPage::visitSelection (this=0x8361450, 
    visitor=0xbffc3bf8, selection=0xbffc3c78) at TextOutputDev.cc:3522
#2  0xb75889b8 in TextPage::getSelectionRegion (this=0x8361450, 
    selection=0xbffc3c78, scale=1.414214015007019) at TextOutputDev.cc:3543
#3  0xb7588a09 in TextOutputDev::getSelectionRegion (this=0x8327290, 
    selection=0xbffc3c78, scale=1.414214015007019) at TextOutputDev.cc:4109
#4  0xb76f3937 in poppler_page_get_selection_region (page=0x8327290, 
    scale=1.414214015007019, selection=0x8298714) at poppler-page.cc:353
#5  0x0808d32f in pdf_selection_get_selection_region ()
#6  0x0808ae48 in ev_selection_get_selection_region ()
#7  0x080686c7 in ev_pixbuf_cache_get_selection_pixbuf ()
#8  0x0806f103 in ev_view_rotate_right ()
#9  0xb720f750 in g_child_watch_add () from /usr/lib/libglib-2.0.so.0
#10 0xb720d4ee in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#11 0xb72104f6 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#12 0xb72107e3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#13 0xb79cae65 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#14 0x0807c3bb in main ()
(gdb) l
3436	      child_selection.y1 = start_y;
3437	    } else {
3438	      child_selection.x1 = 0;
3439	      child_selection.y1 = 0;
3440	    }
3441	    if (p->next == end) {
3442	      child_selection.x2 = stop_x;
3443	      child_selection.y2 = stop_y;
3444	    } else {
3445	      child_selection.x2 = page->pageWidth;
(gdb) p p
$1 = (TextLine *) 0x0

Here's the second one:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1229138240 (LWP 8315)]
0xb74c885b in TextWord::visitSelection (this=0x0, visitor=0xbf80c6c8, 
    selection=0xbf80c5c8) at TextOutputDev.cc:3324
3324	  begin = len;
Current language:  auto; currently c++
(gdb) thread apply all bt full

Thread 2 (Thread -1230877776 (LWP 8321)):
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb6f6fc96 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0xb70648b7 in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#3  0x08061c93 in ev_document_types_add_filters ()
No symbol table info available.
#4  0xb71708c4 in g_static_private_free () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#5  0xb6f6d361 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#6  0xb7057bde in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.

Thread 1 (Thread -1229138240 (LWP 8315)):
#0  0xb74c885b in TextWord::visitSelection (this=0x0, visitor=0xbf80c6c8, 
    selection=0xbf80c5c8) at TextOutputDev.cc:3324
	i = Variable "i" is not available.
(gdb) p len
Cannot access memory at address 0x38
Comment 1 Kristian Høgsberg 2005-12-04 07:41:16 UTC

*** This bug has been marked as a duplicate of 4402 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.