152780 – evince crashes when selecting text in certain PDFs

Bug 152780 - evince crashes when selecting text in certain PDFs

Summary: evince crashes when selecting text in certain PDFs

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE Linux 10.1
Classification:	openSUSE
Component:	GNOME (show other bugs)
Version:	Beta 4
Hardware:	x86-64 Other

Priority:	P5 - None Severity: Major (vote)
Target Milestone:	RC 3
Assignee:	Gary Ekker
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2006-02-22 13:47 UTC by Michal Marek
Modified:	2006-06-15 14:55 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Public version of a PDF file (91.85 KB, application/pdf) 2006-02-27 10:35 UTC, Ludek Safar	Details
proposed patch (3.90 KB, patch) 2006-06-12 13:11 UTC, Radek Doulik	Details \| Diff
updated patch, with leak fix from Dan Winship (5.05 KB, text/x-patch) 2006-06-12 17:44 UTC, Radek Doulik	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michal Marek 2006-02-22 13:47:13 UTC

Evince crashes when triying to drag mouse over the pie graph in the attached image. I can't make the attachment public unfortunately :-(

$ gdb /opt/gnome/bin/evince
GNU gdb 6.4
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-suse-linux"...Using host libthread_db library
 "/lib64/libthread_db.so.1".

(gdb) r support-graf.pdf 
Starting program: /opt/gnome/bin/evince support-graf.pdf
[Thread debugging using libthread_db enabled]
[New Thread 46932190620704 (LWP 18429)]

** (evince:18429): WARNING **: Service registration failed.

** (evince:18429): WARNING **: Unable to determine the address of the message bu
s
[New Thread 1082132832 (LWP 18432)]
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:6)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:11)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:16)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:21)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:26)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:31)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:36)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:41)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:46)
Error: Bad 'display*Font*' config file command (/etc/xpdfrc-cjk.sjis:51)
ALSA lib confmisc.c:672:(snd_func_card_driver) cannot find card '0'
ALSA lib conf.c:3492:(_snd_config_evaluate) function snd_func_card_driver return
ed error: No such device
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:3492:(_snd_config_evaluate) function snd_func_concat returned er
ror: No such device
ALSA lib confmisc.c:1072:(snd_func_refer) error evaluating name
ALSA lib conf.c:3492:(_snd_config_evaluate) function snd_func_refer returned err
or: No such device
ALSA lib conf.c:3961:(snd_config_expand) Evaluate error: No such device
ALSA lib pcm.c:2108:(snd_pcm_open_noupdate) Unknown PCM default

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 46932190620704 (LWP 18429)]
0x00002aaf3e288e91 in CairoFont (this=0x8a31c0, gfxFont=0x89f850, 
    xref=0x8263e0, lib=0x828e30) at Object.h:278
278       { stream->reset(); }
Current language:  auto; currently c++
(gdb) bt
#0  0x00002aaf3e288e91 in CairoFont (this=0x8a31c0, gfxFont=0x89f850, 
    xref=0x8263e0, lib=0x828e30) at Object.h:278
#1  0x00002aaf3e2893f1 in CairoFontEngine::getFont (this=0x842e10, 
    gfxFont=0x89f850, xref=0x8263e0) at CairoFontEngine.cc:381
#2  0x00002aaf3e28a651 in CairoOutputDev::updateFont (this=0x8275e0, 
    state=0x890b80) at CairoOutputDev.cc:225
#3  0x00002aaf3e2f10b6 in TextSelectionPainter::visitWord (
    this=0x7fff6fd70380, word=0x71fe50, begin=0, end=8, 
    selection=<value optimized out>) at TextOutputDev.cc:3302
#4  0x00002aaf3e2eb292 in TextLine::visitSelection (
    this=<value optimized out>, visitor=0x7fff6fd70380, 
    selection=0x7fff6fd70270) at TextOutputDev.cc:3377
#5  0x00002aaf3e2eb40b in TextBlock::visitSelection (this=0x84ab20, 
    visitor=0x7fff6fd70380, selection=<value optimized out>)
    at TextOutputDev.cc:3449
#6  0x00002aaf3e2f13ae in TextPage::visitSelection (this=0x88edd0, 
    visitor=0x7fff6fd70380, selection=<value optimized out>)
    at TextOutputDev.cc:3522
#7  0x00002aaf3e2f2b4e in TextPage::drawSelection (this=0x88edd0, 
    out=<value optimized out>, scale=<value optimized out>, 
    rotation=<value optimized out>, selection=0x7fff6fd706f0, 
    glyph_color=<value optimized out>, box_color=<value optimized out>)
    at TextOutputDev.cc:3535
#8  0x00002aaf3dc0ee9c in poppler_page_render_selection (page=0x8457c0, 
    scale=0.66825211048126221, rotation=0, pixbuf=0x87e320, 
    selection=<value optimized out>, old_selection=<value optimized out>, 
    glyph_color=<value optimized out>, background_color=0x6d5c94)
    at poppler-page.cc:478
#9  0x000000000044ca28 in pdf_selection_render_selection (
    selection=<value optimized out>, rc=0x8459e0, 
    pixbuf=<value optimized out>, points=0x8453c8, old_points=0x0, 
    text=0x6d5c58, base=0x6d5c94) at ev-poppler.cc:1199
#10 0x00000000004238d5 in ev_pixbuf_cache_get_selection_pixbuf (
    pixbuf_cache=0x845310, page=<value optimized out>, 
    scale=<value optimized out>, region=0x7fff6fd708c8)
    at ev-pixbuf-cache.c:849
#11 0x000000000042b101 in selection_update_idle_cb (view=0x70e830)
    at ev-view.c:3126
#12 0x00002aaf3f81f2ba in g_main_context_dispatch ()
   from /opt/gnome/lib64/libglib-2.0.so.0
#13 0x00002aaf3f822345 in g_main_context_check ()
   from /opt/gnome/lib64/libglib-2.0.so.0
#14 0x00002aaf3f822655 in g_main_loop_run ()
   from /opt/gnome/lib64/libglib-2.0.so.0
#15 0x00002aaf3cfd6c43 in gtk_main () from /opt/gnome/lib64/libgtk-x11-2.0.so.0
#16 0x0000000000437391 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.c:295
(gdb)

Comment 2 Stanislav Brabec 2006-02-22 13:57:23 UTC

Backtrace was generated from '/opt/gnome/bin/evince'

Using host libthread_db library "/lib64/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47426264693152 (LWP 951)]
[New Thread 1082132832 (LWP 952)]
0x00002b2246aa29ef in __libc_waitpid (pid=953, stat_loc=0x7fff66dcc8ec, 
    options=0) at waitpid.c:41
41	  int result = INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL);
#0  0x00002b2246aa29ef in __libc_waitpid (pid=953, stat_loc=0x7fff66dcc8ec, 
    options=0) at waitpid.c:41
#1  0x00002b2243e4cdc7 in libgnomeui_segv_handle (signum=11)
    at gnome-ui-init.c:749
#2  <signal handler called>
#3  0x00002b224722ee91 in CairoFont (this=0x8357d0, gfxFont=0x834a20, 
    xref=0x808cc0, lib=0x80cab0) at Object.h:278
#4  0x00002b224722f3f1 in CairoFontEngine::getFont (this=0x8273e0, 
    gfxFont=0x834a20, xref=0x808cc0) at CairoFontEngine.cc:381
#5  0x00002b2247230651 in CairoOutputDev::updateFont (this=0x80a2f0, 
    state=0x837360) at CairoOutputDev.cc:225
#6  0x00002b22472970b6 in TextSelectionPainter::visitWord (
    this=0x7fff66dcd040, word=0x731980, begin=0, end=4, 
    selection=<value optimized out>) at TextOutputDev.cc:3302
#7  0x00002b2247291292 in TextLine::visitSelection (
    this=<value optimized out>, visitor=0x7fff66dcd040, 
    selection=0x7fff66dccf30) at TextOutputDev.cc:3377
#8  0x00002b224729140b in TextBlock::visitSelection (this=0x88f8a0, 
    visitor=0x7fff66dcd040, selection=<value optimized out>)
    at TextOutputDev.cc:3449
#9  0x00002b22472973ae in TextPage::visitSelection (this=0x86e100, 
    visitor=0x7fff66dcd040, selection=<value optimized out>)
    at TextOutputDev.cc:3522
#10 0x00002b2247298b4e in TextPage::drawSelection (this=0x86e100, 
    out=<value optimized out>, scale=<value optimized out>, 
    rotation=<value optimized out>, selection=0x7fff66dcd3b0, 
    glyph_color=<value optimized out>, box_color=<value optimized out>)
    at TextOutputDev.cc:3535
#11 0x00002b2246bb4e9c in poppler_page_render_selection (page=0x841590, 
    scale=0.67181926965713501, rotation=0, pixbuf=0x8974e0, 
    selection=<value optimized out>, old_selection=<value optimized out>, 
    glyph_color=<value optimized out>, background_color=0x7d7c04)
    at poppler-page.cc:478
#12 0x000000000044ca28 in pdf_selection_render_selection (
    selection=<value optimized out>, rc=0x842400, 
    pixbuf=<value optimized out>, points=0x82a3a8, old_points=0x0, 
    text=0x7d7bc8, base=0x7d7c04) at ev-poppler.cc:1199
#13 0x00000000004238d5 in ev_pixbuf_cache_get_selection_pixbuf (
    pixbuf_cache=0x82a2f0, page=<value optimized out>, 
    scale=<value optimized out>, region=0x7fff66dcd588)
    at ev-pixbuf-cache.c:849
#14 0x000000000042b101 in selection_update_idle_cb (view=0x71a000)
    at ev-view.c:3126
#15 0x00002b22487c52ba in g_main_context_dispatch (context=0x5a1240)
    at gmain.c:1934
#16 0x00002b22487c8345 in g_main_context_iterate (context=0x5a1240, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2565
#17 0x00002b22487c8655 in g_main_loop_run (loop=0x59df60) at gmain.c:2769
#18 0x00002b2245f7bc83 in IA__gtk_main () at gtkmain.c:991
#19 0x0000000000437391 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.c:295

Thread 2 (Thread 1082132832 (LWP 952)):
#0  0x00002b2246a9f5e6 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib64/libpthread.so.0
No symbol table info available.
#1  0x000000000041e2e0 in ev_render_thread (data=<value optimized out>)
    at ev-job-queue.c:179
	job = (EvJob *) 0x842140
#2  0x00002b22487e16b6 in g_thread_create_proxy (data=0x5bd6e0)
    at gthread.c:564
	__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#3  0x00002b2246a9c223 in start_thread (arg=<value optimized out>)
    at pthread_create.c:261
	__res = <value optimized out>
	pd = (struct pthread *) 0x40800960
	unwind_buf = {cancel_jmp_buf = {{jmp_buf = {1082132832, 
        -68867771301412572, 47426214412688, 140734919136864, 3, 1082134528, 
        -68867772366765884, -68822821203967800}, mask_was_saved = 0}}, priv = {
    pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, 
      canceltype = 0}}}
	not_first_call = 0
	robust = <value optimized out>
	__PRETTY_FUNCTION__ = "start_thread"
#4  0x00002b22490d28bd in clone () from /lib64/libc.so.6
	fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
    mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0, 
    mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0, 
    fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0, 
    fs_passno = 0}}
	__elf_set___libc_subfreeres_element_fstab_free__ = (
    const void *) 0x2b22491048e0
#5  0x0000000000000000 in ?? ()
No symbol table info available.

Thread 1 (Thread 47426264693152 (LWP 951)):
#0  0x00002b2246aa29ef in __libc_waitpid (pid=953, stat_loc=0x7fff66dcc8ec, 
    options=0) at waitpid.c:41
	oldtype = 0
	result = <value optimized out>
#1  0x00002b2243e4cdc7 in libgnomeui_segv_handle (signum=11)
    at gnome-ui-init.c:749
	estatus = 0
	sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, 
  sa_mask = {__val = {0, 47425028882873, 140734919133328, 8604256, 
      47426224513653, 16, 140734919133584, 8606496, 47426255976832, 1, 
      8604256, 8606496, 47426224544016, 1, 47426254145964, 8604270}}, 
  sa_flags = 1195662208, sa_restorer = 0x8343d8}
	pid = -512
	in_segv = 1
#2  <signal handler called>
No symbol table info available.
#3  0x00002b224722ee91 in CairoFont (this=0x8357d0, gfxFont=0x834a20, 
    xref=0x808cc0, lib=0x80cab0) at Object.h:278
No locals.
#4  0x00002b224722f3f1 in CairoFontEngine::getFont (this=0x8273e0, 
    gfxFont=0x834a20, xref=0x808cc0) at CairoFontEngine.cc:381
	i = <value optimized out>
	j = <value optimized out>
	ref = {num = 441, gen = 229}
	font = (CairoFont *) 0x8357d0
#5  0x00002b2247230651 in CairoOutputDev::updateFont (this=0x80a2f0, 
    state=0x837360) at CairoOutputDev.cc:225
	font_face = <value optimized out>
	m11 = -0
	m12 = -0
	m21 = 0.67181926965713501
	m22 = 0
	w = <value optimized out>
	matrix = {xx = -0, yx = 1.4884955599894494, xy = 0, yy = 0, 
  x0 = 0.67181926965713501, y0 = 0}
#6  0x00002b22472970b6 in TextSelectionPainter::visitWord (
    this=0x7fff66dcd040, word=0x731980, begin=0, end=4, 
    selection=<value optimized out>) at TextOutputDev.cc:3302
	string = <value optimized out>
	i = <value optimized out>
#7  0x00002b2247291292 in TextLine::visitSelection (
    this=<value optimized out>, visitor=0x7fff66dcd040, 
    selection=0x7fff66dccf30) at TextOutputDev.cc:3377
	p = (TextWord *) 0x731980
	begin = <value optimized out>
	end = (TextWord *) 0x0
	i = <value optimized out>
	edge_begin = <value optimized out>
	edge_end = <value optimized out>
#8  0x00002b224729140b in TextBlock::visitSelection (this=0x88f8a0, 
    visitor=0x7fff66dcd040, selection=<value optimized out>)
    at TextOutputDev.cc:3449
	p = (TextLine *) 0x8392f0
	begin = <value optimized out>
	end = (TextLine *) 0x0
	child_selection = {x1 = 0, y1 = 0, x2 = 841.79999000000009, 
  y2 = 595.20001000000002}
	start_x = <value optimized out>
	start_y = <value optimized out>
	stop_x = <value optimized out>
	stop_y = <value optimized out>
#9  0x00002b22472973ae in TextPage::visitSelection (this=0x86e100, 
    visitor=0x7fff66dcd040, selection=<value optimized out>)
    at TextOutputDev.cc:3522
	i = <value optimized out>
	begin = <value optimized out>
	end = 11
	child_selection = {x1 = 0, y1 = 0, x2 = 841.79999000000009, 
  y2 = 595.20001000000002}
	start_x = <value optimized out>
	start_y = <value optimized out>
	stop_x = <value optimized out>
	stop_y = <value optimized out>
	b = <value optimized out>
#10 0x00002b2247298b4e in TextPage::drawSelection (this=0x86e100, 
    out=<value optimized out>, scale=<value optimized out>, 
    rotation=<value optimized out>, selection=0x7fff66dcd3b0, 
    glyph_color=<value optimized out>, box_color=<value optimized out>)
    at TextOutputDev.cc:3535
	painter = {<TextSelectionVisitor> = {
    _vptr.TextSelectionVisitor = 0x2b22473e5110, page = 0x86e100}, 
  out = 0x80a2f0, box_color = 0x7fff66dcd2b0, glyph_color = 0x7fff66dcd1b0, 
  state = 0x837360}
#11 0x00002b2246bb4e9c in poppler_page_render_selection (page=0x841590, 
    scale=0.67181926965713501, rotation=0, pixbuf=0x8974e0, 
    selection=<value optimized out>, old_selection=<value optimized out>, 
    glyph_color=<value optimized out>, background_color=0x7d7c04)
    at poppler-page.cc:478
	text_dev = (class TextOutputDev *) 0x86e060
	output_dev = (class OutputDev *) 0x80a2f0
	data = {cairo_data = 0x2aaaad050010 "", surface = 0x88a210}
	pdf_selection = {x1 = 192.01592920353983, y1 = 251.55575221238939, 
  x2 = 354.26194690265487, y2 = 360.21592920353982}
	gfx_background_color = {c = {0.39215686274509803, 0.51764705882352946, 
    0.64313725490196083, 0 <repeats 29 times>}}
	gfx_glyph_color = {c = {1, 1, 1, 0 <repeats 29 times>}}
#12 0x000000000044ca28 in pdf_selection_render_selection (
    selection=<value optimized out>, rc=0x842400, 
    pixbuf=<value optimized out>, points=0x82a3a8, old_points=0x0, 
    text=0x7d7bc8, base=0x7d7c04) at ev-poppler.cc:1199
	width_points = 841.79999000000009
	height_points = 595.20001000000002
#13 0x00000000004238d5 in ev_pixbuf_cache_get_selection_pixbuf (
    pixbuf_cache=0x82a2f0, page=<value optimized out>, 
    scale=<value optimized out>, region=0x7fff66dcd588)
    at ev-pixbuf-cache.c:849
	old_points = (EvRectangle *) 0x0
	text = (GdkColor *) 0x7d7bc8
	base = (GdkColor *) 0x7d7c04
	job_info = (CacheJobInfo *) 0x82a350
	__PRETTY_FUNCTION__ = "ev_pixbuf_cache_get_selection_pixbuf"
#14 0x000000000042b101 in selection_update_idle_cb (view=0x71a000)
    at ev-view.c:3126
	point = {x = 254, y = 247}
#15 0x00002b22487c52ba in g_main_context_dispatch (context=0x5a1240)
    at gmain.c:1934
No locals.
#16 0x00002b22487c8345 in g_main_context_iterate (context=0x5a1240, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2565
	got_ownership = <value optimized out>
	max_priority = 200
	timeout = 0
	some_ready = 1
	nfds = <value optimized out>
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x59e000
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#17 0x00002b22487c8655 in g_main_loop_run (loop=0x59df60) at gmain.c:2769
	got_ownership = 1185538144
	self = (GThread *) 0x5766e0
	__PRETTY_FUNCTION__ = "g_main_loop_run"
#18 0x00002b2245f7bc83 in IA__gtk_main () at gtkmain.c:991
	tmp_list = (GList *) 0x1
	functions = (GList *) 0x0
	init = (GtkInitFunction *) 0x5c12a0
	loop = (GMainLoop *) 0x59df60
#19 0x0000000000437391 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.c:295
	connection = <value optimized out>
	error = (GError *) 0x452d90
	result = 11042
	remote_object = <value optimized out>
	display = <value optimized out>
	timestamp = 0
	enable_metadata = 1
	context = (poptContext) 0x57bdf0
	context_as_value = {g_type = 68, data = {{v_int = 5750256, 
      v_uint = 5750256, v_long = 5750256, v_ulong = 5750256, 
      v_int64 = 5750256, v_uint64 = 5750256, v_float = 8.0578249e-39, 
      v_double = 2.841003944392503e-317, v_pointer = 0x57bdf0}, {v_int = 0, 
      v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, 
      v_float = 0, v_double = 0, v_pointer = 0x0}}}
	program = (GnomeProgram *) 0x0
0x00002b2246aa29ef	41	  int result = INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL);

Comment 3 Ludek Safar 2006-02-27 10:35:44 UTC

Created attachment 70360 [details]
Public version of a PDF file

Comment 4 Michal Marek 2006-02-27 10:46:33 UTC

Thanks Ludek!

BTW ghostscript doesn't event display the file (konqueror uses gs for thumbnails, so you end up with directory full of core dumps :-))

$ gdb /usr/bin/gs 
...
(gdb) r support-graf.pdf 
Starting program: /usr/bin/gs support-graf.pdf
[Thread debugging using libthread_db enabled]
[New Thread 47490193959760 (LWP 15997)]
ESP Ghostscript 8.15 (2005-09-22)
Copyright (C) 2004 artofcode LLC, Benicia, CA.  All rights reserved.
This software comes with NO WARRANTY: see the file COPYING for details.
Processing pages 1 through 1.
Page 1

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47490193959760 (LWP 15997)]
gx_image_end (info=0x0, draw_last=0) at gximage.c:211
211         return info->procs->end_image(info, draw_last);
(gdb) bt
#0  gx_image_end (info=0x0, draw_last=0) at gximage.c:211
#1  0x00002b312a0bf98d in bbox_image_end_image (info=0x6ff850, draw_last=0)
    at gdevbbox.c:1106
#2  0x00002b312a0c000b in bbox_begin_typed_image (dev=0x715a68, pis=0x5278c8, 
    pmat=0x527938, pic=0x7fff80c6bd58, prect=0x0, pdcolor=0x704248, 
    pcpath=0x703f80, memory=0x502858, pinfo=0x704a50) at gdevbbox.c:1019
#3  0x00002b312a0b9200 in make_mcdex_default (dev=0x78af78, pis=0x5278c8, 
    pmat=0x527938, pic=0x7fff80c6bd58, prect=0x0, pdcolor=0x704248, 
    pcpath=0x703f80, mem=0x502858, pinfo=0x704a50, pmcdev=0x7fff80c6bec8, 
    midev=0x7fff80c6beb0, pminfo=0x7fff80c6bea0, origin=0x7fff80c6be90, 
    pim=0x7fff80c6c000) at gximag3x.c:546
#4  0x00002b312a0ba582 in gx_begin_image3x_generic (dev=0x78af78, 
    pis=0x5278c8, pmat=0x527938, pic=0x7fff80c6c000, prect=0x0, 
    pdcolor=0x704248, pcpath=0x703f80, mem=0x502858, 
    make_mid=0x2b312a0b9250 <make_midx_default>, 
    make_mcde=0x2b312a0b9150 <make_mcdex_default>, pinfo=0x7fff80c6bfc0)
    at gximag3x.c:285
#5  0x00002b312a0babee in gx_begin_image3x (dev=0x0, pis=0x0, 
    pmat=0x2b312b0069f0, pic=0xfffffff1, prect=0x1, pdcolor=0x0, 
    pcpath=0x703f80, mem=0x502858, pinfo=0x7fff80c6bfc0) at gximag3x.c:563
#6  0x00002b312a21a884 in gs_image_begin_typed (pic=0x7fff80c6c000, 
    pgs=0x5278c8, uses_color=0, ppie=0x7fff80c6bfc0) at gsimage.c:168
#7  0x00002b312a096b54 in zimage_setup (i_ctx_p=0x544b90, pim=0x7fff80c6c000, 
    sources=0x7fff80c6c2d8, uses_color=721447408, npop=1) at zimage.c:137
#8  0x00002b312a0b8775 in zimage3x (i_ctx_p=0x544b90) at ztrans.c:361
#9  0x00002b312a07474b in gs_interpret (pi_ctx_p=0x2b312a8ddd10, 
    pref=<value optimized out>, user_errors=1, pexit_code=0x7fff80c6cb2c, 
    perror_object=0x7fff80c6cb10) at interp.c:1122
#10 0x00002b312a06b362 in gs_main_interpret (minst=0x2b312a8ddaa0, pref=0x0, 
    user_errors=1, pexit_code=0x7fff80c6cb2c, perror_object=0x7fff80c6cb10)
    at imain.c:297
#11 0x00002b312a06b58e in gs_main_run_string_end (minst=0x0, user_errors=0, 
    pexit_code=0xfffffff1, perror_object=0x1) at imain.c:600
#12 0x00002b312a06c4c0 in run_string (minst=0x0, str=0x0, options=2)
    at imainarg.c:806
#13 0x00002b312a06cbc4 in runarg (minst=0x2b312a8ddaa0, pre=0x2b312a2866ed "", 
    arg=0x503030 "support-graf.pdf", post=0x2b312a26d4c8 ".runfile", 
    options=<value optimized out>) at imainarg.c:796
#14 0x00002b312a06cd88 in argproc (minst=0x2b312a8ddaa0, 
    arg=<value optimized out>) at imainarg.c:731
#15 0x00002b312a06e46f in gs_main_init_with_args (minst=0x2b312a8ddaa0, 
    argc=2, argv=<value optimized out>) at imainarg.c:229
#16 0x0000000000400bd1 in main (argc=2, argv=0x7fff80c6db28) at dxmainc.c:88
(gdb) p info
$1 = (gx_image_enum_common_t *) 0x0
(gdb) 

Adding ghostscript-library maintainer to CC

xpdf displays that file correctly (evince puts black background behind the pie graph)

Comment 5 Dr. Werner Fink 2006-02-28 11:47:12 UTC

Where can I find the pdf file?

Comment 6 Stanislav Brabec 2006-02-28 12:05:47 UTC

In comment #3.

Comment 7 Dr. Werner Fink 2006-02-28 14:15:31 UTC

I can fix this but then we see:

  ESP Ghostscript 8.15 (2005-09-22)
  Copyright (C) 2004 artofcode LLC, Benicia, CA.  All rights reserved.
  This software comes with NO WARRANTY: see the file COPYING for details.
  Processing pages 1 through 1.
  Page 1

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.
  ESP Ghostscript 8.15.1: Error: Font Renderer Plugin ( FreeType ) return code = -1
  ESP Ghostscript 8.15.1: Error: Font Renderer Plugin ( FreeType ) return code = -1

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.
  ESP Ghostscript 8.15.1: Error: Font Renderer Plugin ( FreeType ) return code = -1
  ESP Ghostscript 8.15.1: Error: Font Renderer Plugin ( FreeType ) return code = -1
  Can't render Font BJXJLA+Helvetica with FAPI, will do with native GS renderer.
  Can't render Font BJXJLA+Helvetica with FAPI, wil
     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.

     **** Warning: File encountered 'rangecheck' error while processing an image.
  l do with native GS renderer.
  Can't render Font BNTGDF+Helvetica with FAPI, will do with native GS renderer.
  Can't render Font BNTGDF+Helvetica with FAPI, will do with native GS renderer.
  >>showpage, press <return> to continue<<
 

     **** This file had errors that were repaired or ignored.
     **** The file was produced by: 
     **** >>>> Mac OS X 10.4.5 Quartz PDFContext <<<<
     **** Please notify the author of the software that produced this
     **** file that it does not conform to Adobe's published PDF
     **** specification.

Comment 8 Dr. Werner Fink 2006-02-28 15:00:10 UTC

I've submit a fixed version of ghostscript.
Nevertheless the pdf file is IMHO broken.

Comment 9 Ralf Flaxa 2006-05-03 12:00:23 UTC

So we can close this as fixed I guess?
Feel free to re-open if it is not fixed.

Comment 10 JP Rosevear 2006-05-04 02:24:53 UTC

Evince still has the problem.

Comment 11 Dr. Werner Fink 2006-05-08 11:06:03 UTC

Do you really have an uptodate ghostscript package running on
your SL 10.1?  What does

  rpm -q --changelog ghostscript-library | head -14

show in the last few changelog entries?  Beside this, can you
view the pdf file with the gs command?  With the test pdf of
the attachment of comment #3 I get some warnings but ghostscript
is able to display the test case.

Comment 12 Michal Marek 2006-05-08 14:41:42 UTC

ghostscript is fine, but evince (using the poppler PDF library) still crashes
on the same file.  I should have created another bugreport for ghostscript.

Comment 13 Radek Doulik 2006-06-12 12:21:03 UTC

Looks like it is upstream https://bugs.freedesktop.org/show_bug.cgi?id=4481.

I will review the patch and send it to nld-patches for further review if OK.

The problem is also fixed in poppler 0.5.3, but that one is unstable release.

Comment 14 Radek Doulik 2006-06-12 13:10:24 UTC

OK, the patch itself didn't fix the crasher, but provided the refcounting.

Comment 15 Radek Doulik 2006-06-12 13:11:32 UTC

Created attachment 88664 [details]
proposed patch

Comment 16 JP Rosevear 2006-06-12 17:18:10 UTC

KDE also uses poppler I believe, CC'ing them in case they any issues with the patch.

Comment 17 Radek Doulik 2006-06-12 17:44:37 UTC

Created attachment 88757 [details]
updated patch, with leak fix from Dan Winship

Comment 18 Dirk Mueller 2006-06-12 18:31:14 UTC

should be fine from our side assuming it doesn't blow up with evince. thanks, JPR.

Comment 19 Gary Ekker 2006-06-13 14:44:48 UTC

Fix submitted to stable and sles10 for RC3.

Comment 20 Michal Marek 2006-06-15 09:49:29 UTC

Thans Radek and Werner :)

Comment 21 Radek Doulik 2006-06-15 14:55:45 UTC

Thanks Gary