[Poppler-bugs] [Bug 24036] New: crash when opening specific form pdf
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Sep 19 04:09:17 PDT 2009
http://bugs.freedesktop.org/show_bug.cgi?id=24036
Summary: crash when opening specific form pdf
Product: poppler
Version: unspecified
Platform: x86-64 (AMD64)
URL: http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp
=tcpdf_examples
OS/Version: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: general
AssignedTo: poppler-bugs at lists.freedesktop.org
ReportedBy: felix at hsgheli.de
I originally reported this against evince
(https://bugzilla.gnome.org/show_bug.cgi?id=594885), but it seems to be a
problem with poppler as it affects GIMP's PDF importer as well. Original text
and trace:
"
The XHTML Form PDF example from the TCPDF (tcpdf.sf.net) package crashes evince
when being opened. File is available from
http://www.tecnick.com/public/code/cp_dpage.php?aiocp_dp=tcpdf_examples
(Example 54, XHTML Form).
This is with poppler 0.12.
[New Thread 0x7fde6b810740 (LWP 14927)]
[New Thread 0x7fde5fea9910 (LWP 14930)]
Error: Annotation rectangle is wrong type
Error: FormWidgetButton:: unable to find the on state for the button
[New Thread 0x7fde5dc97910 (LWP 14931)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fde5fea9910 (LWP 14930)]
0x00007fde69413437 in pthread_mutex_lock () from /lib/libpthread.so.0
Current language: auto; currently asm
(gdb) thread apply all bt full
Thread 3 (Thread 0x7fde5dc97910 (LWP 14931)):
#0 pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
No locals.
#1 0x00007fde69a8c546 in g_cond_timed_wait_posix_impl (cond=0x1d45034,
entered_mutex=0x80, abs_time=<value optimized out>) at gthread-posix.c:242
result = <value optimized out>
end_time = {tv_sec = 1252674994, tv_nsec = 34573000}
timed_out = <value optimized out>
__PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl"
#2 0x00007fde65b30007 in g_async_queue_pop_intern_unlocked (queue=0x1d12960,
try=0, end_time=0x7fde5dc97010) at gasyncqueue.c:365
retval = <value optimized out>
__PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked"
#3 0x00007fde65b7e149 in g_thread_pool_thread_proxy (
data=<value optimized out>) at gthreadpool.c:220
task = (gpointer) 0x1d128b0
pool = (GRealThreadPool *) 0x1d12900
#4 0x00007fde65b7cbe6 in g_thread_create_proxy (data=0x1d129c0)
at gthread.c:635
__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#5 0x00007fde694108fc in start_thread () from /lib/libpthread.so.0
No locals.
#6 0x00007fde64e93a9d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#7 0x0000000000000000 in ?? ()
No symbol table info available.
Thread 2 (Thread 0x7fde5fea9910 (LWP 14930)):
#0 0x00007fde69413437 in pthread_mutex_lock () from /lib/libpthread.so.0
No locals.
#1 0x00007fde63c22562 in CharCodeToUnicode::decRefCnt (this=0x0)
at CharCodeToUnicode.cc:463
No locals.
#2 0x00007fde63c0ce13 in AnnotWidget::layoutText (this=<value optimized out>,
text=0x1faa2b0, outBuf=0x1e9b5e0, i=0x7fde5fea8bcc, font=0x1e9b320,
width=0x7fde5fea8bc0, widthLimit=0, charCount=0x0, noReencode=0)
at Annot.cc:2236
c = <value optimized out>
uChar = <value optimized out>
uAux = (Unicode *) 0x0
w = <value optimized out>
uLen = 32734
n = <value optimized out>
dx = <value optimized out>
dy = 6.9462205275420164e-310
ox = 1.5838005494597003e-316
oy = 1.576644107392819e-316
unicode = 1
ccToUnicode = (CharCodeToUnicode *) 0x0
spacePrev = <value optimized out>
last_i1 = <value optimized out>
last_o1 = <value optimized out>
last_o2 = <value optimized out>
#3 0x00007fde63c0daf9 in AnnotWidget::drawListBox (this=0x1e924a0,
text=0x1e29530, selection=0x204be70, nOptions=4, topIdx=0,
da=<value optimized out>, fontDict=0x204ba90, quadding=0) at Annot.cc:2933
daToks = (GooList *) 0x1e6eed0
tok = (GooString *) 0x7
convertedText = (GooString *) 0x1e9b5e0
font = (class GfxFont *) 0x1e9b320
fontSize = 10
borderWidth = 1
x = 0
y = 26.5
w = 1.6731205036824976e-316
wMax = <value optimized out>
tfPos = <value optimized out>
tmPos = -1
i = 0
j = 0
#4 0x00007fde63c1cc36 in AnnotWidget::generateFieldAppearance (this=0x1e924a0)
at Annot.cc:3323
mkObj = {type = objDict, {booln = 1476597584, intg = 1476597584,
real = 6.9462139757596211e-310, string = 0x7fde58031750,
name = 0x7fde58031750 "�O\001X�\177", array = 0x7fde58031750,
dict = 0x7fde58031750, stream = 0x7fde58031750, ref = {num = 1476597584,
gen = 32734}, cmd = 0x7fde58031750 "�O\001X�\177"}}
ftObj = {type = objName, {booln = 33203104, intg = 33203104,
real = 1.6404513021694076e-316, string = 0x1faa3a0, name = 0x1faa3a0 "Ch",
array = 0x1faa3a0, dict = 0x1faa3a0, stream = 0x1faa3a0, ref = {
num = 33203104, gen = 0}, cmd = 0x1faa3a0 "Ch"}}
appearDict = {type = objNone, {booln = 0, intg = 0, real = 0,
string = 0x0, name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {
num = 0, gen = 0}, cmd = 0x0}}
drObj = {type = objDict, {booln = 1476487936, intg = 1476487936,
real = 6.9462139703422901e-310, string = 0x7fde58016b00,
name = 0x7fde58016b00 "�O\001X�\177", array = 0x7fde58016b00,
dict = 0x7fde58016b00, stream = 0x7fde58016b00, ref = {num = 1476487936,
gen = 32734}, cmd = 0x7fde58016b00 "�O\001X�\177"}}
obj1 = {type = objArray, {booln = 1476599152, intg = 1476599152,
real = 6.9462139758370905e-310, string = 0x7fde58031d70,
name = 0x7fde58031d70 "�O\001X�\177", array = 0x7fde58031d70,
dict = 0x7fde58031d70, stream = 0x7fde58031d70, ref = {num = 1476599152,
gen = 32734}, cmd = 0x7fde58031d70 "�O\001X�\177"}}
obj2 = {type = objNone, {booln = 0, intg = 0, real = 0, string = 0x0,
name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0,
gen = 0}, cmd = 0x0}}
obj3 = {type = objNone, {booln = 31624096, intg = 31624096,
real = 1.5624379414385581e-316, string = 0x1e28ba0,
name = 0x1e28ba0 "/F2", array = 0x1e28ba0, dict = 0x1e28ba0,
stream = 0x1e28ba0, ref = {num = 31624096, gen = 0},
cmd = 0x1e28ba0 "/F2"}}
field = (Dict *) 0x7fde5802f4a0
annot = (Dict *) 0x7fde5802f4a0
acroForm = (Dict *) 0x7fde58015720
mkDict = (Dict *) 0x4
appearStream = <value optimized out>
fontDict = (GfxFontDict *) 0x204ba90
w = 1
dx = 53.340000000000003
dy = 37.5
r = 6.9462246462390486e-310
dash = <value optimized out>
caption = <value optimized out>
da = (GooString *) 0x1e9b4f0
selection = (GBool *) 0x204be70
dashLength = <value optimized out>
ff = 2097152
quadding = 0
comb = <value optimized out>
nOptions = 4
topIdx = 0
i = 0
j = 0
#5 0x00007fde63c1cea6 in AnnotWidget::draw (this=0x1e924a0, gfx=0x1cf24c0,
printing=32092960) at Annot.cc:3424
obj = {type = objNone, {booln = 0, intg = 0, real = 0, string = 0x0,
name = 0x0, array = 0x0, dict = 0x0, stream = 0x0, ref = {num = 0,
gen = 0}, cmd = 0x0}}
#6 0x00007fde63c810de in Page::displaySlice (this=<value optimized out>,
out=0x1d54800, hDPI=72, vDPI=72, rotate=<value optimized out>,
useMediaBox=<value optimized out>, crop=<value optimized out>,
sliceX=<value optimized out>, sliceY=-1, sliceW=-1, sliceH=-1, printing=0,
catalog=0x7fde58015090, abortCheckCbk=0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0, annotDisplayDecideCbkData=0x0) at Page.cc:492
annot = (class Annot *) 0x30
gfx = (Gfx *) 0x1cf24c0
obj = {type = objNone, {booln = 1476625680, intg = 1476625680,
real = 6.9462139771477479e-310, string = 0x7fde58038510,
name = 0x7fde58038510 "�O\001X�\177", array = 0x7fde58038510,
dict = 0x7fde58038510, stream = 0x7fde58038510, ref = {num = 1476625680,
gen = 32734}, cmd = 0x7fde58038510 "�O\001X�\177"}}
annotList = (Annots *) 0x1cf4530
i = 9
#7 0x00007fde68fe92d1 in _poppler_page_render (page=0x1d406c0,
cairo=0x1cf1c00, printing=0) at poppler-page.cc:560
output_dev = (class CairoOutputDev *) 0x1d54800
__PRETTY_FUNCTION__ = "void _poppler_page_render(PopplerPage*, cairo_t*,
GBool)"
#8 0x00007fde5f4a4c8b in pdf_document_render (document=<value optimized out>,
rc=0x1c8ff30) at ev-poppler.cc:510
poppler_page = <value optimized out>
width_points = 595.28000000000009
height_points = 841.88999999999999
width = 595
height = 842
#9 0x00007fde6abd3c01 in ev_job_render_run (job=0x1bff2d0) at ev-jobs.c:521
job_render = (EvJobRender *) 0x1bff2d0
rc = <value optimized out>
#10 0x00007fde6abd4900 in ev_job_thread_proxy (data=<value optimized out>)
at ev-job-scheduler.c:183
job = (EvSchedulerJob *) 0x1d12300
#11 0x00007fde65b7cbe6 in g_thread_create_proxy (data=0x1ccf890)
at gthread.c:635
__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#12 0x00007fde694108fc in start_thread () from /lib/libpthread.so.0
No locals.
#13 0x00007fde64e93a9d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#14 0x0000000000000000 in ?? ()
No symbol table info available.
Thread 1 (Thread 0x7fde6b810740 (LWP 14927)):
#0 __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
No locals.
#1 0x00007fde69413659 in _L_lock_534 () from /lib/libpthread.so.0
No locals.
#2 0x00007fde6941346e in pthread_mutex_lock () from /lib/libpthread.so.0
No locals.
#3 0x00007fde6abe5593 in draw_loading_text (view=0x1c88000,
page_area=0x7fff3b1a1010, expose_area=<value optimized out>)
at ev-view.c:4011
loading_text = (const gchar *) 0x7fde6abe9130 "Loading..."
layout = <value optimized out>
font_desc = <value optimized out>
logical_rect = {x = 30382560, y = 0, width = 30552352, height = 0}
cr = <value optimized out>
#4 0x00007fde6abe6393 in ev_view_expose_event (widget=0x1c88000,
event=0x7fff3b1a1590) at ev-view.c:4104
page_area = {x = 5, y = 5, width = 1651, height = 2333}
border = {left = 1, right = 4, top = 1, bottom = 4}
view = (EvView *) 0x1c88000
cr = (cairo_t *) 0x1d88ca0
i = 0
#5 0x00007fde6a6d1163 in _gtk_marshal_BOOLEAN__BOXED (closure=0x1ab8100,
return_value=0x7fff3b1a1270, n_param_values=<value optimized out>,
param_values=0x1d90240, invocation_hint=<value optimized out>,
marshal_data=0x7fde6abe56b0) at gtkmarshalers.c:84
data1 = (gpointer) 0x1c88000
data2 = (gpointer) 0x1aafb50
v_return = <value optimized out>
__PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
#6 0x00007fde6600f54f in IA__g_closure_invoke (closure=0x1ab8100,
return_value=0x7fff3b1a1270, n_param_values=2, param_values=0x1d90240,
invocation_hint=0x7fff3b1a1230) at gclosure.c:767
marshal = (GClosureMarshal) 0x7fde6600da70 <g_type_class_meta_marshal>
marshal_data = <value optimized out>
__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#7 0x00007fde6602598a in signal_emit_unlocked_R (node=0x1ab8170, detail=0,
instance=0x1c88000, emission_return=0x7fff3b1a13b0,
instance_and_params=0x1d90240) at gsignal.c:3285
accumulator = (SignalAccumulator *) 0x1ab62c0
emission = {next = 0x7fff3b1a1aa0, instance = 0x1c88000, ihint = {
signal_id = 45, detail = 0, run_type = G_SIGNAL_RUN_LAST},
state = EMISSION_RUN, chain_type = 29871104}
class_closure = (GClosure *) 0x1ab8100
handler_list = (Handler *) 0x0
return_accu = (GValue *) 0x7fff3b1a1270
accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0,
v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0,
v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 45
max_sequential_handler_number = 856
return_value_altered = 0
#8 0x00007fde66027115 in IA__g_signal_emit_valist (instance=0x1c88000,
signal_id=<value optimized out>, detail=0, var_args=0x7fff3b1a1410)
at gsignal.c:2990
return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0,
v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0,
v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0,
v_pointer = 0x0}}}
error = <value optimized out>
signal_return_type = 20
param_values = (GValue *) 0x1d90258
node = (SignalNode *) 0x1ab8170
i = 1
n_params = 1
__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#9 0x00007fde66027753 in IA__g_signal_emit (instance=0x1cc6990,
signal_id=128, detail=0) at gsignal.c:3037
var_args = {{gp_offset = 32, fp_offset = 48,
overflow_arg_area = 0x7fff3b1a14f0, reg_save_area = 0x7fff3b1a1430}}
#10 0x00007fde6a7f316e in gtk_widget_event_internal (widget=0x1c88000,
event=0x7fff3b1a1590) at gtkwidget.c:4767
signal_num = <value optimized out>
return_val = 0
#11 0x00007fde6a6c9586 in IA__gtk_main_do_event (event=0x7fff3b1a1590)
at gtkmain.c:1558
event_widget = (GtkWidget *) 0x1c88000
grab_widget = (GtkWidget *) 0x1c88000
window_group = (GtkWindowGroup *) 0x1d1ff40
rewritten_event = (GdkEvent *) 0x0
tmp_list = <value optimized out>
__PRETTY_FUNCTION__ = "IA__gtk_main_do_event"
#12 0x00007fde68d5c826 in _gdk_window_process_updates_recurse (
window=0x1d3e2a0, expose_region=0x1c8f890) at gdkwindow.c:4961
event = {type = GDK_EXPOSE, any = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0'}, expose = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', area = {x = 0, y = 0,
width = 1660, height = 897}, region = 0x1c8f890, count = 0},
no_expose = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0'},
visibility = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
state = GDK_VISIBILITY_UNOBSCURED}, motion = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', time = 0,
x = 3.522513013002352e-311, y = 4.4317688431959815e-321, axes = 0x1c8f890,
state = 0, is_hint = 0, device = 0x0, x_root = 6.9462279169633077e-310,
y_root = 6.9462279169862324e-310}, button = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', time = 0,
x = 3.522513013002352e-311, y = 4.4317688431959815e-321, axes = 0x1c8f890,
state = 0, button = 0, device = 0x0, x_root = 6.9462279169633077e-310,
y_root = 6.9462279169862324e-310}, scroll = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', time = 0,
x = 3.522513013002352e-311, y = 4.4317688431959815e-321, state = 29948048,
direction = GDK_SCROLL_UP, device = 0x0, x_root = 0,
y_root = 6.9462279169633077e-310}, key = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', time = 0, state = 0,
keyval = 1660, length = 897, string = 0x1c8f890 "\002",
hardware_keycode = 0, group = 0 '\0', is_modifier = 0}, crossing = {
type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
subwindow = 0x67c00000000, time = 897, x = 1.4796301676804652e-316, y = 0,
x_root = 0, y_root = 6.9462279169633077e-310, mode = 1758771152,
detail = 32734, focus = 29936480, state = 0}, focus_change = {
type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', in = 0},
configure = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
x = 0, y = 0, width = 1660, height = 897}, property = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', atom = 0x67c00000000, time = 897,
state = 0}, selection = {type = GDK_EXPOSE, window = 0x1d3e2a0,
send_event = 0 '\0', selection = 0x67c00000000, target = 0x381,
property = 0x1c8f890, time = 0, requestor = 0}, owner_change = {
type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0', owner = 0,
reason = GDK_OWNER_CHANGE_NEW_OWNER, selection = 0x381, time = 29948048,
selection_time = 0}, proximity = {type = GDK_EXPOSE, window = 0x1d3e2a0,
send_event = 0 '\0', time = 0, device = 0x67c00000000}, client = {
type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
message_type = 0x67c00000000, data_format = 897, data = {
b = "\220��\001", '\0' <repeats 15 times>, s = {-1904, 456, 0, 0, 0,
0,
0, 0, 0, 0}, l = {29948048, 0, 0, 140593218237952, 140593218238416}}},
dnd = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
context = 0x67c00000000, time = 897, x_root = 0, y_root = 0},
window_state = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
changed_mask = 0, new_window_state = 0}, setting = {type = GDK_EXPOSE,
window = 0x1d3e2a0, send_event = 0 '\0', action = GDK_SETTING_ACTION_NEW,
name = 0x67c00000000 <Address 0x67c00000000 out of bounds>},
grab_broken = {type = GDK_EXPOSE, window = 0x1d3e2a0, send_event = 0 '\0',
keyboard = 0, implicit = 0, grab_window = 0x381}}
child = <value optimized out>
child_region = (GdkRegion *) 0x1c8f890
r = {x = 31958368, y = 0, width = 29948048, height = 0}
l = (GList *) 0x1e7a560
children = (GList *) 0x0
#13 0x00007fde68d5c7d3 in _gdk_window_process_updates_recurse (
window=0x1d3e190, expose_region=0x1c8cb60) at gdkwindow.c:4934
child = (GdkWindowObject *) 0x1d3e2a0
child_region = (GdkRegion *) 0x1c8f890
r = {x = 0, y = 0, width = 1660, height = 897}
l = (GList *) 0x1e7a560
children = (GList *) 0x1e7a560
#14 0x00007fde68d5c7d3 in _gdk_window_process_updates_recurse (
window=0x1bfce50, expose_region=0x1d23c40) at gdkwindow.c:4934
child = (GdkWindowObject *) 0x1d3e190
child_region = (GdkRegion *) 0x1c8cb60
r = {x = 1, y = 79, width = 1660, height = 897}
l = (GList *) 0x1e7a720
children = (GList *) 0x1e7a920
#15 0x00007fde68d58751 in gdk_window_process_updates_internal (
window=0x1bfce50) at gdkwindow.c:5116
expose_region = (GdkRegion *) 0x1d23c40
save_region = <value optimized out>
clip_box = {x = 0, y = 0, width = 1680, height = 977}
#16 0x00007fde68d5cb76 in IA__gdk_window_process_updates (window=0x1bfce50,
update_children=1) at gdkwindow.c:5268
impl_window = (GdkWindowObject *) 0x1bfce50
__PRETTY_FUNCTION__ = "IA__gdk_window_process_updates"
#17 0x00007fde6a80f332 in gtk_window_check_resize (
container=<value optimized out>) at gtkwindow.c:6188
No locals.
#18 0x00007fde6600f54f in IA__g_closure_invoke (closure=0x1abc6e0,
return_value=0x0, n_param_values=1, param_values=0x1c9fd80,
invocation_hint=0x7fff3b1a1ab0) at gclosure.c:767
marshal = (GClosureMarshal) 0x7fde6600da70 <g_type_class_meta_marshal>
marshal_data = <value optimized out>
__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#19 0x00007fde6602598a in signal_emit_unlocked_R (node=0x1abc730, detail=0,
instance=0x1aee0f0, emission_return=0x0, instance_and_params=0x1c9fd80)
at gsignal.c:3285
accumulator = (SignalAccumulator *) 0x0
emission = {next = 0x0, instance = 0x1aee0f0, ihint = {signal_id = 86,
detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN,
chain_type = 28295264}
class_closure = (GClosure *) 0x1abc6e0
handler_list = (Handler *) 0x0
return_accu = (GValue *) 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0,
v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0,
v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 86
max_sequential_handler_number = 853
return_value_altered = 0
#20 0x00007fde6602724e in IA__g_signal_emit_valist (instance=0x1aee0f0,
signal_id=<value optimized out>, detail=0, var_args=0x7fff3b1a1c90)
at gsignal.c:2980
signal_return_type = 4
param_values = (GValue *) 0x1c9fd98
node = (SignalNode *) 0x1abc730
i = 0
n_params = 0
__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#21 0x00007fde66027753 in IA__g_signal_emit (instance=0x1cc6990,
signal_id=128, detail=0) at gsignal.c:3037
var_args = {{gp_offset = 24, fp_offset = 48,
overflow_arg_area = 0x7fff3b1a1d70, reg_save_area = 0x7fff3b1a1cb0}}
#22 0x00007fde6a63743a in gtk_container_idle_sizer (data=<value optimized out>)
at gtkcontainer.c:1350
widget = (GtkWidget *) 0x1aee0f0
#23 0x00007fde68d36487 in gdk_threads_dispatch (data=0x1d60a00) at gdk.c:506
ret = 0
#24 0x00007fde65b53e49 in IA__g_main_context_dispatch (context=0x1a67f60)
at gmain.c:1960
No locals.
#25 0x00007fde65b57698 in g_main_context_iterate (context=0x1a67f60, block=1,
dispatch=1, self=<value optimized out>) at gmain.c:2591
max_priority = 110
timeout = 0
some_ready = 1
nfds = 9
allocated_nfds = <value optimized out>
fds = (GPollFD *) 0x1d3dba0
__PRETTY_FUNCTION__ = "g_main_context_iterate"
#26 0x00007fde65b57b6d in IA__g_main_loop_run (loop=0x1a609c0) at gmain.c:2799
self = (GThread *) 0x1a5e090
__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#27 0x00007fde6a6c9777 in IA__gtk_main () at gtkmain.c:1205
tmp_list = (GList *) 0x0
functions = (GList *) 0x0
init = (GtkInitFunction *) 0x0
loop = (GMainLoop *) 0x1a609c0
#28 0x000000000043d39c in main (argc=1, argv=0x7fff3b1a2108) at main.c:497
context = <value optimized out>
args = (GHashTable *) 0x1ad4c00
error = (GError *) 0x0
#0 0x00007fde69413437 in pthread_mutex_lock () from /lib/libpthread.so.0
"
I also did a valgrind run today and this came up in the log:
==17995== Thread 2:
==17995== Invalid read of size 4
==17995== at 0x678E437: pthread_mutex_lock (in /lib64/libpthread-2.10.1.so)
==17995== by 0xC59F561: CharCodeToUnicode::decRefCnt()
(CharCodeToUnicode.cc:463)
==17995== by 0xC589E12: AnnotWidget::layoutText(GooString*, GooString*,
int*, GfxFont*, double*, double, int*, int) (Annot.cc:2236)
==17995== by 0xC58AAF8: AnnotWidget::drawListBox(GooString**, int*, int,
int, GooString*, GfxFontDict*, int) (Annot.cc:2933)
==17995== by 0xC599C35: AnnotWidget::generateFieldAppearance()
(Annot.cc:3323)
==17995== by 0xC599EA5: AnnotWidget::draw(Gfx*, int) (Annot.cc:3424)
==17995== by 0xC5FE0DD: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:492)
==17995== by 0x69BB2D0: _poppler_page_render(_PopplerPage*, _cairo*, int)
(poppler-page.cc:560)
==17995== by 0x1220901A: ??? (ev-poppler.cc:510)
==17995== by 0x54825D0: ev_job_render_run (ev-jobs.c:521)
==17995== by 0x54832CF: ev_job_thread_proxy (ev-job-scheduler.c:183)
==17995== by 0x7BB6BE5: g_thread_create_proxy (gthread.c:635)
==17995== by 0x678B8FB: start_thread (in /lib64/libpthread-2.10.1.so)
==17995== by 0x84FBA9C: clone (clone.S:112)
==17995== Address 0x40 is not stack'd, malloc'd or (recently) free'd
==17995==
==17995== Process terminating with default action of signal 11 (SIGSEGV)
==17995== Access not within mapped region at address 0x40
==17995== at 0x678E437: pthread_mutex_lock (in /lib64/libpthread-2.10.1.so)
==17995== by 0xC59F561: CharCodeToUnicode::decRefCnt()
(CharCodeToUnicode.cc:463)
==17995== by 0xC589E12: AnnotWidget::layoutText(GooString*, GooString*,
int*, GfxFont*, double*, double, int*, int) (Annot.cc:2236)
==17995== by 0xC58AAF8: AnnotWidget::drawListBox(GooString**, int*, int,
int, GooString*, GfxFontDict*, int) (Annot.cc:2933)
==17995== by 0xC599C35: AnnotWidget::generateFieldAppearance()
(Annot.cc:3323)
==17995== by 0xC599EA5: AnnotWidget::draw(Gfx*, int) (Annot.cc:3424)
==17995== by 0xC5FE0DD: Page::displaySlice(OutputDev*, double, double, int,
int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int
(*)(Annot*, void*), void*) (Page.cc:492)
==17995== by 0x69BB2D0: _poppler_page_render(_PopplerPage*, _cairo*, int)
(poppler-page.cc:560)
==17995== by 0x1220901A: ??? (ev-poppler.cc:510)
==17995== by 0x54825D0: ev_job_render_run (ev-jobs.c:521)
==17995== by 0x54832CF: ev_job_thread_proxy (ev-job-scheduler.c:183)
==17995== by 0x7BB6BE5: g_thread_create_proxy (gthread.c:635)
==17995== by 0x678B8FB: start_thread (in /lib64/libpthread-2.10.1.so)
==17995== by 0x84FBA9C: clone (clone.S:112)
==17995== If you believe this happened as a result of a stack overflow in your
==17995== program's main thread (unlikely but possible), you can try to
increase
==17995== the size of the main thread stack using the --main-stacksize= flag.
==17995== The main thread stack size used in this run was 8388608.
Happens with poppler 0.10 and 0.12.
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list