Font name-related crash when editing form field
When editing a PDF form field, a crash may occur which appears to be related to the font name. This reproduces 100% of the time on my system with the following steps.
- Open this PDF in Evince
- Edit the Name field (the very first one in the document)
- Crash
The crash occurs in Form::ensureFontsForAllCharacters
in poppler/Form.cc
. For this PDF, defaultResources->lookupFont("Cour")
is called and returns NULL. The next line attempts to dereference this null pointer and causes the crash. When debug messages are enabled I see this:
Poppler-INFO: 12:13:53.946: Syntax error at position -1: Unknown font tag 'Cour'
Here is the backtrace:
#0 0x00007fffe0ac821f in Form::ensureFontsForAllCharacters(GooString const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x7fffe4066ff0, unicodeText=0x5555560147b0, pdfFontNameToEmulate=<optimized out>) at /usr/src/debug/poppler-22.05.0/poppler/Form.cc:2940
#1 0x00007fffe0ac8754 in FormFieldText::setContentCopy(GooString const*) (this=0x7fffe4110af0, new_content=0x5555560147b0) at /usr/src/debug/poppler-22.05.0/poppler/Form.cc:1671
#2 0x00007fffe31e2707 in poppler_form_field_text_set_text(PopplerFormField*, gchar const*) (field=0x7fffe41c8d90, text=<optimized out>) at /usr/src/debug/poppler-22.05.0/glib/poppler-form-field.cc:757
#3 0x00007fffe3265f4c in pdf_document_forms_form_field_text_set_text (document=0x5555559a9730, field=0x7fffe41c9450, text=0x555555b6d330 "02") at ../evince/backend/pdf/ev-poppler.c:2442
#4 0x00007ffff7f60d64 in ev_view_form_field_text_save.part.0.lto_priv.0 (view=0x555555b75df0, widget=<optimized out>) at ../evince/libview/ev-view.c:2627
#5 0x00007ffff7f52cba in ev_view_form_field_text_save (widget=0x55555598acc0, view=<optimized out>) at ../evince/libview/ev-view.c:2664
#6 ev_view_form_field_text_focus_out (widget=widget@entry=0x55555598acc0, event=<optimized out>, view=<optimized out>) at ../evince/libview/ev-view.c:2665
#11 0x00007ffff7e7d824 in <emit signal ??? on instance ???> (instance=instance@entry=0x55555598acc0, signal_id=<optimized out>, detail=detail@entry=0) at ../glib/gobject/gsignal.c:3553
#7 0x00007ffff758ef78 in _gtk_marshal_BOOLEAN__BOXED
(closure=closure@entry=0x555555913b00, return_value=return_value@entry=0x7fffffffd720, n_param_values=n_param_values@entry=2, param_values=param_values@entry=0x7fffffffd780, invocation_hint=invocation_hint@entry=0x7fffffffd700, marshal_data=marshal_data@entry=0x0) at gtk/gtkmarshalers.c:84
#8 0x00007ffff7e5ff8f in g_closure_invoke (closure=0x555555913b00, return_value=0x7fffffffd720, n_param_values=2, param_values=0x7fffffffd780, invocation_hint=0x7fffffffd700) at ../glib/gobject/gclosure.c:830
#9 0x00007ffff7e7bba8 in signal_emit_unlocked_R (node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x55555598acc0, emission_return=emission_return@entry=0x7fffffffd8a0, instance_and_params=instance_and_params@entry=0x7fffffffd780) at ../glib/gobject/gsignal.c:3743
#10 0x00007ffff7e7cfb8 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fffffffd950) at ../glib/gobject/gsignal.c:3506
#12 0x00007ffff7850095 in gtk_widget_event_internal.part.0.lto_priv.0 (widget=0x55555598acc0, event=0x555555914950) at ../gtk/gtk/gtkwidget.c:7812
#13 0x00007ffff784bd27 in gtk_widget_send_focus_change (widget=0x55555598acc0, event=0x555555914950) at ../gtk/gtk/gtkwidget.c:16244
#14 0x00007ffff785f837 in do_focus_change (widget=0x55555598acc0, in=0) at ../gtk/gtk/gtkwindow.c:8452
#15 0x00007ffff785fe8a in gtk_window_real_set_focus (window=<optimized out>, focus=0x555555b75df0) at ../gtk/gtk/gtkwindow.c:8741
#16 0x00007ffff7e5e96f in g_cclosure_marshal_VOID__OBJECTv (closure=0x5555556709f0, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x555555673270) at ../glib/gobject/gmarshal.c:1910
#17 0x00007ffff7e7d6b6 in _g_closure_invoke_va (param_types=0x555555673270, n_params=1, args=0x7fffffffdd10, instance=0x555555851d90, return_value=<optimized out>, closure=<optimized out>) at ../glib/gobject/gclosure.c:893
#18 g_signal_emit_valist (instance=0x555555851d90, signal_id=166, detail=<optimized out>, var_args=var_args@entry=0x7fffffffdd10) at ../glib/gobject/gsignal.c:3406
#19 0x00007ffff7e7d824 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../glib/gobject/gsignal.c:3553
#20 0x00007ffff7e7d6b6 in _g_closure_invoke_va (param_types=0x0, n_params=0, args=0x7fffffffdf90, instance=0x555555b75df0, return_value=<optimized out>, closure=<optimized out>) at ../glib/gobject/gclosure.c:893
#21 g_signal_emit_valist (instance=0x555555b75df0, signal_id=72, detail=<optimized out>, var_args=var_args@entry=0x7fffffffdf90) at ../glib/gobject/gsignal.c:3406
#22 0x00007ffff7e7d824 in g_signal_emit (instance=instance@entry=0x555555b75df0, signal_id=<optimized out>, detail=detail@entry=0) at ../glib/gobject/gsignal.c:3553
#23 0x00007ffff783dabc in gtk_widget_grab_focus (widget=0x555555b75df0) at ../gtk/gtk/gtkwidget.c:8101
#24 0x00007ffff7f5dea1 in ev_view_button_press_event (widget=widget@entry=0x555555b75df0, event=event@entry=0x7fffe4007f10) at ../evince/libview/ev-view.c:5648
#25 0x00007ffff7591bb9 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x555555674810, return_value=0x7fffffffe270, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x555555666fe0) at gtk/gtkmarshalers.c:130
#26 0x00007ffff7e7d6b6 in _g_closure_invoke_va (param_types=0x555555666fe0, n_params=1, args=0x7fffffffe320, instance=0x555555b75df0, return_value=<optimized out>, closure=<optimized out>) at ../glib/gobject/gclosure.c:893
#27 g_signal_emit_valist (instance=0x555555b75df0, signal_id=78, detail=<optimized out>, var_args=var_args@entry=0x7fffffffe320) at ../glib/gobject/gsignal.c:3406
#28 0x00007ffff7e7d824 in g_signal_emit (instance=instance@entry=0x555555b75df0, signal_id=<optimized out>, detail=detail@entry=0) at ../glib/gobject/gsignal.c:3553
#29 0x00007ffff7850095 in gtk_widget_event_internal.part.0.lto_priv.0 (widget=0x555555b75df0, event=0x7fffe4007f10) at ../gtk/gtk/gtkwidget.c:7812
#30 0x00007ffff76ecc95 in propagate_event_up (topmost=<optimized out>, event=<optimized out>, widget=0x555555b75df0) at ../gtk/gtk/gtkmain.c:2588
#31 propagate_event (widget=widget@entry=0x555555b75df0, event=event@entry=0x7fffe4007f10, captured=captured@entry=0, topmost=topmost@entry=0x0) at ../gtk/gtk/gtkmain.c:2691
#32 0x00007ffff76ecdd5 in gtk_propagate_event (widget=widget@entry=0x555555b75df0, event=event@entry=0x7fffe4007f10) at ../gtk/gtk/gtkmain.c:2725
#33 0x00007ffff76edbc3 in gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1921
#34 gtk_main_do_event (event=<optimized out>) at ../gtk/gtk/gtkmain.c:1691
#35 0x00007ffff744ed43 in _gdk_event_emit (event=0x7fffe4007f10) at ../gtk/gdk/gdkevents.c:73
#36 _gdk_event_emit (event=0x7fffe4007f10) at ../gtk/gdk/gdkevents.c:67
#37 0x00007ffff747d3c8 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at ../gtk/gdk/wayland/gdkeventsource.c:124
#38 0x00007ffff7d63163 in g_main_dispatch (context=0x555555610980) at ../glib/glib/gmain.c:3417
#39 g_main_context_dispatch (context=0x555555610980) at ../glib/glib/gmain.c:4135
#40 0x00007ffff7db99e9 in g_main_context_iterate.constprop.0 (context=context@entry=0x555555610980, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4211
#41 0x00007ffff7d606c5 in g_main_context_iteration (context=context@entry=0x555555610980, may_block=may_block@entry=1) at ../glib/glib/gmain.c:4276
#42 0x00007ffff714380e in g_application_run (application=0x5555557291b0, argc=-6428, argc@entry=0, argv=argv@entry=0x0) at ../glib/gio/gapplication.c:2569
#43 0x00005555555745f4 in main (argc=<optimized out>, argv=<optimized out>) at ../evince/shell/main.c:318
Edited by Simon McFarlane