Crash when trying to remove an annotation in a PDF file
@aklapper
Submitted by Andre Klapper Link to original bug (#785786)
Description
- evince-3.24.0-3.fc26.x86_64
- poppler-0.52.0-4.fc26.x86_64
0x00007fdf29fec88e in ev_view_remove_window_child_for_annot (annot=0x7fdf04004d20, page=40, view=0x55930c543d10) at ev-view.c:3020
3020 if (child->page != page)
(gdb) thread apply all bt full
Thread 5 (Thread 0x7fdef57fa700 (LWP 23056)):
#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
No locals.
#1 0x00007fdf271825df in g_cond_wait (cond=cond@entry=0x7fdf2a20a070 <job_queue_cond>, mutex=mutex@entry=0x7fdf2a20a060 <job_queue_mutex>) at gthread-posix.c:1395
sampled = 241
#2 0x00007fdf29fd4503 in ev_job_thread_proxy (data=<optimized out>) at ev-job-scheduler.c:211
job = 0x0
#3 0x00007fdf27164536 in g_thread_proxy (data=0x55930c830c00) at gthread.c:784
thread = 0x55930c830c00
__func__ = "g_thread_proxy"
#4 0x00007fdf269ae36d in start_thread (arg=0x7fdef57fa700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7fdef57fa700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140595578251008, -6922367045484785693, 0, 140732274665232, 140595578251712, 0, 6940932295958351843, 6940190980052242403}, mask_was_saved = 0}}, priv = {
pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#5 0x00007fdf266e6b8f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 4 (Thread 0x7fdf17509700 (LWP 23046)):
#0 0x00007fdf266daa9d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x00007fdf2713d569 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7fdf0c0010c0, timeout=<optimized out>, context=0x7fdf10016140) at gmain.c:4271
poll_func = 0x7fdf2714cb80 <g_poll>
#2 g_main_context_iterate (context=0x7fdf10016140, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3967
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fdf0c0010c0
#3 0x00007fdf2713d902 in g_main_loop_run (loop=0x7fdf10017fe0) at gmain.c:4168
__func__ = "g_main_loop_run"
#4 0x00007fdf27722cb6 in gdbus_shared_thread_func (user_data=0x7fdf10016110) at gdbusprivate.c:252
data = 0x7fdf10016110
#5 0x00007fdf27164536 in g_thread_proxy (data=0x55930c056720) at gthread.c:784
thread = 0x55930c056720
__func__ = "g_thread_proxy"
#6 0x00007fdf269ae36d in start_thread (arg=0x7fdf17509700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7fdf17509700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140596145592064, -6922367045484785693, 0, 140596162373744, 140596145592768, 0, 6940294931938430947, 6940190980052242403}, mask_was_saved = 0}}, priv = {
---Type <return> to continue, or q <return> to quit---
pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#7 0x00007fdf266e6b8f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 3 (Thread 0x7fdf17d0a700 (LWP 23045)):
#0 0x00007fdf266daa9d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x00007fdf2713d569 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7fdf080008c0, timeout=<optimized out>, context=0x7fdf10004800) at gmain.c:4271
poll_func = 0x7fdf2714cb80 <g_poll>
#2 g_main_context_iterate (context=context@entry=0x7fdf10004800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3967
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fdf080008c0
#3 0x00007fdf2713d67c in g_main_context_iteration (context=0x7fdf10004800, may_block=may_block@entry=1) at gmain.c:4033
retval = <optimized out>
#4 0x00007fdf2713d6c1 in glib_worker_main (data=<optimized out>) at gmain.c:5824
No locals.
#5 0x00007fdf27164536 in g_thread_proxy (data=0x55930c056680) at gthread.c:784
thread = 0x55930c056680
__func__ = "g_thread_proxy"
#6 0x00007fdf269ae36d in start_thread (arg=0x7fdf17d0a700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7fdf17d0a700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140596153984768, -6922367045484785693, 0, 140596162373360, 140596153985472, 0, 6940293831889932259, 6940190980052242403}, mask_was_saved = 0}}, priv = {
pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#7 0x00007fdf266e6b8f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 2 (Thread 0x7fdf1850b700 (LWP 23044)):
#0 0x00007fdf266daa9d in poll () at ../sysdeps/unix/syscall-template.S:84
No locals.
#1 0x00007fdf2713d569 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7fdf100010e0, timeout=<optimized out>, context=0x55930c05bca0) at gmain.c:4271
poll_func = 0x7fdf2714cb80 <g_poll>
#2 g_main_context_iterate (context=context@entry=0x55930c05bca0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3967
max_priority = 2147483647
---Type <return> to continue, or q <return> to quit---
timeout = -1
some_ready = <optimized out>
nfds = 1
allocated_nfds = 1
fds = 0x7fdf100010e0
#3 0x00007fdf2713d67c in g_main_context_iteration (context=context@entry=0x55930c05bca0, may_block=may_block@entry=1) at gmain.c:4033
retval = <optimized out>
#4 0x00007fdf18512f3d in dconf_gdbus_worker_thread (user_data=0x55930c05bca0) at dconf-gdbus-thread.c:82
context = 0x55930c05bca0
#5 0x00007fdf27164536 in g_thread_proxy (data=0x55930c0560f0) at gthread.c:784
thread = 0x55930c0560f0
__func__ = "g_thread_proxy"
#6 0x00007fdf269ae36d in start_thread (arg=0x7fdf1850b700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7fdf1850b700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140596162377472, -6922367045484785693, 0, 140732274664064, 140596162378176, 0, 6940327918361006051, 6940190980052242403}, mask_was_saved = 0}}, priv = {
pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#7 0x00007fdf266e6b8f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 1 (Thread 0x7fdf2a57d680 (LWP 23042)):
#0 0x00007fdf29fec88e in ev_view_remove_window_child_for_annot (annot=0x7fdf04004d20, page=40, view=0x55930c543d10) at ev-view.c:3020
child = 0x55930c2eecf0
wannot = <optimized out>
children = 0x55930c23c2e0
#1 ev_view_remove_annotation (view=0x55930c543d10, annot=0x7fdf04004d20) at ev-view.c:3471
page = 40
__func__ = "ev_view_remove_annotation"
#2 0x00007fdf2741530d in g_closure_invoke (closure=0x55930c214270, return_value=0x0, n_param_values=2, param_values=0x7ffec93d5b70, invocation_hint=0x7ffec93d5af0) at gclosure.c:804
marshal = 0x7fdf27418300 <g_cclosure_marshal_VOID__VARIANT>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x55930c214250
__func__ = "g_closure_invoke"
#3 0x00007fdf2742798e in signal_emit_unlocked_R (node=node@entry=0x55930c166730, detail=detail@entry=0, instance=instance@entry=0x55930c141940, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7ffec93d5b70) at gsignal.c:3635
tmp = <optimized out>
handler = 0x55930c2f3480
accumulator = 0x0
emission = {next = 0x7ffec93d6000, instance = 0x55930c141940, ihint = {signal_id = 203, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
class_closure = 0x0
handler_list = 0x55930c2f3480
return_accu = 0x0
---Type <return> to continue, or q <return> to quit---
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0,
v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 203
max_sequential_handler_number = 121481
return_value_altered = 0
#4 0x00007fdf274301a5 in g_signal_emit_valist (instance=0x55930c141940, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffec93d5d50) at gsignal.c:3391
instance_and_params = 0x7ffec93d5b70
signal_return_type = 4
param_values = 0x7ffec93d5b88
node = <optimized out>
i = <optimized out>
n_params = 1
__func__ = "g_signal_emit_valist"
#5 0x00007fdf27430b0f in g_signal_emit (instance=instance@entry=0x55930c141940, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
var_args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7ffec93d5e30, reg_save_area = 0x7ffec93d5d70}}
#6 0x00007fdf276feead in g_simple_action_activate (action=0x55930c141940, parameter=0x0) at gsimpleaction.c:225
simple = 0x55930c141940
__func__ = "g_simple_action_activate"
#7 0x00007fdf28bb01b0 in gtk_action_muxer_activate_action (action_group=0x55930c0e8d00, action_name=0x55930cdf9a01 "win.remove-annot", parameter=0x0) at gtkactionmuxer.c:412
muxer = 0x55930c0e8d00
group = <optimized out>
unprefixed_name = 0x55930cdf9a05 "remove-annot"
#8 0x00007fdf28bb0182 in gtk_action_muxer_activate_action (action_group=0x55930c07ac00, action_name=0x55930cdf9a01 "win.remove-annot", parameter=0x0) at gtkactionmuxer.c:414
muxer = 0x55930c07ac00
group = <optimized out>
unprefixed_name = 0x55930cdf9a05 "remove-annot"
parameter = 0x0
action_group = 0x55930c07ac00
action_name = 0x55930cdf9a01 "win.remove-annot"
muxer = 0x55930c07ac00
group = <optimized out>
unprefixed_name = 0x55930cdf9a05 "remove-annot"
#9 0x00007fdf28d0ab36 in gtk_menu_tracker_item_activated (self=0x55930c82ce00) at gtkmenutrackeritem.c:799
action_name = 0x55930cdf9a01 "win.remove-annot"
action_target = 0x0
__func__ = "gtk_menu_tracker_item_activated"
#10 0x00007fdf2741530d in g_closure_invoke (closure=0x55930c2f25c0, return_value=0x0, n_param_values=1, param_values=0x7ffec93d6090, invocation_hint=0x7ffec93d6010) at gclosure.c:804
marshal = 0x7fdf27416fd0 <g_cclosure_marshal_VOID__VOID>
marshal_data = 0x0
in_marshal = 0
real_closure = 0x55930c2f25a0
__func__ = "g_closure_invoke"
#11 0x00007fdf2742798e in signal_emit_unlocked_R (node=node@entry=0x55930c094bc0, detail=detail@entry=0, instance=instance@entry=0x55930ce1d530, emission_return=emission_return@entry=0x0,
instance_and_params=instance_and_params@entry=0x7ffec93d6090) at gsignal.c:3635
tmp = <optimized out>
handler = 0x55930c70ee40
accumulator = 0x0
emission = {next = 0x7ffec93d6570, instance = 0x55930ce1d530, ihint = {signal_id = 124, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4}
class_closure = 0x55930c0974f0
---Type <return> to continue, or q <return> to quit---
handler_list = 0x55930c70ee40
return_accu = 0x0
accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0,
v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
signal_id = 124
max_sequential_handler_number = 121481
return_value_altered = 1
#12 0x00007fdf274301a5 in g_signal_emit_valist (instance=0x55930ce1d530, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffec93d6260) at gsignal.c:3391
instance_and_params = 0x7ffec93d6090
signal_return_type = 4
param_values = 0x7ffec93d60a8
node = <optimized out>
i = <optimized out>
n_params = 0
__func__ = "g_signal_emit_valist"
#13 0x00007fdf27430b0f in g_signal_emit (instance=instance@entry=0x55930ce1d530, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffec93d6340, reg_save_area = 0x7ffec93d6280}}
#14 0x00007fdf28e377a6 in gtk_widget_activate (widget=widget@entry=0x55930ce1d530) at gtkwidget.c:7756
No locals.
#15 0x00007fdf28d07406 in gtk_menu_shell_activate_item (menu_shell=0x55930c4aa880, menu_item=0x55930ce1d530, force_deactivate=<optimized out>) at gtkmenushell.c:1375
slist = <optimized out>
shells = 0x7fdeec003110
deactivate = <optimized out>
__func__ = "gtk_menu_shell_activate_item"
#16 0x00007fdf28d076e2 in gtk_menu_shell_button_release (widget=0x55930c4aa880, event=<optimized out>) at gtkmenushell.c:791
submenu = 0x0
menu_item = 0x55930ce1d530
deactivate = 1
menu_shell = 0x55930c4aa880
priv = 0x55930c4aa720
#17 0x00007fdf28cea367 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x55930c07ec40, return_value=0x7ffec93d65a0, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>,
n_params=<optimized out>, param_types=0x55930c08c170) at gtkmarshalers.c:143
cc = 0x55930c07ec40
data1 = <optimized out>
data2 = <optimized out>
callback = <optimized out>
arg0 = 0x55930cac3320
args_copy = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7ffec93d6750, reg_save_area = 0x7ffec93d6690}}
v_return = <optimized out>
__func__ = "_gtk_marshal_BOOLEAN__BOXEDv"
#18 0x00007fdf27415546 in _g_closure_invoke_va (closure=0x55930c07ec40, return_value=0x7ffec93d65a0, instance=0x55930c4aa880, args=0x7ffec93d6670, n_params=1, param_types=0x55930c08c170) at gclosure.c:867
marshal = 0x7fdf274137a0 <g_type_class_meta_marshalv>
marshal_data = 0x188
in_marshal = 0
real_closure = 0x55930c07ec20
__func__ = "_g_closure_invoke_va"
#19 0x00007fdf2742fe69 in g_signal_emit_valist (instance=0x55930c4aa880, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7ffec93d6670) at gsignal.c:3300
return_accu = 0x7ffec93d65a0
accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0,
---Type <return> to continue, or q <return> to quit---
v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x55930c069770
emission = {next = 0x0, instance = 0x55930c4aa880, ihint = {signal_id = 77, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 94090050510000}
signal_id = <optimized out>
instance_type = 94090050510000
emission_return = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0,
v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 20
static_scope = 0
fastpath_handler = <optimized out>
closure = <optimized out>
run_type = <optimized out>
l = <optimized out>
fastpath = 1
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__func__ = "g_signal_emit_valist"
#20 0x00007fdf27430b0f in g_signal_emit (instance=instance@entry=0x55930c4aa880, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3447
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffec93d6750, reg_save_area = 0x7ffec93d6690}}
#21 0x00007fdf28e351e4 in gtk_widget_event_internal (widget=widget@entry=0x55930c4aa880, event=event@entry=0x55930cac3320) at gtkwidget.c:7723
signal_num = <optimized out>
return_val = <optimized out>
handled = 0
__func__ = "gtk_widget_event_internal"
#22 0x00007fdf28e3733a in gtk_widget_event (widget=widget@entry=0x55930c4aa880, event=event@entry=0x55930cac3320) at gtkwidget.c:7293
__func__ = "gtk_widget_event"
#23 0x00007fdf28ce727e in propagate_event_up (topmost=<optimized out>, event=<optimized out>, widget=0x55930c4aa880) at gtkmain.c:2568
tmp = <optimized out>
handled_event = <optimized out>
#24 propagate_event (widget=<optimized out>, event=0x55930cac3320, captured=<optimized out>, topmost=0x0) at gtkmain.c:2670
handled_event = 0
#25 0x00007fdf28ce9370 in gtk_main_do_event (event=<optimized out>) at gtkmain.c:1901
window_group = <optimized out>
device = <optimized out>
tmp_list = <optimized out>
event_widget = <optimized out>
event = 0x55930cac3320
#26 0x00007fdf287fd465 in _gdk_event_emit (event=event@entry=0x55930cac3320) at gdkevents.c:73
No locals.
#27 0x00007fdf288593e2 in gdk_event_source_dispatch (base=<optimized out>, callback=<optimized out>, data=<optimized out>) at gdkeventsource.c:124
source = <optimized out>
display = <optimized out>
event = 0x55930cac3320
#28 0x00007fdf2713d247 in g_main_dispatch (context=0x55930c045de0) at gmain.c:3234
dispatch = 0x7fdf288593c0 <gdk_event_source_dispatch>
---Type <return> to continue, or q <return> to quit---
prev_source = 0x0
was_in_call = 0
user_data = 0x0
callback = 0x0
cb_funcs = 0x0
cb_data = 0x0
need_destroy = <optimized out>
source = 0x55930c05eac0
current = 0x55930c0b79c0
i = 0
#29 g_main_context_dispatch (context=context@entry=0x55930c045de0) at gmain.c:3899
No locals.
#30 0x00007fdf2713d5e8 in g_main_context_iterate (context=context@entry=0x55930c045de0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972
max_priority = 2147483647
timeout = 87
some_ready = 1
nfds = <optimized out>
allocated_nfds = 3
fds = 0x55930c5b2a00
#31 0x00007fdf2713d67c in g_main_context_iteration (context=context@entry=0x55930c045de0, may_block=may_block@entry=1) at gmain.c:4033
retval = <optimized out>
#32 0x00007fdf276f6ebd in g_application_run (application=0x55930c15b230, argc=<optimized out>, argv=<optimized out>) at gapplication.c:2381
arguments = 0x55930c5b2a00
status = 0
context = 0x55930c045de0
acquired_context = <optimized out>
__func__ = "g_application_run"
#33 0x000055930baffa68 in main (argc=<optimized out>, argv=<optimized out>) at main.c:316
application = 0x55930c15b230
context = <optimized out>
error = 0x0
status = <optimized out>
(gdb) info register
rax 0x1 1
rbx 0x55930c543d10 94090055400720
rcx 0x55930c0eaaa8 94090050841256
rdx 0x55930cdeecc0 94090064489664
rsi 0x55930cdeecc0 94090064489664
rdi 0x0 0
rbp 0x7fdf04004d20 0x7fdf04004d20
rsp 0x7ffec93d5980 0x7ffec93d5980
r8 0x55930c396c08 94090053643272
r9 0x55930cdeecf8 94090064489720
r10 0x55930c396c10 94090053643280
r11 0x55930c778f78 94090057715576
r12 0x55930c23c2e0 94090052223712
r13 0x55930c2eecf0 94090052955376
r14 0x28 40
r15 0x7fdf27418300 140596413039360
rip 0x7fdf29fec88e 0x7fdf29fec88e <ev_view_remove_annotation+190>
eflags 0x297 [ CF PF AF SF IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb)
Version: 3.24.x
Edited by Germán Poo-Caamaño