Evince reproducibly crashes on large synctex file with "malloc(): smallbin double linked list corrupted"
Submitted by qaw..@..gmx.de
Link to original bug (#785481)
Description
Hi, when I open a pdf with a 1.1MB .synctex.gz, evince crashes with the attached backtrace. This also happens if I replace the pdf document with another one that has enough pages (e.g. www.texample.net/media/pgf/builds/pgfmanualCVS2012-11-04.pdf). I can also provide the .synctex.gz if needed...
Thanks for looking into this nasty bug, Richard
$evince --version
GNOME Document Viewer 3.18.2
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
Backtrace:
*** Error in `evince': malloc(): smallbin double linked list corrupted: 0x00007fe70c1cec90 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fe7354097e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x82651)[0x7fe735414651]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fe735416184]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_malloc+0x19)[0x7fe735cd1719]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_strdup+0x1f)[0x7fe735cea4ef]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x39e8d)[0x7fe735fcce8d]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_value_transform+0xe8)[0x7fe735fcaee8]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(+0x154b1)[0x7fe735fa84b1]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new_valist+0x3b5)[0x7fe735faa1b5]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_new+0xf1)[0x7fe735faa521]
/usr/lib/x86_64-linux-gnu/libevdocument3.so.4(ev_link_dest_new_named+0x35)[0x7fe7381e1675]
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0x9b39)[0x7fe7235f3b39]
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0x9cfa)[0x7fe7235f3cfa]
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0xa096)[0x7fe7235f4096]
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0xa161)[0x7fe7235f4161]
/usr/lib/x86_64-linux-gnu/evince/4/backends/libpdfdocument.so(+0xe226)[0x7fe7235f8226]
/usr/lib/x86_64-linux-gnu/libevview3.so.3(+0x1c44a)[0x7fe737f9344a]
/usr/lib/x86_64-linux-gnu/libevview3.so.3(+0x1e55a)[0x7fe737f9555a]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x70bb5)[0x7fe735cf2bb5]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7fe7357636ba]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fe7354993dd]
======= Memory map: ========
....
Aborted (core dumped)
Version: 3.18.x
Edited by Germán Poo-Caamaño