Page MenuHomeSolus
Create Task
Maniphest T9719

Issue in cairo or cairo backend of poppler
Closed, ResolvedPublic
Actions

Description

The issue originally appeared as a crash of Evince and was reported in the Evince issue tracker.

During the debugging it appeared that the problem is not in Evince itself but either in cairo or the cairo backend of poppler.

Some debug output of pdftocairo using Gnome debugger:

matthias@cubitus ~/Downloads/MagPi $ gdb --args pdftocairo MagPi99.pdf -png test
GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-solus-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from pdftocairo...
(No debugging symbols found in pdftocairo)
(gdb) run
Starting program: /usr/bin/pdftocairo MagPi99.pdf -png test
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Syntax Warning: Invalid Font Weight
(... repeated many times)
Syntax Warning: Invalid Font Weight

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7eb8bb3 in _cairo_damage_destroy (damage=0x14cb1b0) at cairo-damage.c:83
83	cairo-damage.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  0x00007ffff7eb8bb3 in _cairo_damage_destroy (damage=0x14cb1b0) at cairo-damage.c:83
#1  INT_cairo_surface_destroy (surface=0x277e840) at cairo-surface.c:974
#2  0x00007ffff7e9b280 in _cairo_scaled_glyph_fini (scaled_font=0x19a1630, scaled_glyph=0x276e1c0) at cairo-scaled-font.c:212
#3  0x00007ffff7e9b3ad in _cairo_scaled_glyph_page_destroy (page=0x276ced0, scaled_font=<optimized out>) at cairo-scaled-font.c:462
#4  _cairo_scaled_glyph_page_pluck (closure=0x276ced0) at cairo-scaled-font.c:480
#5  0x00007ffff7e9f6c3 in _cairo_cache_remove (entry=0x276ced0, cache=<optimized out>) at cairo-cache.c:296
#6  _cairo_cache_remove_random (cache=<optimized out>) at cairo-cache.c:223
#7  _cairo_cache_shrink_to_accommodate (additional=<optimized out>, cache=<optimized out>) at cairo-cache.c:243
#8  _cairo_cache_thaw (cache=<optimized out>) at cairo-cache.c:179
#9  _cairo_scaled_font_thaw_cache (scaled_font=0x1daf530) at cairo-scaled-font.c:806
#10 0x00007ffff7ea1b9b in _cairo_scaled_font_glyph_device_extents (scaled_font=0x1daf530, glyphs=<optimized out>, num_glyphs=<optimized out>,
    extents=0x7fffffffc47c, overlap_out=0x7fffffffc44c) at cairo-scaled-font.c:2279
#11 0x00007ffff7e531d1 in _cairo_composite_rectangles_init_for_glyphs (extents=extents@entry=0x7fffffffc460, surface=surface@entry=0x1cce920,
    op=<optimized out>, source=<optimized out>, scaled_font=scaled_font@entry=0x1daf530, glyphs=glyphs@entry=0x7fffffffcba0, num_glyphs=18, clip=0x1174730,
    overlap=0x7fffffffc44c) at cairo-composite-rectangles.c:446
#12 0x00007ffff7e54380 in _cairo_compositor_glyphs (compositor=0x7ffff7fa65a0 <spans>, surface=0x1cce920, op=<optimized out>, source=<optimized out>,
    glyphs=0x7fffffffcba0, num_glyphs=18, scaled_font=0x1daf530, clip=0x1174730) at cairo-compositor.c:238
#13 0x00007ffff7e67b85 in _cairo_image_surface_glyphs (abstract_surface=<optimized out>, op=<optimized out>, source=<optimized out>, glyphs=<optimized out>,
    num_glyphs=<optimized out>, scaled_font=<optimized out>, clip=0x1174730) at cairo-image-surface.c:1023
#14 0x00007ffff7ebdfde in _cairo_surface_show_text_glyphs (surface=0x1cce920, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc850, utf8=0x0,
    utf8_len=<optimized out>, glyphs=0x7fffffffcba0, num_glyphs=<optimized out>, clusters=0x0, num_clusters=<optimized out>, cluster_flags=0,
    scaled_font=0x1daf530, clip=0x1174730) at cairo-surface.c:2898
#15 0x00007ffff7e5bc30 in _cairo_gstate_show_text_glyphs (gstate=0x27882e0, glyphs=<optimized out>, num_glyphs=<optimized out>, info=0x0)
    at cairo-gstate.c:2077
#16 0x00007ffff7ecfae2 in cairo_show_glyphs (num_glyphs=<optimized out>, glyphs=<optimized out>, cr=0x511160) at cairo.c:3629
#17 cairo_show_glyphs (cr=0x511160, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3609
#18 0x0000000000410779 in ?? ()
#19 0x00007ffff7b472b6 in Gfx::doShowText(GooString const*) () from /usr/lib/libpoppler.so.108
#20 0x00007ffff7b47d0d in Gfx::opShowSpaceText(Object*, int) () from /usr/lib/libpoppler.so.108
#21 0x00007ffff7b3de07 in Gfx::go(bool) () from /usr/lib/libpoppler.so.108
#22 0x00007ffff7b3e32f in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.108
#23 0x00007ffff7b9bca2 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.108
#24 0x000000000040a659 in ?? ()
#25 0x00007ffff743aa92 in __libc_start_main () from /usr/lib/libc.so.6
#26 0x000000000040c1be in ?? ()
(gdb)

In normal CLI execution the program crashes with double free or corruption (out).

Few more debug examples can be found in the above Evince issue.

I'm reporting the issue here because it seems specific to the Solus build.

Revisions and Commits

R479 libcairo
R479:a0eda887af6b Disable LTO. Evince developers complain about it.
R2465 poppler
R2465:57580d961cf0 Update to 21.06.1
R2445 pixman
R2445:e9947455ea07 Disable PGO to hopefully actually finally resolve T9719

Related Objects

Event Timeline

palto42 created this task.May 12 2021, 3:20 PM
Herald added a project: Lacks Project. · View Herald TranscriptMay 12 2021, 3:20 PM
JoshStrobl triaged this task as Needs More Info priority.May 12 2021, 3:46 PM
JoshStrobl edited projects, added Software; removed Lacks Project.
JoshStrobl added a subscriber: JoshStrobl.

I have a local poppler upgrade that I've been working through (dealing with LO compilation issues atm). We can evaluate it further after the upgrade.

JoshStrobl added a comment.May 12 2021, 9:02 PM

Pushed poppler upgrade to unstable. If you happen to use unstable, testing is welcome (though if you use LibreOffice, just a warning that at the time of comment it is still building on the server, so you could do with waiting an hour or so).

I would like to note that we don't really do anything special with our poppler build. Not ruling out the possibility that it is a compiler C or ldflag flag we are setting as a default via ypkg / our default eopkg.conf however.

palto42 added a comment.May 13 2021, 4:21 PM

I tested with unstable and get different error now, so unfortunately not fixed with the update.

In CLI I now get a crash message free(): invalid pointer instead of previous double free or corruption.

Below the Gnome debugger output:

matthias@cubitus ~/Downloads/MagPi $ gdb --args pdftocairo MagPi99.pdf -png test
GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-solus-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from pdftocairo...
(No debugging symbols found in pdftocairo)
(gdb) run
Starting program: /usr/bin/pdftocairo MagPi99.pdf -png test
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Syntax Warning: Invalid Font Weight
(... repeated many times)
Syntax Warning: Invalid Font Weight
pdftocairo: cairo-surface.c:960: cairo_surface_destroy: Assertion `surface->snapshot_of == NULL' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff74784db in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff74784db in raise () from /usr/lib/libc.so.6
#1  0x00007ffff745d863 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff745d737 in ?? () from /usr/lib/libc.so.6
#3  0x00007ffff746f906 in __assert_fail () from /usr/lib/libc.so.6
#4  0x00007ffff7eb8da6 in INT_cairo_surface_destroy (surface=0x1f74b30) at cairo-surface.c:960
#5  0x00007ffff7e9b280 in _cairo_scaled_glyph_fini (scaled_font=0x2753d70, scaled_glyph=0x1460d10) at cairo-scaled-font.c:212
#6  0x00007ffff7e9b3ad in _cairo_scaled_glyph_page_destroy (page=0x14604a0, scaled_font=<optimized out>) at cairo-scaled-font.c:462
#7  _cairo_scaled_glyph_page_pluck (closure=0x14604a0) at cairo-scaled-font.c:480
#8  0x00007ffff7e9f6c3 in _cairo_cache_remove (entry=0x14604a0, cache=<optimized out>) at cairo-cache.c:296
#9  _cairo_cache_remove_random (cache=<optimized out>) at cairo-cache.c:223
#10 _cairo_cache_shrink_to_accommodate (additional=<optimized out>, cache=<optimized out>) at cairo-cache.c:243
#11 _cairo_cache_thaw (cache=<optimized out>) at cairo-cache.c:179
#12 _cairo_scaled_font_thaw_cache (scaled_font=0x201d3f0) at cairo-scaled-font.c:806
#13 0x00007ffff7ec45d1 in _cairo_traps_compositor_glyphs (_compositor=0x7ffff7fa64e0 <compositor>, extents=0x7fffffffc480, scaled_font=0x201d3f0,
    glyphs=<optimized out>, num_glyphs=<optimized out>, overlap=0) at cairo-traps-compositor.c:2335
#14 0x00007ffff7e543a1 in _cairo_compositor_glyphs (compositor=0x7ffff7fa64e0 <compositor>, surface=0xff6a40, op=<optimized out>, source=<optimized out>,
    glyphs=0x7fffffffcbc0, num_glyphs=9, scaled_font=0x201d3f0, clip=0x1196600) at cairo-compositor.c:250
#15 0x00007ffff7e67b85 in _cairo_image_surface_glyphs (abstract_surface=<optimized out>, op=<optimized out>, source=<optimized out>, glyphs=<optimized out>,
    num_glyphs=<optimized out>, scaled_font=<optimized out>, clip=0x1196600) at cairo-image-surface.c:1023
#16 0x00007ffff7ebdfde in _cairo_surface_show_text_glyphs (surface=0xff6a40, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc870, utf8=0x0,
    utf8_len=<optimized out>, glyphs=0x7fffffffcbc0, num_glyphs=<optimized out>, clusters=0x0, num_clusters=<optimized out>, cluster_flags=0,
    scaled_font=0x201d3f0, clip=0x1196600) at cairo-surface.c:2898
#17 0x00007ffff7e5bc30 in _cairo_gstate_show_text_glyphs (gstate=0x26446d0, glyphs=<optimized out>, num_glyphs=<optimized out>, info=0x0)
    at cairo-gstate.c:2077
#18 0x00007ffff7ecfae2 in cairo_show_glyphs (num_glyphs=<optimized out>, glyphs=<optimized out>, cr=0x510160) at cairo.c:3629
#19 cairo_show_glyphs (cr=0x510160, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3609
#20 0x000000000040f8f9 in ?? ()
#21 0x00007ffff7b437c6 in Gfx::doShowText(GooString const*) () from /usr/lib/libpoppler.so.110
#22 0x00007ffff7b44215 in Gfx::opShowSpaceText(Object*, int) () from /usr/lib/libpoppler.so.110
#23 0x00007ffff7b3a007 in Gfx::go(bool) () from /usr/lib/libpoppler.so.110
#24 0x00007ffff7b3a51f in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.110
#25 0x00007ffff7b99145 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.110
#26 0x0000000000409659 in ?? ()
#27 0x00007ffff745fa92 in __libc_start_main () from /usr/lib/libc.so.6
#28 0x000000000040b1ce in ?? ()
(gdb)
palto42 added a comment.May 13 2021, 4:42 PM

Interestingly the error varies a bit if I re-run the same debug procedure.
Not sure what could cause different crashes although the same PDF file is used (and the produced png deleted before the test).

matthias@cubitus ~/Downloads/MagPi $ gdb --args pdftocairo MagPi99.pdf -png test
GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-solus-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from pdftocairo...
(No debugging symbols found in pdftocairo)
(gdb) run
Starting program: /usr/bin/pdftocairo MagPi99.pdf -png test
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Syntax Warning: Invalid Font Weight
...
Syntax Warning: Invalid Font Weight
free(): invalid next size (normal)

Program received signal SIGABRT, Aborted.
0x00007ffff74784db in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff74784db in raise () from /usr/lib/libc.so.6
#1  0x00007ffff745d863 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff74c16a6 in ?? () from /usr/lib/libc.so.6
#3  0x00007ffff74c970a in ?? () from /usr/lib/libc.so.6
#4  0x00007ffff74cb21c in ?? () from /usr/lib/libc.so.6
#5  0x00007ffff73e10a9 in pixman_image_unref () from /usr/lib/libpixman-1.so.0
#6  0x00007ffff7e679d5 in _cairo_image_surface_finish (abstract_surface=0x23f9a20) at cairo-image-surface.c:862
#7  0x00007ffff7eb8cea in _cairo_surface_finish (surface=0x23f9a20) at cairo-surface.c:1030
#8  INT_cairo_surface_destroy (surface=0x23f9a20) at cairo-surface.c:970
#9  0x00007ffff7e9b280 in _cairo_scaled_glyph_fini (scaled_font=0x724b40, scaled_glyph=0x1e86f40) at cairo-scaled-font.c:212
#10 0x00007ffff7e9b3ad in _cairo_scaled_glyph_page_destroy (page=0x1e85b90, scaled_font=<optimized out>) at cairo-scaled-font.c:462
#11 _cairo_scaled_glyph_page_pluck (closure=0x1e85b90) at cairo-scaled-font.c:480
#12 0x00007ffff7e9f6c3 in _cairo_cache_remove (entry=0x1e85b90, cache=<optimized out>) at cairo-cache.c:296
#13 _cairo_cache_remove_random (cache=<optimized out>) at cairo-cache.c:223
#14 _cairo_cache_shrink_to_accommodate (additional=<optimized out>, cache=<optimized out>) at cairo-cache.c:243
#15 _cairo_cache_thaw (cache=<optimized out>) at cairo-cache.c:179
#16 _cairo_scaled_font_thaw_cache (scaled_font=0xf14d90) at cairo-scaled-font.c:806
#17 0x00007ffff7ec45d1 in _cairo_traps_compositor_glyphs (_compositor=0x7ffff7fa64e0 <compositor>, extents=0x7fffffffc4e0, scaled_font=0xf14d90,
    glyphs=<optimized out>, num_glyphs=<optimized out>, overlap=0) at cairo-traps-compositor.c:2335
#18 0x00007ffff7e543a1 in _cairo_compositor_glyphs (compositor=0x7ffff7fa64e0 <compositor>, surface=0x24117f0, op=<optimized out>, source=<optimized out>,
    glyphs=0x7fffffffcc20, num_glyphs=2, scaled_font=0xf14d90, clip=0x11a6e30) at cairo-compositor.c:250
#19 0x00007ffff7e67b85 in _cairo_image_surface_glyphs (abstract_surface=<optimized out>, op=<optimized out>, source=<optimized out>, glyphs=<optimized out>,
    num_glyphs=<optimized out>, scaled_font=<optimized out>, clip=0x11a6e30) at cairo-image-surface.c:1023
#20 0x00007ffff7ebdfde in _cairo_surface_show_text_glyphs (surface=0x24117f0, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc8d0, utf8=0x0,
    utf8_len=<optimized out>, glyphs=0x7fffffffcc20, num_glyphs=<optimized out>, clusters=0x0, num_clusters=<optimized out>, cluster_flags=0,
    scaled_font=0xf14d90, clip=0x11a6e30) at cairo-surface.c:2898
#21 0x00007ffff7e5bc30 in _cairo_gstate_show_text_glyphs (gstate=0x2689580, glyphs=<optimized out>, num_glyphs=<optimized out>, info=0x0)
    at cairo-gstate.c:2077
#22 0x00007ffff7ecfae2 in cairo_show_glyphs (num_glyphs=<optimized out>, glyphs=<optimized out>, cr=0x510160) at cairo.c:3629
#23 cairo_show_glyphs (cr=0x510160, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3609
#24 0x000000000040f8f9 in ?? ()
#25 0x00007ffff7b437c6 in Gfx::doShowText(GooString const*) () from /usr/lib/libpoppler.so.110
#26 0x00007ffff7b43989 in Gfx::opShowText(Object*, int) () from /usr/lib/libpoppler.so.110
#27 0x00007ffff7b3a007 in Gfx::go(bool) () from /usr/lib/libpoppler.so.110
#28 0x00007ffff7b3a51f in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.110
#29 0x00007ffff7b99145 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.110
#30 0x0000000000409659 in ?? ()
#31 0x00007ffff745fa92 in __libc_start_main () from /usr/lib/libc.so.6
#32 0x000000000040b1ce in ?? ()
(gdb)

Next run again different:

matthias@cubitus ~/Downloads/MagPi $ gdb --args pdftocairo MagPi99.pdf -png test
GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-solus-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from pdftocairo...
(No debugging symbols found in pdftocairo)
(gdb) run
Starting program: /usr/bin/pdftocairo MagPi99.pdf -png test
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Syntax Warning: Invalid Font Weight
...
Syntax Warning: Invalid Font Weight
double free or corruption (!prev)

Program received signal SIGABRT, Aborted.
0x00007ffff74784db in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff74784db in raise () from /usr/lib/libc.so.6
#1  0x00007ffff745d863 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff74c16a6 in ?? () from /usr/lib/libc.so.6
#3  0x00007ffff74c970a in ?? () from /usr/lib/libc.so.6
#4  0x00007ffff74cb38c in ?? () from /usr/lib/libc.so.6
#5  0x00007ffff73e10de in pixman_image_unref () from /usr/lib/libpixman-1.so.0
#6  0x00007ffff7e679d5 in _cairo_image_surface_finish (abstract_surface=0x14e5be0) at cairo-image-surface.c:862
#7  0x00007ffff7eb8cea in _cairo_surface_finish (surface=0x14e5be0) at cairo-surface.c:1030
#8  INT_cairo_surface_destroy (surface=0x14e5be0) at cairo-surface.c:970
#9  0x00007ffff7e9b280 in _cairo_scaled_glyph_fini (scaled_font=0x1cc2890, scaled_glyph=0x6a9850) at cairo-scaled-font.c:212
#10 0x00007ffff7e9b3ad in _cairo_scaled_glyph_page_destroy (page=0x6a90a0, scaled_font=<optimized out>) at cairo-scaled-font.c:462
#11 _cairo_scaled_glyph_page_pluck (closure=0x6a90a0) at cairo-scaled-font.c:480
#12 0x00007ffff7e9f6c3 in _cairo_cache_remove (entry=0x6a90a0, cache=<optimized out>) at cairo-cache.c:296
#13 _cairo_cache_remove_random (cache=<optimized out>) at cairo-cache.c:223
#14 _cairo_cache_shrink_to_accommodate (additional=<optimized out>, cache=<optimized out>) at cairo-cache.c:243
#15 _cairo_cache_thaw (cache=<optimized out>) at cairo-cache.c:179
#16 _cairo_scaled_font_thaw_cache (scaled_font=0x1ff9230) at cairo-scaled-font.c:806
#17 0x00007ffff7ec45d1 in _cairo_traps_compositor_glyphs (_compositor=0x7ffff7fa64e0 <compositor>, extents=0x7fffffffc480, scaled_font=0x1ff9230,
    glyphs=<optimized out>, num_glyphs=<optimized out>, overlap=0) at cairo-traps-compositor.c:2335
#18 0x00007ffff7e543a1 in _cairo_compositor_glyphs (compositor=0x7ffff7fa64e0 <compositor>, surface=0x204c600, op=<optimized out>, source=<optimized out>,
    glyphs=0x7fffffffcbc0, num_glyphs=6, scaled_font=0x1ff9230, clip=0x11a0cc0) at cairo-compositor.c:250
#19 0x00007ffff7e67b85 in _cairo_image_surface_glyphs (abstract_surface=<optimized out>, op=<optimized out>, source=<optimized out>, glyphs=<optimized out>,
    num_glyphs=<optimized out>, scaled_font=<optimized out>, clip=0x11a0cc0) at cairo-image-surface.c:1023
#20 0x00007ffff7ebdfde in _cairo_surface_show_text_glyphs (surface=0x204c600, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc870, utf8=0x0,
    utf8_len=<optimized out>, glyphs=0x7fffffffcbc0, num_glyphs=<optimized out>, clusters=0x0, num_clusters=<optimized out>, cluster_flags=0,
    scaled_font=0x1ff9230, clip=0x11a0cc0) at cairo-surface.c:2898
#21 0x00007ffff7e5bc30 in _cairo_gstate_show_text_glyphs (gstate=0x199d610, glyphs=<optimized out>, num_glyphs=<optimized out>, info=0x0)
    at cairo-gstate.c:2077
#22 0x00007ffff7ecfae2 in cairo_show_glyphs (num_glyphs=<optimized out>, glyphs=<optimized out>, cr=0x510160) at cairo.c:3629
#23 cairo_show_glyphs (cr=0x510160, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3609
#24 0x000000000040f8f9 in ?? ()
#25 0x00007ffff7b437c6 in Gfx::doShowText(GooString const*) () from /usr/lib/libpoppler.so.110
#26 0x00007ffff7b44215 in Gfx::opShowSpaceText(Object*, int) () from /usr/lib/libpoppler.so.110
#27 0x00007ffff7b3a007 in Gfx::go(bool) () from /usr/lib/libpoppler.so.110
#28 0x00007ffff7b3a51f in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.110
#29 0x00007ffff7b99145 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.110
#30 0x0000000000409659 in ?? ()
#31 0x00007ffff745fa92 in __libc_start_main () from /usr/lib/libc.so.6
#32 0x000000000040b1ce in ?? ()
(gdb)

An next one again different:

matthias@cubitus ~/Downloads/MagPi $ gdb --args pdftocairo MagPi99.pdf -png test
GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-solus-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from pdftocairo...
(No debugging symbols found in pdftocairo)
(gdb) run
Starting program: /usr/bin/pdftocairo MagPi99.pdf -png test
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Syntax Warning: Invalid Font Weight
...
Syntax Warning: Invalid Font Weight

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7eb8bb3 in _cairo_damage_destroy (damage=0x1e79320) at cairo-damage.c:83
83	cairo-damage.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  0x00007ffff7eb8bb3 in _cairo_damage_destroy (damage=0x1e79320) at cairo-damage.c:83
#1  INT_cairo_surface_destroy (surface=0x16b5110) at cairo-surface.c:974
#2  0x00007ffff7e9b280 in _cairo_scaled_glyph_fini (scaled_font=0x18270a0, scaled_glyph=0x1c348a0) at cairo-scaled-font.c:212
#3  0x00007ffff7e9b3ad in _cairo_scaled_glyph_page_destroy (page=0x1c34870, scaled_font=<optimized out>) at cairo-scaled-font.c:462
#4  _cairo_scaled_glyph_page_pluck (closure=0x1c34870) at cairo-scaled-font.c:480
#5  0x00007ffff7e9f6c3 in _cairo_cache_remove (entry=0x1c34870, cache=<optimized out>) at cairo-cache.c:296
#6  _cairo_cache_remove_random (cache=<optimized out>) at cairo-cache.c:223
#7  _cairo_cache_shrink_to_accommodate (additional=<optimized out>, cache=<optimized out>) at cairo-cache.c:243
#8  _cairo_cache_thaw (cache=<optimized out>) at cairo-cache.c:179
#9  _cairo_scaled_font_thaw_cache (scaled_font=0x1bbeb00) at cairo-scaled-font.c:806
#10 0x00007ffff7ec45d1 in _cairo_traps_compositor_glyphs (_compositor=0x7ffff7fa64e0 <compositor>, extents=0x7fffffffc480, scaled_font=0x1bbeb00,
    glyphs=<optimized out>, num_glyphs=<optimized out>, overlap=1) at cairo-traps-compositor.c:2335
#11 0x00007ffff7e543a1 in _cairo_compositor_glyphs (compositor=0x7ffff7fa64e0 <compositor>, surface=0x20c5040, op=<optimized out>, source=<optimized out>,
    glyphs=0x7fffffffcbc0, num_glyphs=25, scaled_font=0x1bbeb00, clip=0x1167030) at cairo-compositor.c:250
#12 0x00007ffff7e67b85 in _cairo_image_surface_glyphs (abstract_surface=<optimized out>, op=<optimized out>, source=<optimized out>, glyphs=<optimized out>,
    num_glyphs=<optimized out>, scaled_font=<optimized out>, clip=0x1167030) at cairo-image-surface.c:1023
#13 0x00007ffff7ebdfde in _cairo_surface_show_text_glyphs (surface=0x20c5040, op=CAIRO_OPERATOR_OVER, source=0x7fffffffc870, utf8=0x0,
    utf8_len=<optimized out>, glyphs=0x7fffffffcbc0, num_glyphs=<optimized out>, clusters=0x0, num_clusters=<optimized out>, cluster_flags=0,
    scaled_font=0x1bbeb00, clip=0x1167030) at cairo-surface.c:2898
#14 0x00007ffff7e5bc30 in _cairo_gstate_show_text_glyphs (gstate=0x4cabe0, glyphs=<optimized out>, num_glyphs=<optimized out>, info=0x0) at cairo-gstate.c:2077
#15 0x00007ffff7ecfae2 in cairo_show_glyphs (num_glyphs=<optimized out>, glyphs=<optimized out>, cr=0x510160) at cairo.c:3629
#16 cairo_show_glyphs (cr=0x510160, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3609
#17 0x000000000040f8f9 in ?? ()
#18 0x00007ffff7b437c6 in Gfx::doShowText(GooString const*) () from /usr/lib/libpoppler.so.110
#19 0x00007ffff7b44215 in Gfx::opShowSpaceText(Object*, int) () from /usr/lib/libpoppler.so.110
#20 0x00007ffff7b3a007 in Gfx::go(bool) () from /usr/lib/libpoppler.so.110
#21 0x00007ffff7b3a51f in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.110
#22 0x00007ffff7b99145 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.110
#23 0x0000000000409659 in ?? ()
#24 0x00007ffff745fa92 in __libc_start_main () from /usr/lib/libc.so.6
#25 0x000000000040b1ce in ?? ()
(gdb)

This might have been already the case before the update, I may have overlooked this point.

serebit added a subscriber: serebit.May 20 2021, 6:32 PM

Crashing for me as well, though I don't have any debugging to show from before the May 12 poppler upgrade. Here's what lldb says:

serebit@serebit-sagan ~ $ lldb evince Downloads/TEXTBOOK.pdf 
(lldb) target create "evince"
Current executable set to 'evince' (x86_64).
(lldb) settings set -- target.run-args  "Downloads/TEXTBOOK.pdf"
(lldb) run
Process 29835 launched: '/usr/bin/evince' (x86_64)
Process 29835 stopped
* thread #8, name = 'EvJobScheduler', stop reason = signal SIGSEGV: invalid address (fault address: 0x225)
    frame #0: 0x00007ffff7385bb3 libcairo.so.2`cairo_surface_destroy + 115
libcairo.so.2`cairo_surface_destroy:
->  0x7ffff7385bb3 <+115>: movq   (%rbx), %rbx
    0x7ffff7385bb6 <+118>: callq  0x7ffff7309958            ; ___lldb_unnamed_symbol2$$libcairo.so.2 + 8
    0x7ffff7385bbb <+123>: testq  %rbx, %rbx
    0x7ffff7385bbe <+126>: jne    0x7ffff7385bb0            ; <+112>
N1X3L added a subscriber: N1X3L.May 26 2021, 11:13 PM
alexanderzhirov added a subscriber: alexanderzhirov.May 28 2021, 10:30 PM
JoshStrobl merged a task: T9750: Evince PDF reader crash.May 29 2021, 2:23 PM
JoshStrobl added a subscriber: Unknown Object (User).
szb added a subscriber: szb.May 29 2021, 2:29 PM
dino8890 added a subscriber: dino8890.May 29 2021, 2:51 PM

Hello, it seems I ran into the same issue when trying to scroll large documents.

Stack traces are here:

evince-stacktrace-sym2.txt26 KBDownload

evince-stacktrace-sym.txt11 KBDownload

JoshStrobl closed this task as Resolved by committing R479:a0eda887af6b: Disable LTO. Evince developers complain about it..Jun 3 2021, 8:29 AM
JoshStrobl claimed this task.
JoshStrobl added a commit: R479:a0eda887af6b: Disable LTO. Evince developers complain about it..
palto42 added a comment.EditedJun 5 2021, 12:58 PM

@JoshStrobl For me the fix on libcairo doesn't fix the issue with Evince, it still crashes if e.g. I zoom a lot or scroll through the document pages.
Errors differ between crashes, e.g. double free or corruption (out) or corrupted size vs. prev_size (same as before libcairo patch).

I also still get the same crashes with CLI tool pdftocairo as reported above.

N1X3L added a comment.Jun 10 2021, 6:49 PM

According to a developer at Gnome/evince: "The fix is included in Poppler latest release 21.06.1."

JoshStrobl reopened this task as Open.Jun 11 2021, 8:58 AM
JoshStrobl raised the priority of this task from Needs More Info to Normal.
JoshStrobl moved this task from Backlog to Package Fixes on the Software board.

@palto42 @N1X3L Thanks. Unfortunately, there is an ABI and SO num change in poppler that will necessitate rebuilds. Due to the timing of the update (at least locally), I won't be able to do all the necessary local rebuilds, push, and get it all validated via unstable before today's sync, so it'll need to go in on the next one. I have re-opened this task however and will re-mark it as resolved when the poppler update gets pushed.

JoshStrobl added a comment.Jun 30 2021, 4:36 AM

Update on this, working on local rebuilds atm. Assuming no explosions, will get pushed to unstable today.

N1X3L added a comment.Jun 30 2021, 5:40 AM

Thank you so much, @JoshStrobl! Evince has been a chore to use, and this is greatly appreciated.

JoshStrobl closed this task as Resolved by committing R2465:57580d961cf0: Update to 21.06.1.Jun 30 2021, 7:29 AM
JoshStrobl added a commit: R2465:57580d961cf0: Update to 21.06.1.
palto42 reopened this task as Open.Jul 1 2021, 6:12 PM

Thanks @JoshStrobl for all your effort!
Unfortunately, it doesn't seem to fix the issues with Evince and pdf2cairo which I reported above. My laptop is fully updated on Solus Unstable and I also rebooted after updates to be sure.
After the latest updates I can still easily get Evince crashing like before and also with lib2cairo I get crashes as before:

...

double free or corruption (out)

Program received signal SIGABRT, Aborted.
0x00007ffff7489a9b in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff7489a9b in raise () from /usr/lib/libc.so.6
#1  0x00007ffff746f892 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff74d19e6 in ?? () from /usr/lib/libc.so.6
#3  0x00007ffff74da29a in ?? () from /usr/lib/libc.so.6
#4  0x00007ffff74dc160 in ?? () from /usr/lib/libc.so.6
#5  0x00007ffff74df9c8 in free () from /usr/lib/libc.so.6
#6  0x00007ffff7ba8f29 in Object::free() () from /usr/lib/libpoppler.so.111
#7  0x00007ffff7ba9009 in Object::free() () from /usr/lib/libpoppler.so.111
#8  0x00007ffff7be22d7 in ?? () from /usr/lib/libpoppler.so.111
#9  0x00007ffff7be7e31 in ?? () from /usr/lib/libpoppler.so.111
#10 0x00007ffff7be6ac1 in XRef::fetch(int, int, int, long long*) () from /usr/lib/libpoppler.so.111
#11 0x00007ffff7be761b in XRef::fetch(Ref, int) () from /usr/lib/libpoppler.so.111
#12 0x00007ffff7ba8ecc in Object::fetch(XRef*, int) const () from /usr/lib/libpoppler.so.111
#13 0x00007ffff7b158ae in Array::get(int, int) const () from /usr/lib/libpoppler.so.111
#14 0x00007ffff7b5cd2a in GfxFont::getFontType(XRef*, Dict*, Ref*) () from /usr/lib/libpoppler.so.111
#15 0x00007ffff7b63883 in GfxFont::makeFont(XRef*, char const*, Ref, Dict*) () from /usr/lib/libpoppler.so.111
#16 0x00007ffff7b63b92 in ?? () from /usr/lib/libpoppler.so.111
#17 0x00007ffff7b43413 in GfxResources::GfxResources(XRef*, Dict*, GfxResources*) () from /usr/lib/libpoppler.so.111
#18 0x00007ffff7b4fd71 in Gfx::Gfx(PDFDoc*, OutputDev*, int, Dict*, double, double, PDFRectangle const*, PDFRectangle const*, int, bool (*)(void*), void*, XRef*) () from /usr/lib/libpoppler.so.111
#19 0x00007ffff7baebd1 in Page::createGfx(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, XRef*) ()
   from /usr/lib/libpoppler.so.111
#20 0x00007ffff7baf79e in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.111
#21 0x0000000000409659 in ?? ()
#22 0x00007ffff74715a5 in __libc_start_main () from /usr/lib/libc.so.6
#23 0x000000000040b1ce in ?? ()
(gdb)

No issues with Evince if I use the snap package of it.

JoshStrobl added a comment.Jul 1 2021, 7:23 PM

This testing was done on unstable, right?

palto42 added a comment.Jul 1 2021, 8:03 PM

Yes. tested on unstable.

joebonrichie added a subscriber: joebonrichie.Jul 1 2021, 8:42 PM

Is there a specific type of pdf you are using that is causing the crash such as with forms, images, large size? I generated a couple of large pdf's around 10MB with images but couldn't replicate.

N1X3L added a comment.Jul 2 2021, 5:02 AM

For clarification, I'm on Shannon, and not tested on Unstable. However, something I've noticed on my computers is that Evince only crashes when I open PDFs through my (Flatpak installed) reference manager, Zotero. When I open PDFs on Dropbox, or my HDD, it never crashes. However, when I open them through Zotero, a bit of zooming or fast scrolling, and Evince crashes every time. I almost always access my PDFs via the reference manager, so I've not previously noticed that Evince doesn't crash when opened through Nautilus.

palto42 added a comment.Jul 2 2021, 6:12 PM

I tested with a few different PDF documents, but for the tests above I used the RaspberryPi magazine which you can download for free: https://magpi.raspberrypi.org/issues/99
What still puzzles me is the randomness of the failures. Each crash seems a bit different and not exactly reproducible. Especially the conversion test with pdftocairo creates each run a slightly different crash at a different page. For Evince it's anyway harder to try an exact reproduction of the crash, but I have the impression that it's also a bit random when/where it happens.

joebonrichie added a comment.Jul 2 2021, 6:17 PM

@palto42, Great! I can replicate the issue with that pdf with pdftocairo and we can start throwing shit at the wall now (so to speak) to get a deeper understanding in order to fix the issue.

joebonrichie added a comment.Jul 2 2021, 6:59 PM

This looks very similar to https://bugs.archlinux.org/task/68839 however, we already have xlib-xcb disabled in cairo? Regardless, i think we should be looking at cairo for the fix.

More concise backstrace with all dbginfo packages installed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
49      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff7473892 in __GI_abort () at abort.c:79
#2  0x00007ffff74daf36 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7600b80 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff74e39ca in malloc_printerr (str=str@entry=0x7ffff7603070 "double free or corruption (out)") at malloc.c:5626
#4  0x00007ffff74e5990 in _int_free (av=0x7ffff7632a00 <main_arena>, p=0x1e7d7d0, have_lock=<optimized out>) at malloc.c:4545
#5  0x00007ffff74e92c8 in __GI___libc_free (mem=<optimized out>) at malloc.c:3309
#6  0x00007ffff79b44fc in cmsFreeToneCurve () from /usr/lib/liblcms2.so.2
#7  0x00007ffff79c4060 in ?? () from /usr/lib/liblcms2.so.2
#8  0x00007ffff79c525f in cmsStageFree () from /usr/lib/liblcms2.so.2
#9  0x00007ffff79c60ac in cmsPipelineFree () from /usr/lib/liblcms2.so.2
#10 0x00007ffff79d2585 in cmsDeleteTransform () from /usr/lib/liblcms2.so.2
#11 0x00007ffff7b749ba in GfxState::~GfxState() () from /usr/lib/libpoppler.so.111
#12 0x00007ffff7b4df94 in Gfx::~Gfx() () from /usr/lib/libpoppler.so.111
#13 0x00007ffff7bae829 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.111
#14 0x0000000000409659 in ?? ()
#15 0x00007ffff7477ba5 in __libc_start_main (main=0x408720, argc=4, argv=0x7fffffffe578, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe568) at ../csu/libc-start.c:332
#16 0x000000000040b1ce in ?? ()
N1X3L added a comment.Jul 5 2021, 6:53 PM

My journalctl output from a crash, in case it's diagnostic.

audit[10802]: ANOM_ABEND auid=4294967295 uid=1000 gid=1000 ses=4294967295 subj=unconfined pid=10802 comm="EvJobScheduler" exe="/usr/bin/evince" sig=11 res=1
kernel: EvJobScheduler[10812]: segfault at 0 ip 00007f81c36bd93a sp 00007f81c3ffe6f0 error 4 in libpoppler.so.111.0.0[7f81c358d000+184000]
kernel: Code: c0 0f 1f 80 00 00 00 00 41 8b 14 81 f2 0f 10 04 c6 41 8d 0c 02 41 89 14 80 48 63 55 50 f2 0f 11 04 c7 48 83 c0 01 39 c2 7f de <f2> 0f 10 04 d6 48 63 c1 80 7d 70 00 f2 41 0f 11 04 c6 74 0b 41 c7
nathanpainchaud added a subscriber: nathanpainchaud.Jul 12 2021, 8:01 PM
brent added a subscriber: brent.Jul 12 2021, 10:38 PM
  1. Subbing myself to this.
  2. Also offering any help for testing/command outputs.
JoshStrobl merged a task: T9820: Document Viewer keeps crashing.Jul 22 2021, 2:56 PM
JoshStrobl added a subscriber: Altair1234.
alexanderzhirov added a comment.Aug 13 2021, 12:42 PM

Document opening problem persists. I do not want to change the program for viewing documents. Do I need to provide any additional data?

tomocafe added a subscriber: tomocafe.EditedAug 29 2021, 5:08 AM

I just hit this as well. Definitely seems like a memory issue. I ran it through Valgrind and I'm seeing invalid writes before the crash.

https://gitlab.gnome.org/GNOME/evince/-/issues/1655

It points to libpixman, specifically functions that start with pixman_glyph_.

They are consistently writing 1 word out of their bounds. ?

According to their repo, we are up to date. https://cgit.freedesktop.org/pixman/

joebonrichie closed this task as Resolved by committing R2445:e9947455ea07: Disable PGO to hopefully actually finally resolve T9719.Aug 29 2021, 10:34 AM
joebonrichie added a commit: R2445:e9947455ea07: Disable PGO to hopefully actually finally resolve T9719.
joebonrichie added a comment.Aug 29 2021, 10:39 AM

Can people confirm? sudo eopkg it https://packages.getsol.us/unstable/p/pixman/pixman-0.40.0-13-1-x86_64.eopkg

tomocafe added a comment.EditedAug 29 2021, 4:13 PM

@joebonrichie that fixed the problem for me! Thanks!

I looked at your diff, it seems to mostly be just a version bump. Can you share any details on this PGO stuff? I assume it was a change made in some part of the build system, thus this package was "fixed" by rebuilding. Is that the case?

I'm wondering if the same could be true for other random glitches I get.

edit: Ah, now I see it. It's the "profile" target in the package.yml that was removed.

brent added a comment.Aug 29 2021, 5:29 PM

I need a couple hours but I want to see if the fix holds for me as well. Will test soon and report back

palto42 added a comment.Aug 29 2021, 6:23 PM

@joebonrichie I can also confirm that this fixed the issue for me, thanks a lot for your effort to get this issue resolved!

The above test with gdb --args pdftocairo MagPi99.pdf -png test passed without errors :)

brent added a comment.Aug 29 2021, 6:54 PM

No more problems in Evince---I've tried to wreck it in a multitude of ways! Thank for fixing Evince, it's nice to have it back. Thank you team.

N1X3L added a comment.Sep 7 2021, 4:26 PM

I waited for the push to Stable, but since then I have thrown everything I have at Evince. I'm delighted to report it's been rock-solid for me as well. Thank you so much @joebonrichie and the rest of the team!

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.