Re: [Bug 322966] Re: evince coredump with multiple pdf files

[email protected] Fri, 30 Jan 2009 07:15:15 -0800

*** This bug is a duplicate of bug 277294 ***
    https://bugs.launchpad.net/bugs/277294


On Fri, Jan 30, 2009 at 7:04 PM, Sebastien Bacher <[email protected]> wrote:
> *** This bug is a duplicate of bug 277294 ***
>    https://bugs.launchpad.net/bugs/277294
>
> the issue is a duplicate of bug #277294
>
> ** Changed in: evince (Ubuntu)
>   Importance: Undecided => Medium
>
> ** This bug has been marked a duplicate of bug 277294
>   evince crashed with SIGFPE, trying to seek in KXTGA930.PDF
>
> --

thank you sebastian, the following are the extra information i can
provide:

my "dmesg" do have:

[77998.157256] evince[28947]: segfault at 100000018 ip
00007f91ed98d2d8 sp 00000000415af9d0 error 4 in
libfreetype.so.6.3.16[7f91ed97c000+7a000]
[78095.086211] evince[7840]: segfault at 65ae4000f ip 00007ffb831402d8
sp 000000004087da30 error 4 in
libfreetype.so.6.3.16[7ffb8312f000+7a000]

and

#19 0x00007ffb87d19224 in ?? () from /usr/lib/libglib-2.0.so.0
#20 0x00007ffb866713f7 in start_thread () from /lib/libpthread.so.0
#21 0x00007ffb863e0b2d in clone () from /lib/libc.so.6
#22 0x0000000000000000 in ?? ()
(gdb)
#0  0x00007ffb831402d8 in FT_Done_Face () from /usr/lib/libfreetype.so.6
#1  0x00007ffb883d0ba6 in ?? () from /usr/lib/libcairo.so.2
#2  0x00007ffb883d3e9d in cairo_font_face_destroy () from /usr/lib/libcairo.so.2
#3  0x00007ffb88411e54 in ?? () from /usr/lib/libcairo.so.2
#4  0x00007ffb883d3d07 in ?? () from /usr/lib/libcairo.so.2
#5  0x00007ffb883dfbd9 in ?? () from /usr/lib/libcairo.so.2
#6  0x00007ffb883dfcf0 in cairo_scaled_font_destroy () from
/usr/lib/libcairo.so.2
#7  0x00007ffb883d6457 in ?? () from /usr/lib/libcairo.so.2
#8  0x00007ffb883d64eb in ?? () from /usr/lib/libcairo.so.2
#9  0x00007ffb883cfab9 in cairo_restore () from /usr/lib/libcairo.so.2
#10 0x00007ffb88f48d39 in CairoOutputDev::restoreState () from
/usr/lib/libpoppler-glib.so.2
#11 0x00007ffb83449515 in Gfx::go () from /usr/lib/libpoppler.so.2
#12 0x00007ffb83449cff in Gfx::display () from /usr/lib/libpoppler.so.2
#13 0x00007ffb8348f034 in Page::displaySlice () from /usr/lib/libpoppler.so.2
#14 0x00007ffb88f46141 in poppler_page_render_to_pixbuf () from
/usr/lib/libpoppler-glib.so.2
#15 0x00007ffb801e3fc6 in ?? () from /usr/lib/evince/backends/libpdfdocument.so
#16 0x000000000041f4e2 in ?? ()
#17 0x000000000041da31 in ?? ()
#18 0x000000000041e09f in ?? ()
#19 0x00007ffb87d19224 in ?? () from /usr/lib/libglib-2.0.so.0
#20 0x00007ffb866713f7 in start_thread () from /lib/libpthread.so.0
#21 0x00007ffb863e0b2d in clone () from /lib/libc.so.6
#22 0x0000000000000000 in ?? ()
(gdb) info registers
rax            0x7ffb88f48180   140718311244160
rbx            0xc0bb20 12630816
rcx            0x35     53
rdx            0xc0bb20 12630816
rsi            0x1548000        22315008
rdi            0x1548000        22315008
rbp            0x65ae3ffff      0x65ae3ffff
rsp            0x4087da30       0x4087da30
r8             0x7ffb7c21fbe0   140718096120800
r9             0x7ffb86665100   140718268371200
r10            0x0      0
r11            0x7ffb831402a0   140718212645536
r12            0x1548000        22315008
r13            0x65ae4002f      27294695471
r14            0x0      0
r15            0x4087db80       1082645376
rip            0x7ffb831402d8   0x7ffb831402d8 <FT_Done_Face+56>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x63     99
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x1fa1   [ IE PE IM DM ZM OM UM PM ]
(gdb) x /20i $rip
0x7ffb831402d8 <FT_Done_Face+56>:       mov    0x10(%rbp),%r14
0x7ffb831402dc <FT_Done_Face+60>:       mov    %r13,%rdi
0x7ffb831402df <FT_Done_Face+63>:       callq  0x7ffb8313b8a0 <ft_list_f...@plt>
0x7ffb831402e4 <FT_Done_Face+68>:       test   %rax,%rax
0x7ffb831402e7 <FT_Done_Face+71>:       mov    %rax,%rbx
0x7ffb831402ea <FT_Done_Face+74>:       je     0x7ffb83140330 <FT_Done_Face+144>
0x7ffb831402ec <FT_Done_Face+76>:       mov    %rax,%rsi
0x7ffb831402ef <FT_Done_Face+79>:       mov    %r13,%rdi
0x7ffb831402f2 <FT_Done_Face+82>:       callq  0x7ffb8313b1a0
<ft_list_rem...@plt>
0x7ffb831402f7 <FT_Done_Face+87>:       mov    %rbx,%rsi
0x7ffb831402fa <FT_Done_Face+90>:       mov    %r14,%rdi
0x7ffb831402fd <FT_Done_Face+93>:       callq  0x7ffb8313ade0 <ft_mem_f...@plt>
0x7ffb83140302 <FT_Done_Face+98>:       mov    %rbp,%rdx
0x7ffb83140305 <FT_Done_Face+101>:      mov    %r12,%rsi
0x7ffb83140308 <FT_Done_Face+104>:      mov    %r14,%rdi
0x7ffb8314030b <FT_Done_Face+107>:      callq  0x7ffb831401b0
0x7ffb83140310 <FT_Done_Face+112>:      xor    %eax,%eax
0x7ffb83140312 <FT_Done_Face+114>:      mov    (%rsp),%rbx
0x7ffb83140316 <FT_Done_Face+118>:      mov    0x8(%rsp),%rbp
0x7ffb8314031b <FT_Done_Face+123>:      mov    0x10(%rsp),%r12

(gdb) x /20x $rbp
0x65ae3ffff:    Cannot access memory at address 0x65ae3ffff
(gdb) x /20x $rbp+1
0x65ae40000:    Cannot access memory at address 0x65ae40000
(gdb) x /20x $rbp+2
0x65ae40001:    Cannot access memory at address 0x65ae40001
(gdb) x /20x $rbp+10
0x65ae40009:    Cannot access memory at address 0x65ae40009
(gdb) x /20x $rbp+16
0x65ae4000f:    Cannot access memory at address 0x65ae4000f
(gdb) x /20x $rbp+17
0x65ae40010:    Cannot access memory at address 0x65ae40010

And doing a objdump of the library:

objdump  -rd  /usr/lib/libfreetype.so.6

00000000000112a0 <FT_Done_Face>:
  112a0:       4c 89 64 24 e8          mov    %r12,-0x18(%rsp)
  112a5:       48 89 5c 24 d8          mov    %rbx,-0x28(%rsp)
  112aa:       49 89 fc                mov    %rdi,%r12
  112ad:       48 89 6c 24 e0          mov    %rbp,-0x20(%rsp)
  112b2:       4c 89 6c 24 f0          mov    %r13,-0x10(%rsp)
  112b7:       4c 89 74 24 f8          mov    %r14,-0x8(%rsp)
  112bc:       48 83 ec 28             sub    $0x28,%rsp
  112c0:       48 85 ff                test   %rdi,%rdi
  112c3:       74 6b                   je     11330 <FT_Done_Face+0x90>
  112c5:       48 8b af b0 00 00 00    mov    0xb0(%rdi),%rbp
  112cc:       48 85 ed                test   %rbp,%rbp
  112cf:       74 5f                   je     11330 <FT_Done_Face+0x90>
  112d1:       4c 8d 6d 30             lea    0x30(%rbp),%r13
  112d5:       48 89 fe                mov    %rdi,%rsi
  112d8:       4c 8b 75 10             mov
0x10(%rbp),%r14=========>crashed here.
  112dc:       4c 89 ef                mov    %r13,%rdi
  112df:       e8 bc b5 ff ff          callq  c8a0 <ft_list_f...@plt>
  112e4:       48 85 c0                test   %rax,%rax
  112e7:       48 89 c3                mov    %rax,%rbx
  112ea:       74 44                   je     11330 <FT_Done_Face+0x90>
  112ec:       48 89 c6                mov    %rax,%rsi
  112ef:       4c 89 ef                mov    %r13,%rdi
  112f2:       e8 a9 ae ff ff          callq  c1a0 <ft_list_rem...@plt>
  112f7:       48 89 de                mov    %rbx,%rsi
  112fa:       4c 89 f7                mov    %r14,%rdi
  112fd:       e8 de aa ff ff          callq  bde0 <ft_mem_f...@plt>


So it may be rather easy to map the FT_Done_Face() function back to
line that crashed above.  Or may be I am wrong?

thanks.

-- 
Regards,
Peter Teoh

-- 
evince coredump with multiple pdf files
https://bugs.launchpad.net/bugs/322966
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evince in ubuntu.

-- 
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

Re: [Bug 322966] Re: evince coredump with multiple pdf files

Reply via email to