Bug#1025691: atril: Segfault when opening a copy of a PDF document with annotations

To: 1025691@bugs.debian.org
Cc: Andreas Schmidt <pi-c@arcor.de>
Subject: Bug#1025691: atril: Segfault when opening a copy of a PDF document with annotations
From: Bernhard Übelacker <bernhardu@mailbox.org>
Date: Mon, 26 Dec 2022 16:31:10 +0100
Message-id: <[🔎] 1df476c1-4f22-70e2-9313-0008cf15d690@mailbox.org>
Reply-to: Bernhard Übelacker <bernhardu@mailbox.org>, 1025691@bugs.debian.org
In-reply-to: <[🔎] 167041824742.307471.18070476627819973443.reportbug@debian.mcg.local>
References: <[🔎] 167041824742.307471.18070476627819973443.reportbug@debian.mcg.local> <[🔎] 167041824742.307471.18070476627819973443.reportbug@debian.mcg.local> <[🔎] 167041824742.307471.18070476627819973443.reportbug@debian.mcg.local>

Dear Maintainer,
I could reproduce this issue by these steps:


- installed a minimal test VM with `apt install systemd-coredump mc xdm xserver-xorg jwm xterm atril latexmk texlive-latex-extra gdb libatrilview3-dbgsym libgtk-3-0-dbgsym libglib2.0-0-dbgsym atril-dbgsym`
- created the PDF by `latexmk -pdf test.latex`
- open atril
- open PDF
- switch the sidebar from "Thumbnail" to "Annotations"
- create a annotation
- save the PDF
- closed atril
- opened atril
- opened the saved PDF
- then "Open a Copy" crashed it


This crashed here:

https://sources.debian.org/src/atril/1.26.0-2/libview/ev-view.c/#L2694

2691 	child = ev_view_get_window_child (view, window);
2692 	gdk_window_get_origin (gtk_widget_get_window (GTK_WIDGET (view)),
2693 			       &root_x, &root_y);
2694 	if (root_x != child->parent_x || root_y != child->parent_y) {
2695 		gint dest_x, dest_y;

(gdb) bt full 4
#0  ev_view_window_child_move_with_parent (view=0x5637f6058560, window=0x5637f61ac330) at ./libview/ev-view.c:2694
        child = 0x0
        root_x = 613
        root_y = 107
#1  0x00007f5e6bdfbd9b in show_annotation_windows (page=0, view=0x5637f6058560) at ./libview/ev-view.c:2920
...
(rr) print view->window_children
$2 = 0x0


The variable child still contains a null here, looks like because
view->window_children is also a null.

Unfortunately found no matching upstream entry in [1].

Kind regards,
Bernhard



[1] https://github.com/mate-desktop/atril/issues

(gdb) bt
#0  ev_view_window_child_move_with_parent (view=0x5637f6058560, window=0x5637f61ac330) at ./libview/ev-view.c:2694
#1  0x00007f5e6bdfbd9b in show_annotation_windows (page=0, view=0x5637f6058560) at ./libview/ev-view.c:2920
#2  ev_view_draw (widget=0x5637f6058560, cr=0x5637f6066c00) at ./libview/ev-view.c:4078
#3  0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x5637f6058560, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#4  0x00007f5e6b32119a in gtk_container_propagate_draw (container=<optimized out>, child=0x5637f6058560, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3854
#5  0x00007f5e6b3212fd in gtk_container_draw (widget=<optimized out>, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3674
#6  0x00007f5e6b497c5a in gtk_scrolled_window_render (gadget=<optimized out>, cr=0x5637f6066c00, x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, data=0x0) at ../../../gtk/gtkscrolledwindow.c:2119
#7  0x00007f5e6b326c8f in gtk_css_custom_gadget_draw (gadget=0x5637f6309600, cr=0x5637f6066c00, x=1, y=1, width=598, height=519) at ../../../gtk/gtkcsscustomgadget.c:159
#8  0x00007f5e6b32c627 in gtk_css_gadget_draw (gadget=0x5637f6309600, cr=cr@entry=0x5637f6066c00) at ../../../gtk/gtkcssgadget.c:885
#9  0x00007f5e6b49a60c in gtk_scrolled_window_draw (widget=0x5637f62bb460, cr=0x5637f6066c00) at ../../../gtk/gtkscrolledwindow.c:3050
#10 0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x5637f62bb460, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#11 0x00007f5e6b32119a in gtk_container_propagate_draw (container=<optimized out>, child=0x5637f62bb460, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3854
#12 0x00007f5e6b3212fd in gtk_container_draw (widget=<optimized out>, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3674
#13 0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x5637f63072a0, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#14 0x00007f5e6b32119a in gtk_container_propagate_draw (container=<optimized out>, child=0x5637f63072a0, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3854
#15 0x00007f5e6b3212fd in gtk_container_draw (widget=<optimized out>, cr=cr@entry=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3674
#16 0x00007f5e6b2cae96 in gtk_box_draw_contents (gadget=0x5637f6309400, cr=0x5637f6066c00, x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, unused=0x0) at ../../../gtk/gtkbox.c:453
#17 0x00007f5e6b326c8f in gtk_css_custom_gadget_draw (gadget=0x5637f6309400, cr=0x5637f6066c00, x=0, y=0, width=600, height=521) at ../../../gtk/gtkcsscustomgadget.c:159
#18 0x00007f5e6b32c627 in gtk_css_gadget_draw (gadget=0x5637f6309400, cr=cr@entry=0x5637f6066c00) at ../../../gtk/gtkcssgadget.c:885
#19 0x00007f5e6b2cdb5c in gtk_box_draw (widget=0x5637f629fe30, cr=0x5637f6066c00) at ../../../gtk/gtkbox.c:462
#20 0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x5637f629fe30, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#21 0x00007f5e6b32119a in gtk_container_propagate_draw (container=<optimized out>, child=0x5637f629fe30, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3854
#22 0x00007f5e6b442ae1 in gtk_paned_render (gadget=<optimized out>, cr=0x5637f6066c00, x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, data=0x0) at ../../../gtk/gtkpaned.c:1832
#23 0x00007f5e6b326c8f in gtk_css_custom_gadget_draw (gadget=0x5637f62a4190, cr=0x5637f6066c00, x=0, y=0, width=600, height=521) at ../../../gtk/gtkcsscustomgadget.c:159
#24 0x00007f5e6b32c627 in gtk_css_gadget_draw (gadget=0x5637f62a4190, cr=cr@entry=0x5637f6066c00) at ../../../gtk/gtkcssgadget.c:885
#25 0x00007f5e6b44494c in gtk_paned_draw (widget=0x5637f62b2270, cr=0x5637f6066c00) at ../../../gtk/gtkpaned.c:1782
#26 0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x5637f62b2270, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#27 0x00007f5e6b32119a in gtk_container_propagate_draw (container=<optimized out>, child=0x5637f62b2270, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3854
#28 0x00007f5e6b3212fd in gtk_container_draw (widget=<optimized out>, cr=cr@entry=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3674
#29 0x00007f5e6b2cae96 in gtk_box_draw_contents (gadget=0x5637f60dfca0, cr=0x5637f6066c00, x=<optimized out>, y=<optimized out>, width=<optimized out>, height=<optimized out>, unused=0x0) at ../../../gtk/gtkbox.c:453
#30 0x00007f5e6b326c8f in gtk_css_custom_gadget_draw (gadget=0x5637f60dfca0, cr=0x5637f6066c00, x=0, y=0, width=600, height=600) at ../../../gtk/gtkcsscustomgadget.c:159
#31 0x00007f5e6b32c627 in gtk_css_gadget_draw (gadget=0x5637f60dfca0, cr=cr@entry=0x5637f6066c00) at ../../../gtk/gtkcssgadget.c:885
#32 0x00007f5e6b2cdb5c in gtk_box_draw (widget=0x7f5e240149b0, cr=0x5637f6066c00) at ../../../gtk/gtkbox.c:462
#33 0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x7f5e240149b0, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#34 0x00007f5e6b32119a in gtk_container_propagate_draw (container=<optimized out>, child=0x7f5e240149b0, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3854
#35 0x00007f5e6b3212fd in gtk_container_draw (widget=<optimized out>, cr=0x5637f6066c00) at ../../../gtk/gtkcontainer.c:3674
#36 0x00007f5e6b56efdc in gtk_widget_draw_internal (widget=widget@entry=0x5637f6196d10, cr=cr@entry=0x5637f6066c00, clip_to_size=clip_to_size@entry=1) at ../../../gtk/gtkwidget.c:7084
#37 0x00007f5e6b57de40 in gtk_widget_render (widget=0x5637f6196d10, window=0x5637f6329520, region=<optimized out>) at ../../../gtk/gtkwidget.c:17610
#38 0x00007f5e6b408a78 in gtk_main_do_event (event=0x7ffcfe2801d0) at ../../../gtk/gtkmain.c:1844
#39 gtk_main_do_event (event=<optimized out>) at ../../../gtk/gtkmain.c:1691
#40 0x00007f5e6bb44b75 in _gdk_event_emit (event=event@entry=0x7ffcfe2801d0) at ../../../gdk/gdkevents.c:73
#41 0x00007f5e6bb534c9 in _gdk_window_process_updates_recurse_helper (window=0x5637f6329520, expose_region=<optimized out>) at ../../../gdk/gdkwindow.c:3874
#42 0x00007f5e6bb54fe2 in gdk_window_process_updates_internal (window=0x5637f6329520) at ../../../gdk/gdkwindow.c:4020
#43 0x00007f5e6bb551d8 in gdk_window_process_updates_with_mode (window=<optimized out>, recurse_mode=<optimized out>) at ../../../gdk/gdkwindow.c:4215
#44 0x00007f5e6afd95a9 in _g_closure_invoke_va (closure=closure@entry=0x5637f6371d00, return_value=return_value@entry=0x0, instance=instance@entry=0x5637f5c2ee70, args=args@entry=0x7ffcfe2804d0, n_params=0, param_types=0x0) at ../../../gobject/gclosure.c:895
#45 0x00007f5e6aff2bbf in g_signal_emit_valist (instance=0x5637f5c2ee70, signal_id=36, detail=<optimized out>, var_args=var_args@entry=0x7ffcfe2804d0) at ../../../gobject/gsignal.c:3456
#46 0x00007f5e6aff2dbf in g_signal_emit (instance=instance@entry=0x5637f5c2ee70, signal_id=<optimized out>, detail=detail@entry=0) at ../../../gobject/gsignal.c:3606
#47 0x00007f5e6bb4cd7f in _gdk_frame_clock_emit_paint (frame_clock=frame_clock@entry=0x5637f5c2ee70) at ../../../gdk/gdkframeclock.c:657
#48 0x00007f5e6bb4d64e in gdk_frame_clock_paint_idle (data=<optimized out>) at ../../../gdk/gdkframeclockidle.c:597
#49 0x00007f5e6bb39b47 in gdk_threads_dispatch (data=0x5637f5d840a0) at ../../../gdk/gdk.c:769
#50 0x00007f5e6aee119a in g_timeout_dispatch (source=0x5637f635fd80, callback=<optimized out>, user_data=<optimized out>) at ../../../glib/gmain.c:5007
#51 0x00007f5e6aee067f in g_main_dispatch (context=0x5637f5c2c980) at ../../../glib/gmain.c:3444
#52 g_main_context_dispatch (context=context@entry=0x5637f5c2c980) at ../../../glib/gmain.c:4162
#53 0x00007f5e6aee0a38 in g_main_context_iterate (context=context@entry=0x5637f5c2c980, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4238
#54 0x00007f5e6aee0acc in g_main_context_iteration (context=context@entry=0x5637f5c2c980, may_block=may_block@entry=1) at ../../../glib/gmain.c:4303
#55 0x00007f5e6b0ff53d in g_application_run (application=0x5637f5c89240, argc=argc@entry=0, argv=argv@entry=0x0) at ../../../gio/gapplication.c:2571
#56 0x00005637f45327c5 in main (argc=<optimized out>, argv=<optimized out>) at ./shell/main.c:284
(gdb) display/i $pc
1: x/i $pc
=> 0x7f5e6bdd9b5c <ev_view_window_child_move_with_parent-94484>:        mov    0x14,%eax
(gdb) disassemble 0x00007f5e6bdd9b51,0x7f5e6bdd9b5c+16
Dump of assembler code from 0x7f5e6bdd9b51 to 0x7f5e6bdd9b6c:
   0x00007f5e6bdd9b51 <ev_view_window_child_move_with_parent-94495>:    mov    %rsp,%rsi
   0x00007f5e6bdd9b54 <ev_view_window_child_move_with_parent-94492>:    mov    %rax,%rdi
   0x00007f5e6bdd9b57 <ev_view_window_child_move_with_parent-94489>:    call   0x7f5e6bdd99a0 <gdk_window_get_origin@plt>
=> 0x00007f5e6bdd9b5c <ev_view_window_child_move_with_parent-94484>:    mov    0x14,%eax
   0x00007f5e6bdd9b63 <ev_view_window_child_move_with_parent-94477>:    ud2
   0x00007f5e6bdd9b65 <annotation_window_moved.cold+0>: mov    0xc,%eax
End of assembler dump.

Reply to:

References:
- Bug#1025691: atril: Segfault when opening a copy of a PDF document with annotations
  - From: Andreas Schmidt <pi-c@arcor.de>

Prev by Date: Bug#1025691: atril: Segfault when opening a copy of a PDF document with annotations
Next by Date: Bug#971783: Backtrace with glib and gtk symbols from dbg packages
Previous by thread: Bug#1025691: atril: Segfault when opening a copy of a PDF document with annotations
Next by thread: Bug#971783: Backtrace with glib and gtk symbols from dbg packages
Index(es):
- Date
- Thread