Ubuntu
poppler package

Evince crashes with "bogus memory allocation size" error

Bug #51538 reported by Alex Chekholko
4
Affects Status Importance Assigned to Milestone
Poppler
Fix Released
Medium
poppler (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Viewing certaing pages in a PDF makes evince crash with that error. The PDF is the "Agile Web Developement with Rails: Second Edition" Beta Book from
http://pragmaticprogrammer.com/

I was reading the book, and when I got to p.296 Evince crashed without an error message. Double-clicking on the file again makes it open to the same page and crash. If I launch evince from the command line and then open the file, it prints the message "Bogus memory allocation size" to (I assume) stderr.

I found another bug report about this issue: https://bugs.freedesktop.org/show_bug.cgi?id=6881

See original description
Revision history for this message
In , Albert Astals Cid (aacid) wrote :

"It only crashes when evince is maximised."

That would seem to me that is an evince bug and not a poppler one, but without
the document there's nothing to be done.

Revision history for this message
In , Alex Chekholko (alex-chekholko) wrote :

I have just encountered the same bug and also filed it here:
https://launchpad.net/distros/ubuntu/+source/evince/+bug/51538

Revision history for this message
Alex Chekholko (alex-chekholko) wrote :

Viewing certaing pages in a PDF makes evince crash with that error. The PDF is the "Agile Web Developement with Rails: Second Edition" Beta Book from
http://pragmaticprogrammer.com/

I was reading the book, and when I got to p.296 Evince crashed without an error message. Double-clicking on the file again makes it open to the same page and crash. If I launch evince from the command line and then open the file, it prints the message "Bogus memory allocation size" to (I assume) stderr.

I found another bug report about this issue: https://bugs.freedesktop.org/show_bug.cgi?id=6881

Revision history for this message
Jim Menard (jimm-io) wrote :

I see the same problem with the same file (not sure about the page number). Here is a workaround: delete the line in ~/.gnome2/evince/ev-metadata.xml that refers to the file that is crashing. The next time you open the file, evince won't crash because it won't try to jump to the same page with the same settings.

Revision history for this message
Daniel Holbach (dholbach) wrote :

Thanks for your bug report. Could you please try to get a backtrace by running
   gdb evince
   (gdb) run
   .... open the page that makes it crash
   ....
   (gdb) thread apply all bt

and copy the output to a comment.

Changed in evince:
assignee: nobody → desktop-bugs
importance: Untriaged → Medium
status: Unconfirmed → Needs Info
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
status: Unknown → Confirmed
Revision history for this message
Alex Chekholko (alex-chekholko) wrote :

   gdb evince
   (gdb) run
   .... open the page that makes it crash
   ....
   (gdb) thread apply all bt

I tried this, there is no output, just a gdb prompt again.

Revision history for this message
Sebastien Bacher (seb128) wrote :

It's not crashing but just exiting. Maybe you could install valgrind and run "valgrind evince example.pdf" and get a log about the issue? Do you have some public example to point or attach to the bug page?

Revision history for this message
Sebastien Bacher (seb128) wrote :

No reply, closing the bug. Feel free to reopen with the asked details if you still get the issue

Changed in evince:
status: Needs Info → Rejected
Revision history for this message
Scott (sworley) wrote :

A publicly accessible .pdf that triggers this error: http://nlp.stanford.edu/IR-book/pdf/irbookonlinereading.pdf . Note: this document will probably be updated in place, and redistribution is not permitted, so this is potentially a time-limited example.

The problem area is on page 59.

Viewing this page in 'fit page width' mode with a small window yields a lot of "Error: Bad bounding box in Type 3 glyph" messages. Slowly increasing the window size causes evince to exit with the message "Out of memory". Maximizing the window or scrolling to page 59 in a large or maximized window causes evince to exit with the message "Bogus memory allocation size"

See attached gdb backtrace from a breakpoint on exit(). T3FontCache() in libpoppler calls gmallocn(8,284192164).

(Note: Trace is not from an ubuntu install. Versions: evince-2.22.0, poppler-0.6.1 )

Revision history for this message
Alex Chekholko (alex-chekholko) wrote : Re: [Bug 51538] Re: Evince crashes with "bogus memory allocation size" error

I tried to reproduce this, but was unable to.

I tried page 59 of the PDF, and page 59 of the manuscript (page 94 of the PDF).

Stock Ubuntu 7.10 , evince 2.20.1

document:
$ md5sum /tmp/irbookonlinereading.pdf
5612fc4ea997806d6dd8ad2929d4fd2d /tmp/irbookonlinereading.pdf

On Fri, Apr 4, 2008 at 7:07 PM, Scott <email address hidden> wrote:
> A publicly accessible .pdf that triggers this error:
> http://nlp.stanford.edu/IR-book/pdf/irbookonlinereading.pdf . Note:
> this document will probably be updated in place, and redistribution is
> not permitted, so this is potentially a time-limited example.
>
> The problem area is on page 59.
>
> Viewing this page in 'fit page width' mode with a small window yields a
> lot of "Error: Bad bounding box in Type 3 glyph" messages. Slowly
> increasing the window size causes evince to exit with the message "Out
> of memory". Maximizing the window or scrolling to page 59 in a large or
> maximized window causes evince to exit with the message "Bogus memory
> allocation size"
>
> See attached gdb backtrace from a breakpoint on exit(). T3FontCache()
> in libpoppler calls gmallocn(8,284192164).
>
> (Note: Trace is not from an ubuntu install. Versions: evince-2.22.0,
> poppler-0.6.1 )
>
> ** Attachment added: "gdb backtrace of the "Bogus memory allocation size" error"
> http://launchpadlibrarian.net/13123201/poppler-bogus-memory-allocation-size-backtrace
>
>
> --
> Evince crashes with "bogus memory allocation size" error
> https://bugs.launchpad.net/bugs/51538
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Revision history for this message
Scott (sworley) wrote :

Ah ha: The problem goes away when I build poppler-bindings with cairo support.

Instead, I get a number of unrelated (different places in the document) and apparently harmless "cairo context error: NULL pointer" messages.

Revision history for this message
In , Albert Astals Cid (aacid) wrote :

Any chance you can try with a newer poppler?

Revision history for this message
In , Adam Buchbinder (adam-buchbinder) wrote :

It's definitely a Poppler issue. I can reproduce this with poppler 0.11.1 thusly:

$ pdfimages --version
pdfimages version 0.11.1
[snip]
$ pdfimages 1972.pdf tmp
Error (147774): 3 extraneous bytes after segment
Bogus memory allocation size

The PDF in question is 1972.pdf; it's linked to from the following URL:

http://doddcenter.uconn.edu/collections/nutmeg/index.htm

I'm not attaching it here because it's 18MB, and also because I'm not sure how redistributable it is. The file I have was last modified Thu, 11 Jun 2009 20:08:45 GMT, and has md5sum 9ee38b8f90dbe343163f9927d37c35bd.

Revision history for this message
Adam Buchbinder (adam-buchbinder) wrote :

This is still present on Jaunty, with poppler-utils 0.10.5-1ubuntu2.2. I've sent a testcase upstream; as this can be reproduced with pdfimages (part of poppler-utils), I'm reassigning this to poppler.

affects: evince (Ubuntu) → poppler (Ubuntu)
Changed in poppler (Ubuntu):
status: Invalid → Confirmed
Sebastien Bacher (seb128)
Changed in poppler (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
In , Albert Astals Cid (aacid) wrote :

Why was this posted here? What relation does this has with the first post?

Revision history for this message
In , Albert Astals Cid (aacid) wrote :

The first report in this bug never seemed a poppler bug and the second one works here on poppler 0.12 so i'm closing the bug.

If any of you still have problems after updating to poppler >= 0.12 please open a new bug and explain it again.

Bug Watch Updater (bug-watch-updater)
Changed in poppler:
status: Confirmed → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

the issue should be fixed in karmic closing the bug, you can open a new bug if you still have issues there though

Changed in poppler (Ubuntu):
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Unknown → Medium
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Medium → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in poppler:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.