evince crashes SIGSEGV in CairoOutputDev::drawImageMaskPrescaled ()

Under Valgrind it doesn't crash, but does display only the first page (the others appear blank), and sometimes hangs.

This one was closed normally.

This one hung, requiring Force Quit.

Thank you for your bug. The example doesn't crash on hardy, could you try using the new version? You can read https://wiki.ubuntu.com/DebuggingProgramCrash about how to get a backtrace, the easier way is to use apport to send the bug though

Still crashes in amd64 Hardy alpha2 on my system, if anything faster; the picture at the bottom of page 1 seems to be the trigger.

The window turns grey and unresponsive, then after a while disappears, usually without an error message but on one occasion with "Sorry, the program "evince" closed unexpectedly Your computer does not have enough free memory to automatically analyze the problem and send a report to the developers." System Monitor indicates GB-level memory usage during the unresponsive period, which suggests this may be related to bug 138343.

The text is also sometimes blurred as if excessively antialiased (in Hardy only), but the crash happens with or without this.

Backtrace attached; my Hardy is a liveCD so no valgrind.

This bug is still present with current hardy:
mst@lifecompi:~$ uname -a
Linux lifecompi 2.6.24-19-generic #1 SMP Wed Jun 4 16:35:01 UTC 2008 i686 GNU/Linux
mst@lifecompi:~$ apt-show-versions evince
evince/hardy uptodate 2.22.2-0ubuntu1
mst@lifecompi:~$ apt-show-versions libcairo2
libcairo2/hardy uptodate 1.6.0-0ubuntu2
mst@lifecompi:~$ apt-show-versions libpoppler2
libpoppler2/hardy uptodate 0.6.4-1ubuntu1

Crashed using the 0801.4602 file in the description in Hardy (with -proposed repo enabled).
Apport can not analyze the .crash file on my computer (not enough free memory).
Attached here is the file, only 36 KB in size.

Please do not attach .crash files to the reports, use apport instead if it doesn't work for you fill a bug or a question, thanks. Anyways the trace that Marcel submitted is good enough, will look upstream, thanks you all.

I've sent this upstream at https://bugs.freedesktop.org/show_bug.cgi?id=16402 ; thanks all.

Both this bug (with http://uk.arxiv.org/pdf/0801.4602 , I haven't tried the others) and the supposedly fixed bug 138343 are still present in amd64 Intrepid.

I have not looked at the upstream report as Firefox gives me an "invalid security certificate" error when I try to do so.

Still present in amd64 Jaunty: http://uk.arxiv.org/pdf/0801.4602 bottom of page 1 crashes Evince, http://uk.arxiv.org/pdf/0801.4754 top of page 9 takes some time then gives up and shows a blank page, both after using >1GB of memory. (The latter I originally thought to be bug 138343, but as it is a simple vector graphic while all other reported examples of 138343 are large bitmaps, I now suspect it may be more closely related to this bug.)

Since there now is a poppler-dbg, I am now able to provide a backtrace with symbols (of the 0801.4602 crash), which is attached.

the bug is fixed in karmic now