[gs-bugs] [Bug 691005] New: ps2pdf segfaults when converting the attached ps file on linux x86_64

bugs.ghostscript.com-bugzilla-daemon at ghostscript.com bugs.ghostscript.com-bugzilla-daemon at ghostscript.com
Wed Dec 16 04:51:19 UTC 2009 

http://bugs.ghostscript.com/show_bug.cgi?id=691005

           Summary: ps2pdf segfaults when converting the attached ps file on
                    linux x86_64
           Product: Ghostscript
           Version: HEAD
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P4
         Component: PDF Writer
        AssignedTo: ken.sharp at artifex.com
        ReportedBy: keinbiervorvier at gmail.com
         QAContact: gs-bugs at ghostscript.com


running ps2pdf from current svn HEAD on the attached ps file results in a
segfault on various linux x86_64 (redhat, centos, fedora) but not on i386

gdb backtrace

Core was generated by `gs -dSAFER -dCompatibilityLevel=1.3 -q -dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sOu'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000004c7dbd in names_trace_finish ()
(gdb) bt
#0  0x00000000004c7dbd in names_trace_finish ()
#1  0x00000000004c601d in gs_gc_reclaim ()
#2  0x000000000053e994 in context_reclaim ()
#3  0x00000000004967e6 in ireclaim ()
#4  0x00000000004923a1 in interp_reclaim ()
#5  0x0000000000493eb6 in gs_interpret ()
#6  0x00000000004892fe in gs_main_run_string_end ()
#7  0x000000000048a2c0 in run_string ()
#8  0x000000000048aa24 in runarg ()
#9  0x000000000048abd8 in argproc ()
#10 0x000000000048c2cb in gs_main_init_with_args ()
#11 0x000000000041c721 in main ()



I tried to build a debug build (-g -O0), but it doesn't segfault. only the
regular build (-O2) segfaults. 

Also, when run with valgrind, I don't get a segfault. Instead a valid pdf file
is generated. However valgrind reports 

==29897== Invalid read of size 4
==29897==    at 0x4B58BD: names_trace_finish (iname.c:424)
==29897==    by 0x4B3BBD: gs_gc_reclaim (igc.c:370)
==29897==    by 0x52A071: context_reclaim (zcontext.c:283)
==29897==    by 0x485443: ireclaim (ireclaim.c:153)
==29897==    by 0x48111E: interp_reclaim (interp.c:427)
==29897==    by 0x482B8F: gs_interpret (interp.c:1690)
==29897==    by 0x4785BD: gs_main_run_string_end (imain.c:526)
==29897==    by 0x47950F: run_string (imainarg.c:815)
==29897==    by 0x479C05: runarg (imainarg.c:805)
==29897==    by 0x479DB1: argproc (imainarg.c:738)
==29897==    by 0x47B33A: gs_main_init_with_args (imainarg.c:215)
==29897==    by 0x40D090: main (gs.c:77)
==29897==  Address 0x4F4CEE0 is 72 bytes inside a block of size 8,280 free'd
==29897==    at 0x4A0560B: free (vg_replace_malloc.c:233)
==29897==    by 0x709BAC: alloc_free_chunk (gsalloc.c:1831)
==29897==    by 0x70B2DD: i_free_object (gsalloc.c:820)
==29897==    by 0x4B5660: name_free_sub (iname.c:540)
==29897==    by 0x4B5771: name_scan_sub (iname.c:582)
==29897==    by 0x4B589C: names_trace_finish (iname.c:416)
==29897==    by 0x4B3BBD: gs_gc_reclaim (igc.c:370)
==29897==    by 0x52A071: context_reclaim (zcontext.c:283)
==29897==    by 0x485443: ireclaim (ireclaim.c:153)
==29897==    by 0x48111E: interp_reclaim (interp.c:427)
==29897==    by 0x482B8F: gs_interpret (interp.c:1690)
==29897==    by 0x4785BD: gs_main_run_string_end (imain.c:526)

this was generated with

valgrind -v  --track-origins=yes --leak-check=full gs -dSAFER
-dCompatibilityLevel=1.3 $OPTIONS -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite
"-sOutputFile=C.pdf" -c .setpdfwrite -f Cappellari_Voronoi_Binning_Review.ps


again, this only happens on linux x86_64 but not on i386


Cheers
T.



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the gs-bugs mailing list