[gs-bugs] [Bug 690315] gs V8.64 crashes during operation on the blackfin processor

bugs.ghostscript.com-bugzilla-daemon at ghostscript.com bugs.ghostscript.com-bugzilla-daemon at ghostscript.com
Wed Mar 4 10:14:05 PST 2009 

http://bugs.ghostscript.com/show_bug.cgi?id=690315





------- Additional Comments From dbailey at digium.com  2009-03-04 10:14 -------
The first time that the proc pointer is invoked in gc_objects_clear_marks, the
unit segfaults.  The gc_objects_clear_marks is called 3 times previous to being
called and attempting to execute the proc function pointer.

The proc pointer is pointing to a location being resolved as st_bytes.

(gdb) disas *proc
Dump of assembler code for function st_bytes:
0x02ccf8dc <st_bytes+0>:	ILLEGAL
0x02ccf8de <st_bytes+2>:	NOP;
0x02ccf8e0 <st_bytes+4>:	L1=B0;
0x02ccf8e2 <st_bytes+6>:	PREFETCH[P5++];
0x02ccf8e4 <st_bytes+8>:	NOP;
0x02ccf8e6 <st_bytes+10>:	NOP;
0x02ccf8e8 <st_bytes+12>:	NOP;
0x02ccf8ea <st_bytes+14>:	NOP;
0x02ccf8ec <st_bytes+16>:	 ||  || ILLEGAL
0x02ccf8ee <st_bytes+18>:	ILLEGAL
0x02ccf8f0 <st_bytes+20>:	 || NOP || NOP;
0x02ccf8f4 <st_bytes+24>:	NOP;
0x02ccf8f6 <st_bytes+26>:	NOP;
0x02ccf8f8 <st_bytes+28>:	NOP;
0x02ccf8fa <st_bytes+30>:	NOP;

(gdb) x/100xb proc
0x2ccf8dc <st_bytes>:	0x01	0x00	0x00	0x00	0xe8	0x36	0x65	0x02
0x2ccf8e4 <st_bytes+8>:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x2ccf8ec <st_bytes+16>:	0xb4	0xca	0xd1	0x02	0xd8	0xca	0xd1	0x02
0x2ccf8f4 <st_bytes+24>:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x2ccf8fc <st_free>:	0x01	0x00	0x00	0x00	0x38	0x23	0x64	0x02
0x2ccf904 <st_free+8>:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x2ccf90c <st_free+16>:	0xb4	0xca	0xd1	0x02	0xd8	0xca	0xd1	0x02
0x2ccf914 <st_free+24>:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x2ccf91c <st_const_string>:	0x08	0x00	0x00	0x00	0xf0	0x36	0x65	0x02
0x2ccf924 <st_const_string+8>:	0x00	0x00	0x00	0x00	0x00	0x00	0x00	0x00
0x2ccf92c <st_const_string+16>:	0xa4	0xca	0xd1	0x02	0xac	0xca	0xd1	0x02
0x2ccf934 <st_const_string+24>:	0x00	0x00	0x00	0x00	0x84	0x4f	0xc8	0x02
0x2ccf93c <st_gs_notify_list>:	0x08	0x00	0x00	0x00

(gdb) p mem
$3 = (const gs_memory_t *) 0x2837b8c
(gdb) p pre+1
$4 = (obj_header_t *) 0x2837e94
(gdb) p size
$5 = 124
(gdb) p pre->o_type
There is no member named o_type.
(gdb) p pre->d.o.t.type
$6 = (gs_memory_type_ptr_t) 0x2837b50
(gdb) p proc
$7 = (void (*)(const gs_memory_t *, void *, uint, const gs_memory_struct_type_t
*)) 0x2ccf8dc <st_bytes>




------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the gs-bugs mailing list