[gs-bugs] [Bug 690829] New: buffer overflow in errprintf

bugs.ghostscript.com-bugzilla-daemon at ghostscript.com bugs.ghostscript.com-bugzilla-daemon at ghostscript.com
Sun Oct 18 14:18:55 PDT 2009 

http://bugs.ghostscript.com/show_bug.cgi?id=690829

           Summary: buffer overflow in errprintf
           Product: Ghostscript
           Version: 8.70
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P4
         Component: PS Interpreter
        AssignedTo: support at artifex.com
        ReportedBy: dsrbecky at gmail.com
         QAContact: gs-bugs at ghostscript.com


The bug is present in 8.70 (8.64 works fine).

The postscript file was generated in Windows by "MS Publisher Imagesetter". (I
was trying to print a test page via IPP)

The bug is only present if the "MS Publisher Imagesetter" postscript setting is
"Optimize for speed".  "Optimize for compatibility" works fine.

I am running Fedora 11 (2.6.30.8-64.fc11.i586).

My printer is HP LaserJet M1120n MFP (using the hplip driver).

I hope this helps.

Stacktrace from /var/log/cups/error_log:

D [18/Oct/2009:22:44:37 +0200] [Job 41] cups_put_params(0x96e116c, 0xbfcba828)
D [18/Oct/2009:22:44:37 +0200] [Job 41] *** buffer overflow detected ***:
/usr/bin/gs terminated
D [18/Oct/2009:22:44:37 +0200] [Job 41] ======= Backtrace: =========
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/lib/libc.so.6(__fortify_fail+0x40)[0xcd1ec0]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /lib/libc.so.6[0xcd0010]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /lib/libc.so.6[0xccf748]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/lib/libc.so.6(_IO_default_xsputn+0xbe)[0xc464ce]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/lib/libc.so.6(_IO_vfprintf+0x38da)[0xc1b56a]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/lib/libc.so.6(__vsprintf_chk+0xa7)[0xccf7f7]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(errprintf+0x54)[0x6549e4]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(cups_put_params+0xb94)[0x6283e4]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gs_putdeviceparams+0x4c)[0x641dfc]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/lib/libgs.so.8[0x426680]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/lib/libgs.so.8[0x3f6e10]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gs_interpret+0x180)[0x3f7e40]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/lib/libgs.so.8[0x3eb4d4]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gs_main_run_string_end+0x38)[0x3eb518]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gs_main_run_string_with_length+0x92)[0x3eb952]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gs_main_run_string+0x4a)[0x3eb9aa]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/lib/libgs.so.8[0x3ec780]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/lib/libgs.so.8[0x3ed5b0]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gs_main_init_with_args+0x526)[0x3eee66]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/usr/lib/libgs.so.8(gsapi_init_with_args+0x3e)[0x3efe6e]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/bin/gs(main+0xbc)[0x80487ec]
D [18/Oct/2009:22:44:37 +0200] [Job 41]
/lib/libc.so.6(__libc_start_main+0xe6[0xbeda66]
D [18/Oct/2009:22:44:37 +0200] [Job 41] /usr/bin/gs[0x8048691]



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the gs-bugs mailing list