[gs-bugs] [Bug 692550] PostScript to tiffg4 bus error core dump

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Mon Oct 10 13:26:20 UTC 2011


http://bugs.ghostscript.com/show_bug.cgi?id=692550

--- Comment #7 from Chris Liddell <chris.liddell at artifex.com> 2011-10-10 13:26:19 UTC ---
Created an attachment (id=7977)
 --> (http://bugs.ghostscript.com/attachment.cgi?id=7977)
Possible patch for gxht_thresh.c for review

I've taken this about as far as I can, it really needs Michael's eye cast over
it now.

The crash happens in gdevm1.c at line 672. Inside that macro is a loop (yuck!),
and the bus error occurs because we're dereferencing a uint * at an unaligned
address on the second iteration of the loop. This stems from the stride of the
source bitmap being 45, so that, although the base address of the bitmap is
aligned to 4 bytes, subsequent scanlines (probably) are not. SPARC being one of
the few platforms that strictly enforces pointer alignment.

The source of the problem is actually in gxht_thresh.c, the function
gxht_thresh_image_init(), where the penum->line_size and penum->ht_stride are
not calculated to account for pointer alignment.

Also, it looks to me as if there is an invalid assumption made, that
mem_mono_copy_mono() writes samples in 16 bit (ushort) "chunks" - that is only
true on little-endian platforms. On big-endian platforms, we write 32 bit
(uint) "chunks" (see line 499 in gdevm1.c).

The attached patch uses the "bitmap_raster()" macro to calculate the stride (to
be consistent with other raster memory allocations), and also changes what I
*think* may be required to deal with the extra unaligned bits at the beginning
of the area being marked (the value of penum->ht_offset_bits is set using
"bitmap_raster()" to get appropriate alignment for the value). This will
overestimate the value, but I *think* it's a small price for consistent code.

The patch fixes the problem on SPARC, and a cluster run shows, *I think*, no
new indeterminisms. One caveat is that I don't know if there are other places
in the code which make assumptions about the values being setup as they are
without this patch.

Just ping me if you need me to run tests on a SPARC machine.

-- 
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the gs-bugs mailing list