[gs-bugs] [Bug 692618] Seg fault with attached files.

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Mon Oct 24 07:46:06 UTC 2011


http://bugs.ghostscript.com/show_bug.cgi?id=692618

--- Comment #11 from Ken Sharp <ken.sharp at artifex.com> 2011-10-24 07:46:05 UTC ---
(In reply to comment #7)
> OK, fix for the crashes and memory problems I observed with these files and
> the toffsep device are fixed in commit 7ebbcae comment:
> 
> Fix bug 692618. Clear pointers to compressed color structured in pdf14 device.
> 
> After the devn compressed color structures were freed, the pointers were not
> reset to NULL so subsequent GC would trace into freed or re-used memory. -Z?
> showed errors and, depending on memory contents and usage could result in a
> seg fault. 

I'm afraid to say that I'm still seeing errors. The file RBR1103767.pdf still
crashes for me with -dMaxBitmap=500000000 or =100000000. With 100000000 the GPF
is in reloc_ptr and the call stack points back to gdevp14.c line 478:

        for (i = 0; i < pdev->devn_params.separations.num_separations; ++i) {
            RELOC_PTR(pdf14_device, devn_params.separations.names[i].data);

When i=10.

With -dMaxBitmap=500000000 the crash is in ialloc_validate_object called
(eventually) from gs_vmreclaim.

However the other example files listed here no longer seg fault for me with the
commit above. They do still produce a rangecheck on showpage (as expected I
think).

-- 
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the gs-bugs mailing list