[gs-bugs] [Bug 692634] New: ghostscript 9.04 crashes on certain postscript files

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Fri Oct 28 20:06:11 UTC 2011


http://bugs.ghostscript.com/show_bug.cgi?id=692634

           Summary: ghostscript 9.04 crashes on certain postscript files
           Product: Ghostscript
           Version: 9.04
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: P4
         Component: Font API
        AssignedTo: chris.liddell at artifex.com
        ReportedBy: orion at cora.nwra.com
         QAContact: gs-bugs at ghostscript.com


Created an attachment (id=8048)
 --> (http://bugs.ghostscript.com/attachment.cgi?id=8048)
Postscript file that triggers crash - landscape produced by IDL

This is on Fedora 15, 32 & 64 bit.  ghostscript 9.04 crashes on certain
postscript files like the attached.  gs 9.02 works fine.

Version-Release number of selected component (if applicable):
9.04-3

How reproducible:
everytime

Steps to Reproduce:
1. gs idl.ps

gdb run:

Can't find (or can't open) font file
/usr/share/ghostscript/9.04/Resource/Font/NimbusSanL-Regu.
Can't find (or can't open) font file NimbusSanL-Regu.
Can't find (or can't open) font file
/usr/share/ghostscript/9.04/Resource/Font/NimbusSanL-Regu.
Can't find (or can't open) font file NimbusSanL-Regu.
Querying operating system for font files...
Loading NimbusSanL-Regu font from
/usr/share/fonts/default/Type1/n019003l.pfb... 2599620 1284189 3455088 1629536
3 done.

Program received signal SIGSEGV, Segmentation fault.
FT_Outline_Decompose (outline=0x14, func_interface=0x6e3ff4, user=0xbfffc8ac)
    at freetype/src/base/ftoutln.c:82
82          for ( n = 0; n < outline->n_contours; n++ )
Missing separate debuginfos, use: debuginfo-install
avahi-libs-0.6.30-3.fc15.i686 glibc-2.14-5.i686 gnutls-2.10.5-1.fc15.i686
keyutils-libs-1.2-7.fc15.i686 libgcrypt-1.4.6-1.fc15.i686
libgpg-error-1.9-2.fc15.i686 libtasn1-2.7-2.fc15.i686
libuuid-2.19.1-1.4.fc15.i686 libxcb-1.7-2.fc15.i686
nss-softokn-freebl-3.12.10-4.fc15.i686
(gdb) bt
#0  FT_Outline_Decompose (outline=0x14, func_interface=0x6e3ff4,
user=0xbfffc8ac)
    at freetype/src/base/ftoutln.c:82
#1  0x0030648a in get_char_outline (a_server=0x8051900, a_path=0xbfffc8f0) at
psi/fapi_ft.c:1373
#2  0x003041d9 in outline_char (i_ctx_p=0x80758a8, I=0x8051900,
penum_s=0x820eed4, 
    path=0x8075ea0, close_path=1, import_shift_v=-24) at psi/zfapi.c:1636
#3  0x0030447b in fapi_finish_render_aux (i_ctx_p=0x80758a8, pbfont=0x8103908,
I=0x8051900)
    at psi/zfapi.c:1891
#4  0x00304f66 in fapi_finish_render (i_ctx_p=0x80758a8) at psi/zfapi.c:1983
#5  0x0030320b in FAPI_do_char (i_ctx_p=0x80758a8, pbfont=0x8103908,
dev=0x80a877c, 
    font_file_path=0x0, bBuildGlyph=0, charstring=0x0) at psi/zfapi.c:2766
#6  0x00303e0b in FAPI_char (i_ctx_p=0x80758a8, bBuildGlyph=0, charstring=0x0)
    at psi/zfapi.c:2790
#7  0x00222674 in interp (pi_ctx_p=0x804a22c, pref=<optimized out>,
perror_object=0xbfffdb64)
    at psi/interp.c:1276
#8  0x0022380f in gs_call_interp (perror_object=0xbfffdb64,
pexit_code=0xbfffdb6c, 
    user_errors=1, pref=0xbfffdab8, pi_ctx_p=0x804a22c) at psi/interp.c:490
#9  gs_interpret (pi_ctx_p=0x804a22c, pref=0xbfffdab8, user_errors=1,
pexit_code=0xbfffdb6c, 
    perror_object=0xbfffdb64) at psi/interp.c:448
#10 0x0021775e in gs_main_interpret (perror_object=0xbfffdb64,
pexit_code=0xbfffdb6c, 
    user_errors=1, pref=0xbfffdab8, minst=0x804a1d8) at psi/imain.c:239
#11 gs_main_run_string_end (minst=0x804a1d8, user_errors=1,
pexit_code=0xbfffdb6c, 
    perror_object=0xbfffdb64) at psi/imain.c:591
#12 0x00217818 in gs_main_run_string_with_length (minst=0x804a1d8, 
    str=0x8253828 "<69646c2e7073>.runfile", length=22, user_errors=1,
pexit_code=0xbfffdb6c, 
    perror_object=0xbfffdb64) at psi/imain.c:549
#13 0x0021786f in gs_main_run_string (minst=0x804a1d8, str=0x8253828
"<69646c2e7073>.runfile", 
    user_errors=1, pexit_code=0xbfffdb6c, perror_object=0xbfffdb64) at
psi/imain.c:531
#14 0x00218dc4 in run_string (minst=0x804a1d8, str=<optimized out>, options=3)
    at psi/imainarg.c:822
#15 0x00218f36 in runarg (minst=0x804a1d8, pre=<optimized out>, arg=0x8051a90
"idl.ps", 
    post=0x59ef1e ".runfile", options=3) at psi/imainarg.c:813
#16 0x00219186 in argproc (arg=0xbfffe8e9 "idl.ps", minst=0x804a1d8) at
psi/imainarg.c:746
#17 argproc (minst=0x804a1d8, arg=0xbfffe8e9 "idl.ps") at psi/imainarg.c:731
#18 0x0021a7e4 in gs_main_init_with_args (minst=0x804a1d8, argc=2,
argv=0xbfffe634)
    at psi/imainarg.c:221
#19 0x0021b89a in gsapi_init_with_args (lib=0x804a118, argc=2, argv=0xbfffe634)
    at psi/iapi.c:172
#20 0x08048715 in main (argc=2, argv=0xbfffe634) at psi/dxmainc.c:84
(gdb) print outline
$1 = (FT_Outline *) 0x14
(gdb) print *outline
Cannot access memory at address 0x14
(gdb) up
#1  0x0030648a in get_char_outline (a_server=0x8051900, a_path=0xbfffc8f0) at
psi/fapi_ft.c:1373
1373        ft_error = FT_Outline_Decompose(&s->outline_glyph->outline,
&TheFtOutlineFuncs, &p);
(gdb) print s->outline_glyph
$2 = (FT_OutlineGlyph) 0x0
(gdb) print s
$3 = (FF_server *) 0x8051900
(gdb) print *s
$4 = {fapi_server = {ig = {d = 0x6e3fe8}, frac_shift = 16, face = {font_id =
799, ctm = {
        xx = 0, xy = 1.60126217e-06, yx = 1.60126217e-06, yy = 0, tx = 434, ty
= 223}, 
      log2_scale = {x = 0, y = 0}, align_to_pixels = 0, HWResolution =
{96.0756531, 
        96.0756531}}, ff = {server_font_data = 0x0, need_decrypt = 0, memory =
0x0, 
      font_file_path = 0x0, subfont = 0, is_type1 = 0, is_cid = 0,
is_outline_font = 0, 
      is_mtx_skipped = 0, is_vertical = 0, client_ctx_p = 0x0, client_font_data
= 0x0, 
      client_font_data2 = 0x0, char_data = 0x809dd02, char_data_len = 3, 
      get_word = 0x2fd6c0 <FAPI_FF_get_word>, get_long = 0x305780
<FAPI_FF_get_long>, 
      get_float = 0x2fcff0 <FAPI_FF_get_float>, get_name = 0x2fe1b0
<FAPI_FF_get_name>, 
      get_proc = 0x2fd4f0 <FAPI_FF_get_proc>, get_gsubr = 0x2fdfe0
<FAPI_FF_get_gsubr>, 
      get_subr = 0x2fdf00 <FAPI_FF_get_subr>, get_raw_subr = 0x2fe0c0
<FAPI_FF_get_raw_subr>, 
      get_glyph = 0x2ff250 <FAPI_FF_get_glyph>, 
      serialize_tt_font = 0x305700 <FAPI_FF_serialize_tt_font>, 
      get_charstring = 0x2fe3c0 <FAPI_FF_get_charstring>, 
      get_charstring_name = 0x2fe2e0 <FAPI_FF_get_charstring_name>}, max_bitmap
= 0, 
    skip_glyph = 1, use_outline = 1, initial_FontMatrix = {xx = 0.00100000005,
xy = 0, yx = 0, 
      yy = 0.00100000005, tx = 0, ty = 0}, ensure_open = 0x307b20
<ensure_open>, 
    get_scaled_font = 0x306e70 <get_scaled_font>, get_decodingID = 0x305d70
<get_decodingID>, 
    get_font_bbox = 0x305d90 <get_font_bbox>, 
    get_font_proportional_feature = 0x305dc0 <get_font_proportional_feature>, 
    can_retrieve_char_by_name = 0x306d60 <can_retrieve_char_by_name>, 
    can_replace_metrics = 0x305dd0 <can_replace_metrics>, 
    get_fontmatrix = 0x305de0 <get_fontmatrix>, get_char_width = 0x306c40
<get_char_width>, 
    get_char_raster_metrics = 0x306bf0 <get_char_raster_metrics>, 
    get_char_raster = 0x305e10 <get_char_raster>, 
    get_char_outline_metrics = 0x306ba0 <get_char_outline_metrics>, 
    get_char_outline = 0x306420 <get_char_outline>, 
    release_char_data = 0x306360 <release_char_data>, 
    release_typeface = 0x3062b0 <release_typeface>, 
    check_cmap_for_GID = 0x306260 <check_cmap_for_GID>}, freetype_library =
0x81f5630, 
  outline_glyph = 0x0, bitmap_glyph = 0x0, mem = 0x804a038, ftmemory =
0x8187658}
(gdb) print a_server
$5 = (FAPI_server *) 0x8051900
(gdb) print *a_server
$6 = {ig = {d = 0x6e3fe8}, frac_shift = 16, face = {font_id = 799, ctm = {xx =
0, 
      xy = 1.60126217e-06, yx = 1.60126217e-06, yy = 0, tx = 434, ty = 223},
log2_scale = {
      x = 0, y = 0}, align_to_pixels = 0, HWResolution = {96.0756531,
96.0756531}}, ff = {
    server_font_data = 0x0, need_decrypt = 0, memory = 0x0, font_file_path =
0x0, subfont = 0, 
    is_type1 = 0, is_cid = 0, is_outline_font = 0, is_mtx_skipped = 0,
is_vertical = 0, 
    client_ctx_p = 0x0, client_font_data = 0x0, client_font_data2 = 0x0,
char_data = 0x809dd02, 
    char_data_len = 3, get_word = 0x2fd6c0 <FAPI_FF_get_word>, 
    get_long = 0x305780 <FAPI_FF_get_long>, get_float = 0x2fcff0
<FAPI_FF_get_float>, 
    get_name = 0x2fe1b0 <FAPI_FF_get_name>, get_proc = 0x2fd4f0
<FAPI_FF_get_proc>, 
    get_gsubr = 0x2fdfe0 <FAPI_FF_get_gsubr>, get_subr = 0x2fdf00
<FAPI_FF_get_subr>, 
    get_raw_subr = 0x2fe0c0 <FAPI_FF_get_raw_subr>, get_glyph = 0x2ff250
<FAPI_FF_get_glyph>, 
    serialize_tt_font = 0x305700 <FAPI_FF_serialize_tt_font>, 
    get_charstring = 0x2fe3c0 <FAPI_FF_get_charstring>, 
    get_charstring_name = 0x2fe2e0 <FAPI_FF_get_charstring_name>}, max_bitmap =
0, 
  skip_glyph = 1, use_outline = 1, initial_FontMatrix = {xx = 0.00100000005, xy
= 0, yx = 0, 
    yy = 0.00100000005, tx = 0, ty = 0}, ensure_open = 0x307b20 <ensure_open>, 
  get_scaled_font = 0x306e70 <get_scaled_font>, get_decodingID = 0x305d70
<get_decodingID>, 
  get_font_bbox = 0x305d90 <get_font_bbox>, 
  get_font_proportional_feature = 0x305dc0 <get_font_proportional_feature>, 
  can_retrieve_char_by_name = 0x306d60 <can_retrieve_char_by_name>, 
  can_replace_metrics = 0x305dd0 <can_replace_metrics>, 
  get_fontmatrix = 0x305de0 <get_fontmatrix>, get_char_width = 0x306c40
<get_char_width>, 
  get_char_raster_metrics = 0x306bf0 <get_char_raster_metrics>, 
  get_char_raster = 0x305e10 <get_char_raster>, 
  get_char_outline_metrics = 0x306ba0 <get_char_outline_metrics>, 
  get_char_outline = 0x306420 <get_char_outline>, 
  release_char_data = 0x306360 <release_char_data>, 
  release_typeface = 0x3062b0 <release_typeface>, 
  check_cmap_for_GID = 0x306260 <check_cmap_for_GID>}
(gdb) print *a_server->outline_glyph
There is no member named outline_glyph.

Note that with 9.02 this line is different:

Loading NimbusSanL-Regu font from
/usr/share/fonts/default/Type1/n019003l.pfb... 2607364 1268057 3436356 1626469
3 done.

And there is:
GPL Ghostscript 9.02: Warning: the Xfonts feature is deprecated and will be
removed in a future release.

-- 
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the gs-bugs mailing list