[gs-bugs] [Bug 693046] segfault with txtwrite device, fts.0980

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Fri May 18 16:54:21 UTC 2012 

http://bugs.ghostscript.com/show_bug.cgi?id=693046

Henry Stiles <henry.stiles at artifex.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |henry.stiles at artifex.com

--- Comment #4 from Henry Stiles <henry.stiles at artifex.com> 2012-05-18 16:54:20 UTC ---
I confirm Hin-Tak's findings with valgrind on all PCL files I've tried, writes
outside the bound of the array.


==95603== Conditional jump or move depends on uninitialised value(s)
==95603==    at 0x1004B1BCB: pl_cmap_lookup (plchar.c:723)
==95603==    by 0x1004B210D: pl_tt_cmap_encode_char (plchar.c:794)
==95603==    by 0x1004B2445: pl_tt_encode_char (plchar.c:858)
==95603==    by 0x1003000D1: txtwrite_process_plain_text (gdevtxtw.c:1865)
==95603==    by 0x10030178E: textw_text_process (gdevtxtw.c:2119)
==95603==    by 0x1003C8A73: gs_text_process (gstext.c:552)
==95603==    by 0x10050F1C5: hpgl_print_char (pglabel.c:882)
==95603==    by 0x100510E54: hpgl_process_buffer (pglabel.c:1320)
==95603==    by 0x1005113D2: hpgl_LB (pglabel.c:1383)
==95603==    by 0x1004FE428: hpgl_process (pgparse.c:104)
==95603==    by 0x1004D445C: pcl_process (pcparse.c:457)
==95603==    by 0x100001BD8: pcl_impl_process (pctop.c:519)
==95603==  Uninitialised value was created by a stack allocation
==95603==    at 0x1002FFF80: txtwrite_process_plain_text (gdevtxtw.c:1840)
==95603== 
==95603== Invalid write of size 4
==95603==    at 0x100300289: txtwrite_process_plain_text (gdevtxtw.c:1878)
==95603==    by 0x10030178E: textw_text_process (gdevtxtw.c:2119)
==95603==    by 0x1003C8A73: gs_text_process (gstext.c:552)
==95603==    by 0x10050F1C5: hpgl_print_char (pglabel.c:882)
==95603==    by 0x100510E54: hpgl_process_buffer (pglabel.c:1320)
==95603==    by 0x1005113D2: hpgl_LB (pglabel.c:1383)
==95603==    by 0x1004FE428: hpgl_process (pgparse.c:104)
==95603==    by 0x1004D445C: pcl_process (pcparse.c:457)
==95603==    by 0x100001BD8: pcl_impl_process (pctop.c:519)
==95603==    by 0x100493DED: pl_process (pltop.c:160)
==95603==    by 0x100513A9D: pl_main_aux (plmain.c:431)
==95603==    by 0x100513F39: pl_main (plmain.c:513)
==95603==  Address 0x501bb5634 is not stack'd, malloc'd or (recently) free'd
==95603==

-- 
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the gs-bugs mailing list