[gs-bugs] [Bug 691557] New: Memory corruption in function gp_defaultpapersize (file: 'base/gp_upapr.c')

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Sat Aug 14 07:59:44 UTC 2010


           Summary: Memory corruption in function gp_defaultpapersize
                    (file: 'base/gp_upapr.c')
           Product: Ghostscript
           Version: HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P4
         Component: General
        AssignedTo: support at artifex.com
        ReportedBy: lomov.vl at gmail.com
         QAContact: gs-bugs at ghostscript.com
   Estimated Hours: 0.0

Created an attachment (id=6659)
 --> (http://bugs.ghostscript.com/attachment.cgi?id=6659)
Patch for base/gp_upapr.c to remove redundant 'free()'


The error that causes memory corruption was introduced in 11588.

I attach small patch file.

I noticed this only now. My system:
OS:         archlinux 86_64
compiler:   gcc 4.5.1

ghostscript was compiled with the following system libraries:
expat, jasper, jpeg, libpng, libz.

Before patching gs runs causes glibc report, running in valgrind confirm this
corruption. After patching gs runs fine (valgrind doesn't report any errors).

Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the gs-bugs mailing list