| Summary: | Crash with some specific png embedded in pdf | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | ubitux |
| Component: | Images | Assignee: | Alex Cherepanov <alex> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | ||
| Priority: | P4 | ||
| Version: | 9.00 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | Word Size: | --- | |
| Attachments: |
Icecast logo PNG
PDF crash sample with icecast logo embedded |
||
Created attachment 7027 [details]
PDF crash sample with icecast logo embedded
The problem has been reproduced on GCC 4.5.1, AMD64, release build. gs broke ANSI aliasing rules, which prohibit access to the same memory through a pointer of incompatible type. New code uses memcpy() to assign Ghostscript classes i.e. structures of different type. ubitux, thank you for the analysis of the problem. A patch has been committed as a rev. 11948. |
Created attachment 7026 [details] Icecast logo PNG How to reproduce: % cat crash.tex \documentclass{article} \usepackage{graphicx} \begin{document} \includegraphics{icecast} \end{document} % texi2pdf crash.tex [...] % gs -sDEVICE=pngalpha -sOutputFile=crash.png crash.pdf GPL Ghostscript 9.00 (2010-09-14) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 1. Page 1 zsh: segmentation fault gs -sDEVICE=pngalpha -sOutputFile=crash.png crash.pdf % icecast.png is attached to this issue. I tracked a little the bug, and it appears to be in base/gximag3x.c around L240. It looks like a GCC bug (4.5.1) or an undefined behavior with GS code. Two ways of fixing it: 1) Changing the pointer type of the type1 : - const gx_image_type_t *type1 = mask[i].image.type; + const void *type1 = mask[i].image.type; wtf? 2) Use memcpy instead of *(gs_data_image_t *)&mask[i].image = pixm->MaskDict; I tried a few days to reproduce the bug in a small C sample but was unable to. If you're able to, I would be quiet interested in the GCC bug post. Regards,