Summary: | Ghostscript crashs using svg device | ||
---|---|---|---|
Product: | Ghostscript | Reporter: | Frank Heindörfer <software> |
Component: | General | Assignee: | Henry Stiles <henry.stiles> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ambrus+ghostscriptbug, christinedelight.top85, mail, shailesh.mistry |
Priority: | P4 | Keywords: | bountiable |
Version: | 9.00 | ||
Hardware: | PC | ||
OS: | Windows 7 | ||
Customer: | Word Size: | --- | |
Attachments: |
Test postscript file.
Patch to cater for potential memory leaks Test files Example postscript file with which the svg plugin crashes for me. |
I verified this and with a debug build I get: GPL Ghostscript SVN PRE-RELEASE 9.01: .\psi\igcstr.c(173): String pointer 0x8d89b0[9275752] outside [0x8d8968..0x8d8c88) GPL Ghostscript SVN PRE-RELEASE 9.01: .\psi\igcstr.c(173): String pointer 0x8d8968[1610612736] outside [0x8d8968..0x8d8c88 which is probably the same issue that would lead to a segfault with a non- debug build. with -ZA I see these addresses in the log... svg_setstrokecolor [a8:+> ]svg_make_color(8) = 0x8d89b0 [a8:->#]svg_setstrokecolor(8) 0x8d8a50 svg_beginpath type 2 (stroke) .... svg_setfillcolor [a8:+> ]svg_make_color(8) = 0x8d8968 [a8:->#]svg_setfillcolor(8) 0x8d8970 svg_setlogop(240,12) set logical operation Created attachment 7170 [details]
Patch to cater for potential memory leaks
I could not reproduce this crash but I did find two potential memory leaks.
Attached is a patch to correct for them.
In both cases, the paint memory is allocated but not freed if the existing color does not change.
(In reply to comment #2) > Created an attachment (id=7170) [details] > Patch to cater for potential memory leaks > > I could not reproduce this crash but I did find two potential memory leaks. > Attached is a patch to correct for them. > > In both cases, the paint memory is allocated but not freed if the existing > color does not change. We are interested in the source of these messages: GPL Ghostscript SVN PRE-RELEASE 9.01: .\psi\igcstr.c(173): String pointer 0x8d89b0[9275752] outside [0x8d8968..0x8d8c88) GPL Ghostscript SVN PRE-RELEASE 9.01: .\psi\igcstr.c(173): String pointer 0x8d8968[1610612736] outside [0x8d8968..0x8d8c88 Do the messages go away with your change? Ghostscript does have a garbage collecter, so we don't expect the leak to cause the system to crash or even print the warning messages that a string has a foreign memory address. This patch is based purely on stepping through the code and following the logic of memory allocation for the paint. I could not reproduce the crash with a debug or release build. I also could not reproduce the message about the memory being outside the range in igcstr.c as listed above. Created attachment 7287 [details]
Test files
I've tested version 9.01 and the crash appears again. It happens in WinXP 32 bit and Win7 64 bit using Ghostscript 8.71, 9.00 and 9.01. There was no problem with version 8.70. Can anybody check and confirm this?
Frank
Team PDFCreator
(In reply to comment #5) > I've tested version 9.01 and the crash appears again. It happens in WinXP 32 > bit and Win7 64 bit using Ghostscript 8.71, 9.00 and 9.01. There was no problem > with version 8.70. Can anybody check and confirm this? I can confirm this. In version 8.70 everything was fine and in all later Versions (8.71, 9.00 and 9.01) the SVG device is broken for me on Microsoft Windows 7 x64 and Windows Server 2003 R2 x64. Created attachment 7434 [details]
Example postscript file with which the svg plugin crashes for me.
The svg plugin segfaults for me too, for some input files. This is GPL Ghostscript 9.02 (2011-03-30) built on amd64-linux on a debian-based system (but with gcc 4.5.1 and other custom installed software), with the following options: ./configure --prefix=/usr/local/gs9 --with-drivers=ALL,svgwrite The svg plugin finishes without segfaulting on the HelloWorld.ps supplied as an example in this bug thread by someone else. The resulting svg shows up correctly in the iceweasel browser, but all the text is actually rendered from rectangles, so it's very slow. On another input file, "npc_poset-1.mps", it does segfault. The output is truncated, and the text is output as rectangles here too. I'm attaching the file (which is generated by metapost by the way) to this bug. I'm invoking gs with the following command line: gs -dSAFER -dNOPAUSE -dBATCH -dEPSCrop -sDEVICE=svg -sOutputFile=npc_poset-1.svg npc_poset-1.mps Both files render correctly with the same ghostscript version but other plugins (png48, and whatever gv uses). Fixed in http://git.ghostscript.com/p=ghostpdl.git;a=commit;h=413e6e5a1c7ccc3d86678a54e93130ca182f9e98 Reading the code for the device it looks very preliminary - a rough draft, so to speak, and we don't have anyone working on it currently. |
Created attachment 7128 [details] Test postscript file. Hello, if I'm using the svg device ghostscript crashs. It happens after %%[LastPage]%% and is source file independent. gswin32c -I"C:\gs\GPL\gs9.00\gs9.00\lib" -dSAFTER -dBATCH -dNOPAUSE -sDEVICE=svg -dCompatibilityLevel=1.4 -sOutputFile=HelloWorld.svg -f HelloWorld.ps Frank