Customer reports gswin32c.exe (the official 8.53 build) sefaults on the attached file. I cannot reproduce on linux, but Dan has confirmed with 8.53 and HEAD on Windows.
Created attachment 2143 [details] problem file
The seg fault is coming from the memcopy in the following sequence in pdf14_push_transparency_group in gdevp14.c. The width and pointers seem reasonable at fist glance. for (i = 0; i < n_chan_copy; i++) { byte *buf_ptr = buf_plane; byte *tos_ptr = tos_plane; int y; for (y = y0; y < y1; ++y) { memcpy (buf_ptr, tos_ptr, width); buf_ptr += buf->rowstride; tos_ptr += tos->rowstride; } buf_plane += buf->planestride; tos_plane += tos->planestride; }
I got a C stack overflow on Windows NT, MSVC 6.
The problem is that the bounding rectangles for the two buffers do not match. As a result, the memcopy is attempting to move data from before the start of the tos_ptr area.
Igor, Would you please check the logic for determining the bounding boxes.
Patch to HEAD : http://ghostscript.com/pipermail/gs-cvs/2006-September/006783.html
Another crash in transparency happen with -dPDFA. I guess the branch, which converts a transparency into a bitmap, needs a similar improvement. gswin32c.exe -dPDFA -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=z:\t2 \cur.pdf -dLastPage=10 CompareFiles\Bug688631.pdf The test file is same as one attached.
One more patch to HEAD : http://ghostscript.com/pipermail/gs-cvs/2006-September/006825.html