688720 – Segmentation fault when using @file.upp

Bug 688720 - Segmentation fault when using @file.upp

Summary: Segmentation fault when using @file.upp

Status:	NOTIFIED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	General (show other bugs)
Version:	8.54
Hardware:	PC Linux

Importance:	P4 normal
Assignee:	Default assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-05-26 00:30 UTC by Paul Vojta
Modified:	2008-12-19 08:31 UTC (History)
CC List:	1 user (show)

See Also:
Customer:
Word Size:	---

Attachments
patch (3.26 KB, patch) 2006-05-27 08:37 UTC, Alex Cherepanov	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Vojta 2006-05-26 00:30:55 UTC

"gs @file.upp" gives a segmentation fault unless file.upp exists in the current
directory.  This does not depend on whether file.upp exists in
/usr/local/share/ghostscript/8.54/lib or not.

Comment 1 Dan Coby 2006-05-26 16:19:00 UTC

I do not get a seg fault running under WinXP.

I get the following error message:

  Unable to open command line file file.upp

Tested with 7.00, 8,00, and 8.54.

Comment 2 Hin-Tak Leung 2006-05-26 18:34:58 UTC

I get segfaults with both 32-bit and 64-bit 8.54 binaries on x86_64 linux
(and 8.53 64-bit and 8.15.2 64-bit works okay) so the segfault is real,
and different from bug 688721 (which only affects 64-bit 8.54).

backtrace of the 32-bit 8.54 binary:

 gdb /usr/local/bin/gs
GNU gdb Red Hat Linux (6.3.0.0-1.122rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

(gdb) run @file.upp
Starting program: /usr/local/bin/gs @file.upp
Reading symbols from shared object read from target memory...warning: Lowest
section in shared object read from target memory is .hash at ffffe0b4
done.
Loaded system supplied DSO at 0xffffe000

Program received signal SIGSEGV, Segmentation fault.
gs_getiodevice (index=0) at ./src/gsiodev.c:269
269         return io_device_table[index];
(gdb) bt
#0  gs_getiodevice (index=0) at ./src/gsiodev.c:269
#1  0x080c8948 in lib_fopen (pfpath=0x83de270, mem=0x83de1b8, fname=0xffffdb2d
"file.upp") at ./src/zfile.c:1061
#2  0x080b218a in gs_main_arg_fopen (fname=0xffffdb2d "file.upp",
vminst=0x83de250) at ./src/imainarg.c:113
#3  0x080b2504 in arg_next (pal=0xffffc26c, code=0xffffc268) at ./src/gsargs.c:194
#4  0x080b1e75 in gs_main_init_with_args (minst=0x83de250, argc=2,
argv=0xffffcc04) at ./src/imainarg.c:201
#5  0x0804b0e7 in main (argc=Cannot access memory at address 0x1000
) at ./src/gs.c:75
#6  0x009a3724 in __libc_start_main () from /lib/libc.so.6
#7  0x0804b011 in _start ()
(gdb) 

backtrace of 64-bit binary:


 gdb /usr/local/bin/gs
GNU gdb Red Hat Linux (6.3.0.0-1.122rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/libthread_db.so.1".

(gdb) run @file.upp
Starting program: /usr/local/bin/gs @file.upp

Program received signal SIGSEGV, Segmentation fault.
0x00000000005fe829 in gs_getiodevice (index=0) at ./src/gsiodev.c:269
269         return io_device_table[index];
(gdb) bt
#0  0x00000000005fe829 in gs_getiodevice (index=0) at ./src/gsiodev.c:269
#1  0x0000000000480a22 in lib_file_open (lib_path=0x8d74d0, mem=0x8d7370,
i_ctx_p=0x0, fname=0x7fffff97ab2d "file.upp", flen=8, 
    buffer=0x7fffff978a50 "file.upp", blen=2048, pclen=0x7fffff978a4c,
pfile=0x7fffff978a30) at ./src/zfile.c:1027
#2  0x0000000000480c45 in lib_fopen (pfpath=0x8d74d0, mem=0x8d7370,
fname=0x7fffff97ab2d "file.upp") at ./src/zfile.c:1061
#3  0x000000000046a6a0 in arg_next (pal=0x7fffff979320, code=0x7fffff97931c) at
./src/gsargs.c:194
#4  0x0000000000469e9c in gs_main_init_with_args (minst=0x8d74a0, argc=2,
argv=Variable "argv" is not available.
) at ./src/imainarg.c:201
#5  0x0000000000404629 in main (argc=2, argv=0x7fffff979dd8) at ./src/gs.c:75
#6  0x000000324841ce54 in __libc_start_main () from /lib64/libc.so.6
#7  0x0000000000404559 in _start ()
#8  0x00007fffff979dc8 in ?? ()
#9  0x0000000000000000 in ?? ()
(gdb)

Comment 3 Alex Cherepanov 2006-05-27 08:37:57 UTC

Created attachment 2227 [details]
patch

Clean up the code that opens starting arg files (@ files). Use iodev_default
when it is available. Otherwise use the staticly initialized %os% device .

Testing now.

Comment 4 Hin-Tak Leung 2006-05-27 12:39:00 UTC

Argh, I was going through the versions for bug 688721 and found this one
to be due to change between 2006-02-02 and 2006-03-03 if it is useful at all.

Comment 5 Hin-Tak Leung 2006-05-27 18:34:01 UTC

The segfault is narrowed down to to change in r6630.

The log entry of Change r6630 contains a reference to changing
how "@" files are processed:

...
DETAILS:

This was a moderate amount of surgery, but was functionally extracted
from the old lib_fopen_with_libpaths and merged into lib_open_file
which now returns a PS file object. The lib_fopen now gets the FILE *
pointer from the stream structure for use in processing @ files.
...

Comment 6 Alex Cherepanov 2006-05-28 05:21:41 UTC

The patch in the comment #3 causes no differences in the regression testing.

Comment 7 Alex Cherepanov 2006-06-01 04:53:41 UTC

The patch is committed as rev. 6830.