running ps2pdf from current HEAD on the attached ps file gives $ ps2pdf LC_MOA16.ps Segmentation fault (core dumped) this is on various linux i686, Fedora 8, RHEL 4, CentOS 5, Debian 3.1, etc. but not on Fedora 8 x86_64 (gdb) bt #0 0x080e87fe in names_string_ref () #1 0x080ff2ad in gs_get_colorname_string () #2 0x0821347d in pdf_color_space_named () #3 0x082145f4 in pdf_color_space () #4 0x0821ce48 in pdf_reset_color () #5 0x0821d149 in pdf_set_drawing_color () #6 0x08214bc1 in pdf_setfillcolor () #7 0x08216649 in gdev_pdf_fill_path () #8 0x0834a3a2 in gx_fill_path () #9 0x08317175 in fill_with_rule () #10 0x080c2124 in gs_interpret () #11 0x080b8166 in gs_main_interpret () #12 0x080b81a4 in gs_main_run_string_end () #13 0x080b855a in gs_main_run_string () #14 0x080b90b7 in run_string () #15 0x080b9831 in runarg () #16 0x080b997a in argproc () #17 0x080bb0d6 in gs_main_init_with_args () #18 0x0804ed6a in main ()
Created attachment 3831 [details] ps2pdf14 on attached ps file segfaults
I cannot reproduce the SEGV on GNU+Linux or Windows. Valgrind reports uninitialized color values near the reported crash. Conditional jump or move depends on uninitialised value(s) at 0x401E4D2: bcmp (mc_replace_strmem.c:436) by 0x832DF1E: gx_hld_saved_color_equal (gxhldevc.c:122) by 0x821E9D1: pdf_set_drawing_color (gdevpdfg.c:467) by 0x8216632: pdf_setfillcolor (gdevpdfd.c:106) by 0x821806C: gdev_pdf_fill_path (gdevpdfd.c:1061) by 0x834DC4A: gx_fill_path (gxpaint.c:49) by 0x831377A: fill_with_rule (gspaint.c:329) by 0x83137BC: gs_fill (gspaint.c:345) by 0x80EE422: zfill (zpaint.c:25) by 0x80C34BA: call_operator (interp.c:111) by 0x80C570E: gs_call_interp (interp.c:1534) by 0x80C6764: gs_interpret (interp.c:454) The uninitialized color values come from a colored pattern, which is handled by gx_hld_save_color() the same way as an uncolored pattern.
Created attachment 3832 [details] patch for an unrelated typo This is a patch for a typo that happened near the SEGV location. Surprisingly, the patch has absolutely no external effects. All rasters and generated PDF files didn't change in a single byte.
Assigning to Igor to review and commit the patch. Since we cannot reproduce the segfault, please close the bug as WORKSFORME after the patch is committed.
P2 for crashes.
Patch 3832 has been committed as to HEAD http://ghostscript.com/pipermail/gs-cvs/2008-March/008184.html .
Closing with worksforme because we can't reproduce the problem.
it appears that my extended Fontmap.GS triggers the segfault. with the original Fontmap.GS there is no problem. when I compile current HEAD with the attached Fontmap.GS, ps2pdf does segfault, even though none of the additional font entries are used in the postscript file > ps2pdf LC.ps Segmentation fault (core dumped) > gsnd LC.ps GPL Ghostscript SVN PRE-RELEASE 8.63 (2008-03-01) Copyright (C) 2008 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusRomNo9L-Regu font from /usr/local/share/ghostscript/fonts/n021003l.pfb... 2787116 1213153 3758400 2406477 1 done. Loading NimbusRomNo9L-Medi font from /usr/local/share/ghostscript/fonts/n021004l.pfb... 2823876 1346254 3758400 2432562 1 done. Loading NimbusRomNo9L-ReguItal font from /usr/local/share/ghostscript/fonts/n021023l.pfb... 2860636 1482632 3758400 2451599 1 done. Loading NimbusRomNo9L-MediItal font from /usr/local/share/ghostscript/fonts/n021024l.pfb... 2897396 1484596 5738780 3962633 3 done. Loading NimbusSanL-Regu font from /usr/local/share/ghostscript/fonts/n019003l.pfb... 2994444 1595775 5738780 4125582 3 done. Loading StandardSymL font from /usr/local/share/ghostscript/fonts/s050000l.pfb... 3135116 1780873 5799068 4472290 3 done. Loading NimbusMonL-Regu font from /usr/local/share/ghostscript/fonts/n022003l.pfb... 3272356 1919355 5678492 4293450 3 done. GS> this is the only local modification to current HEAD. I made sure there are no GS_ environment variables, etc. > env | grep GS > debugger backtrace from compilation with debug info "CFLAGS=-g -O" Loaded symbols for /lib/libnsl.so.1 Core was generated by `gs -dSAFER -dCompatibilityLevel=1.4 -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOu '. Program terminated with signal 11, Segmentation fault. #0 names_string_ref (nt=0x9c132dc, pnref=0xbf8b9c68, psref=0xbf8b9c68) at ./src/iname.c:230 230 make_const_string(psref, (gdb) bt #0 names_string_ref (nt=0x9c132dc, pnref=0xbf8b9c68, psref=0xbf8b9c68) at ./src/iname.c:230 #1 0x080f8ada in gs_get_colorname_string (mem=0x9c1285c, colorname_index=8960, ppstr=0xbf8bac08, pname_size=0xbf8bac04) at ./src/zht2.c:51 #2 0x08204960 in pdf_color_space_named (pdev=0x9c62d9c, pvalue=0xbf8bacf8, ppranges=0x0, pcs=0x9da3708, pcsn=0x840cde0, by_name=1, res_name=0x0, name_length=0) at ./src/gdevpdfc.c:867 #3 0x08204db0 in pdf_color_space (pdev=0x9c62d9c, pvalue=0xbf8bacf8, ppranges=0x0, pcs=0x9da3708, pcsn=0x840cde0, by_name=1) at ./src/gdevpdfc.c:967 #4 0x0820d01c in pdf_reset_color (pdev=0x9c62d9c, pis=0x9c229fc, pdc=0x9d6c5f4, psc=0x9c639c8, used_process_color=0x9c639c0, ppscc=0x83cfe60) at ./src/gdevpdfg.c:380 #5 0x0820d456 in pdf_set_drawing_color (pdev=0x9c62d9c, pis=0x9c229fc, pdc=0x9d6c5f4, psc=0x9c639c8, used_process_color=0x9c639c0, ppscc=0x83cfe60) at ./src/gdevpdfg.c:480 #6 0x08205300 in pdf_setfillcolor (vdev=0x9c62d9c, pis=0x9c229fc, pdc=0x9d6c5f4) at ./src/gdevpdfd.c:106 #7 0x08206d3c in gdev_pdf_fill_path (dev=0x9c62d9c, pis=0x9c229fc, ppath=0x9c3372c, params=0xbf8bc8f4, pdcolor=0x9d6c5f4, pcpath=0x9d6c124) at ./src/gdevpdfd.c:1061 #8 0x0832edbb in gx_fill_path (ppath=0x9c3372c, pdevc=0x9d6c5f4, pgs=0x9c229fc, rule=-1, adjust_x=128, adjust_y=128) at ./src/gxpaint.c:49 #9 0x082fe3b7 in fill_with_rule (pgs=0x9c229fc, rule=-1) at ./src/gspaint.c:329 #10 0x082fe3f9 in gs_fill (pgs=0x9c229fc) at ./src/gspaint.c:345 #11 0x080df81e in zfill (i_ctx_p=0x9c331d4) at ./src/zpaint.c:25 #12 0x080bda61 in gs_interpret (pi_ctx_p=0x9c1160c, pref=0xbf8bcfc0, user_errors=1, pexit_code=0xbf8bd058, perror_object=0xbf8bd050) at ./src/interp.c:1534 #13 0x080b3f46 in gs_main_interpret (minst=<value optimized out>, pref=0x0, user_errors=-1081369496, pexit_code=0xbf8bd058, perror_object=0xbf8bd050) at ./src/imain.c:214 #14 0x080b3f84 in gs_main_run_string_end (minst=0x9c115b8, user_errors=1, pexit_code=0xbf8bd058, perror_object=0xbf8bd050) at ./src/imain.c:529 #15 0x080b4293 in gs_main_run_string_with_length (minst=0x9c115b8, str=0x9d5cda0 "<4c432e7073>.runfile", length=20, user_errors=1, pexit_code=0xbf8bd058, perror_object=0xbf8bd050) at ./src/imain.c:487 #16 0x080b42da in gs_main_run_string (minst=0x9c115b8, str=0x9d5cda0 "<4c432e7073>.runfile", user_errors=1, pexit_code=0xbf8bd058, perror_object=0xbf8bd050) at ./src/imain.c:469 #17 0x080b4dd0 in run_string (minst=0x9c115b8, str=0x0, options=-1081369496) at ./src/imainarg.c:798 #18 0x080b558b in runarg (minst=0x9c115b8, pre=0x845d19c "", arg=0x9d5d028 "LC.ps", post=0x836a7ad ".runfile", options=<value optimized out>) at ./src/imainarg.c:788 #19 0x080b5731 in argproc (minst=0x9c115b8, arg=<value optimized out>) at ./src/imainarg.c:723 #20 0x080b6fbd in gs_main_init_with_args (minst=0x9c115b8, argc=14, argv=0xbf8bded4) at ./src/imainarg.c:207 #21 0x0804ed6a in main (argc=587205892, argv=0x0) at ./src/gs.c:77 hope this helps Cheers T. # svn diff lib/Fontmap.GS Index: lib/Fontmap.GS =================================================================== --- lib/Fontmap.GS (revision 8598) +++ lib/Fontmap.GS (working copy) @@ -410,3 +410,165 @@ /TimesNewRoman,Italic /TimesNewRomanPS-ItalicMT ; /TimesNewRoman,BoldItalic /TimesNewRomanPS-BoldItalicMT ; +% +% Bluesky type I cm fonts pfb +% +/cmb10 (bluesky/cm/cmb10.pfb) ; +/cmbsy10 (bluesky/cm/cmbsy10.pfb) ; +/cmbx10 (bluesky/cm/cmbx10.pfb) ; +/cmbx12 (bluesky/cm/cmbx12.pfb) ; +/cmbx5 (bluesky/cm/cmbx5.pfb) ; +/cmbx6 (bluesky/cm/cmbx6.pfb) ; +/cmbx7 (bluesky/cm/cmbx7.pfb) ; +/cmbx8 (bluesky/cm/cmbx8.pfb) ; +/cmbx9 (bluesky/cm/cmbx9.pfb) ; +/cmbxsl10 (bluesky/cm/cmbxsl10.pfb) ; +/cmbxti10 (bluesky/cm/cmbxti10.pfb) ; +/cmcsc10 (bluesky/cm/cmcsc10.pfb) ; +/cmdunh10 (bluesky/cm/cmdunh10.pfb) ; +/cmex10 (bluesky/cm/cmex10.pfb) ; +/cmff10 (bluesky/cm/cmff10.pfb) ; +/cmfi10 (bluesky/cm/cmfi10.pfb) ; +/cmfib8 (bluesky/cm/cmfib8.pfb) ; +/cminch (bluesky/cm/cminch.pfb) ; +/cmitt10 (bluesky/cm/cmitt10.pfb) ; +/cmmi10 (bluesky/cm/cmmi10.pfb) ; +/cmmi12 (bluesky/cm/cmmi12.pfb) ; +/cmmi5 (bluesky/cm/cmmi5.pfb) ; +/cmmi6 (bluesky/cm/cmmi6.pfb) ; +/cmmi7 (bluesky/cm/cmmi7.pfb) ; +/cmmi8 (bluesky/cm/cmmi8.pfb) ; +/cmmi9 (bluesky/cm/cmmi9.pfb) ; +/cmmib10 (bluesky/cm/cmmib10.pfb) ; +/cmr10 (bluesky/cm/cmr10.pfb) ; +/cmr12 (bluesky/cm/cmr12.pfb) ; +/cmr17 (bluesky/cm/cmr17.pfb) ; +/cmr5 (bluesky/cm/cmr5.pfb) ; +/cmr6 (bluesky/cm/cmr6.pfb) ; +/cmr7 (bluesky/cm/cmr7.pfb) ; +/cmr8 (bluesky/cm/cmr8.pfb) ; +/cmr9 (bluesky/cm/cmr9.pfb) ; +/cmsl10 (bluesky/cm/cmsl10.pfb) ; +/cmsl12 (bluesky/cm/cmsl12.pfb) ; +/cmsl8 (bluesky/cm/cmsl8.pfb) ; +/cmsl9 (bluesky/cm/cmsl9.pfb) ; +/cmsltt10 (bluesky/cm/cmsltt10.pfb) ; +/cmss10 (bluesky/cm/cmss10.pfb) ; +/cmss12 (bluesky/cm/cmss12.pfb) ; +/cmss17 (bluesky/cm/cmss17.pfb) ; +/cmss8 (bluesky/cm/cmss8.pfb) ; +/cmss9 (bluesky/cm/cmss9.pfb) ; +/cmssbx10 (bluesky/cm/cmssbx10.pfb) ; +/cmssdc10 (bluesky/cm/cmssdc10.pfb) ; +/cmssi10 (bluesky/cm/cmssi10.pfb) ; +/cmssi12 (bluesky/cm/cmssi12.pfb) ; +/cmssi17 (bluesky/cm/cmssi17.pfb) ; +/cmssi8 (bluesky/cm/cmssi8.pfb) ; +/cmssi9 (bluesky/cm/cmssi9.pfb) ; +/cmssq8 (bluesky/cm/cmssq8.pfb) ; +/cmssqi8 (bluesky/cm/cmssqi8.pfb) ; +/cmsy10 (bluesky/cm/cmsy10.pfb) ; +/cmsy5 (bluesky/cm/cmsy5.pfb) ; +/cmsy6 (bluesky/cm/cmsy6.pfb) ; +/cmsy7 (bluesky/cm/cmsy7.pfb) ; +/cmsy8 (bluesky/cm/cmsy8.pfb) ; +/cmsy9 (bluesky/cm/cmsy9.pfb) ; +/cmtcsc10 (bluesky/cm/cmtcsc10.pfb) ; +/cmtex10 (bluesky/cm/cmtex10.pfb) ; +/cmtex8 (bluesky/cm/cmtex8.pfb) ; +/cmtex9 (bluesky/cm/cmtex9.pfb) ; +/cmti10 (bluesky/cm/cmti10.pfb) ; +/cmti12 (bluesky/cm/cmti12.pfb) ; +/cmti7 (bluesky/cm/cmti7.pfb) ; +/cmti8 (bluesky/cm/cmti8.pfb) ; +/cmti9 (bluesky/cm/cmti9.pfb) ; +/cmtt10 (bluesky/cm/cmtt10.pfb) ; +/cmtt12 (bluesky/cm/cmtt12.pfb) ; +/cmtt8 (bluesky/cm/cmtt8.pfb) ; +/cmtt9 (bluesky/cm/cmtt9.pfb) ; +/cmu10 (bluesky/cm/cmu10.pfb) ; +/cmvtt10 (bluesky/cm/cmvtt10.pfb) ; +/lasy10 (bluesky/cm/lasy10.pfb) ; +/lasy5 (bluesky/cm/lasy5.pfb) ; +/lasy6 (bluesky/cm/lasy6.pfb) ; +/lasy7 (bluesky/cm/lasy7.pfb) ; +/lasy8 (bluesky/cm/lasy8.pfb) ; +/lasy9 (bluesky/cm/lasy9.pfb) ; +/lasyb10 (bluesky/cm/lasyb10.pfb) ; +/lcircle1 (bluesky/cm/lcircle1.pfb) ; +/lcirclew (bluesky/cm/lcirclew.pfb) ; +/lcmss8 (bluesky/cm/lcmss8.pfb) ; +/lcmssb8 (bluesky/cm/lcmssb8.pfb) ; +/lcmssi8 (bluesky/cm/lcmssi8.pfb) ; +/line10 (bluesky/cm/line10.pfb) ; +/linew10 (bluesky/cm/linew10.pfb) ; + +%% +%% AMS type I fonts distributed by AMS and Bluesky/Y&Y pfb +%% +/cmbsy5 (bluesky/cmextra/cmbsy5.pfb) ; +/cmbsy7 (bluesky/cmextra/cmbsy7.pfb) ; +/cmmib5 (bluesky/cmextra/cmmib5.pfb) ; +/cmmib7 (bluesky/cmextra/cmmib7.pfb) ; +/euex10 (bluesky/euler/euex10.pfb) ; +/eufb10 (bluesky/euler/eufb10.pfb) ; +/eufb5 (bluesky/euler/eufb5.pfb) ; +/eufb7 (bluesky/euler/eufb7.pfb) ; +/eufm10 (bluesky/euler/eufm10.pfb) ; +/eufm5 (bluesky/euler/eufm5.pfb) ; +/eufm7 (bluesky/euler/eufm7.pfb) ; +/eurb10 (bluesky/euler/eurb10.pfb) ; +/eurb5 (bluesky/euler/eurb5.pfb) ; +/eurb7 (bluesky/euler/eurb7.pfb) ; +/eurm10 (bluesky/euler/eurm10.pfb) ; +/eurm5 (bluesky/euler/eurm5.pfb) ; +/eurm7 (bluesky/euler/eurm7.pfb) ; +/eusb10 (bluesky/euler/eusb10.pfb) ; +/eusb5 (bluesky/euler/eusb5.pfb) ; +/eusb7 (bluesky/euler/eusb7.pfb) ; +/eusm10 (bluesky/euler/eusm10.pfb) ; +/eusm5 (bluesky/euler/eusm5.pfb) ; +/eusm7 (bluesky/euler/eusm7.pfb) ; +/msam10 (bluesky/symbols/msam10.pfb) ; +/msam5 (bluesky/symbols/msam5.pfb) ; +/msam7 (bluesky/symbols/msam7.pfb) ; +/msbm10 (bluesky/symbols/msbm10.pfb) ; +/msbm5 (bluesky/symbols/msbm5.pfb) ; +/msbm7 (bluesky/symbols/msbm7.pfb) ; +/wncyb10 (bluesky/cyrillic/wncyb10.pfb) ; +/wncyi10 (bluesky/cyrillic/wncyi10.pfb) ; +/wncyr10 (bluesky/cyrillic/wncyr10.pfb) ; +/wncysc10 (bluesky/cyrillic/wncysc10.pfb) ; +/wncyss10 (bluesky/cyrillic/wncyss10.pfb) ; + +%% +%% hoekwater +%% + +/logo10 (hoekwater/mflogo/logo10.pfb) ; +/logo8 (hoekwater/mflogo/logo8.pfb) ; +/logo9 (hoekwater/mflogo/logo9.pfb) ; +/logobf10 (hoekwater/mflogo/logobf10.pfb) ; +/logod10 (hoekwater/mflogo/logod10.pfb) ; +/logosl10 (hoekwater/mflogo/logosl10.pfb) ; +/logosl8 (hoekwater/mflogo/logosl8.pfb) ; +/logosl9 (hoekwater/mflogo/logosl9.pfb) ; +/manfnt (hoekwater/mflogo/manfnt.pfb) ; + +/rsfs10 (hoekwater/rsfs/rsfs10.pfb) ; +/rsfs5 (hoekwater/rsfs/rsfs5.pfb) ; +/rsfs7 (hoekwater/rsfs/rsfs7.pfb) ; +/stmary5 (hoekwater/stmaryrd/stmary5.pfb) ; +/stmary6 (hoekwater/stmaryrd/stmary6.pfb) ; +/stmary7 (hoekwater/stmaryrd/stmary7.pfb) ; +/stmary8 (hoekwater/stmaryrd/stmary8.pfb) ; +/stmary9 (hoekwater/stmaryrd/stmary9.pfb) ; +/stmary10 (hoekwater/stmaryrd/stmary10.pfb) ; + +/wasy5 (hoekwater/wasy/wasy5.pfb) ; +/wasy6 (hoekwater/wasy/wasy6.pfb) ; +/wasy7 (hoekwater/wasy/wasy7.pfb) ; +/wasy8 (hoekwater/wasy/wasy8.pfb) ; +/wasy9 (hoekwater/wasy/wasy9.pfb) ; +/wasy10 (hoekwater/wasy/wasy10.pfb) ; +/wasyb10 (hoekwater/wasy/wasyb10.pfb) ;
Passing back to support. From user's response I conclude that we need local copies of his fonts. Dear Support, please obtain a minimal set to reproduce the problem in our computers.
I am unable to reproduce any segfault on Windows or linux. Please make sure that you are using HEAD as is reported. I tested with 8.62 and with rev 8609. There is nothing that an extended Fontmap.GS has to do with the 'name_string_ref' in pdf_color_space_named and descendants.
Hi, clearly the Fontmap.GS does not have a logical connection to the pdf color namespaces, but this being a segfault, it can have indirect influence on memory allocation, etc. When I checked, the Fontmap.GS was the only local customization and it triggered the segfault. Note also, that for some svn revisions the -dNOFONTMAP switch avoids the segfault. I have been using current HEAD and regularly re-checking for the past month. $ svn up At revision 8617. $ make distclean ; make && make install $ ps2pdf gscoredump.eps Segmentation fault (core dumped) gdb: Core was generated by `gs -dSAFER -dCompatibilityLevel=1.4 -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOu'. Program terminated with signal 11, Segmentation fault. #0 0x080e89be in names_string_ref () (gdb) bt #0 0x080e89be in names_string_ref () #1 0x080ff46d in gs_get_colorname_string () #2 0x0821403d in pdf_color_space_named () However this generates PDF (on Fedora Core8 i386) $ps2pdf -dNOFONTMAP gscoredump.eps but still fails on Fedora Core8 x86_64. When I run gs through gdb with a breakpoint at iname.c:names_string_ref the call to const name_string_t *pnstr = names_string_inline(nt, pnref); returns a nullpointer for *pnstr after 20232 hits and the subsequent access in make_const_string segfaults. I don't understand the pdf color namespace handling to debug much further. I attach a figure (same as in original attachment, but standalone instead of inlined in text). Interestingly I can split the figure in 2 parts and distill these individually, as long as the number of (New Color ..) operations is below 728. Hope this helps Cheers T.
Created attachment 3913 [details] ps2pdf on this eps files segfaults