690475 – "ps2write" segfaults on PDF file of CUPS test suite

Bug 690475 - "ps2write" segfaults on PDF file of CUPS test suite

Summary: "ps2write" segfaults on PDF file of CUPS test suite

Status:	RESOLVED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	PS Writer (show other bugs)
Version:	master
Hardware:	PC Linux

Importance:	P4 major
Assignee:	Ken Sharp

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-05-11 07:29 UTC by Till Kamppeter
Modified:	2009-05-12 08:36 UTC (History)
CC List:	0 users

See Also:
Customer:
Word Size:	---

Attachments
testfile.pdf (273.19 KB, application/pdf) 2009-05-11 07:30 UTC, Till Kamppeter	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Till Kamppeter 2009-05-11 07:29:01 UTC

I tried to use the "ps2write" Ghostscript output device for the pdftops CUPS
filter, but it does not work as the CUPS test suite fails with it. It segfaults
on the PDF test file (attached) with the following Ghostscript command line:

gs -q -dNOPAUSE -dBATCH -dSAFER -sDEVICE=ps2write -sOUTPUTFILE=%stdout
-dLanguageLevel=2 testfile.pdf > test.out

Using "pswrite" in the same command line converts the PDF file correctly to
PostScript.

Comment 1 Till Kamppeter 2009-05-11 07:30:43 UTC

Created attachment 5005 [details]
testfile.pdf

PDF file which crashes the "ps2write" device

Comment 2 Ken Sharp 2009-05-11 08:33:33 UTC

Hmm, the problem is caused by a pointer to the imager state being NULL, which is
somewhat similar to a problem Tor was experiencing with the XPS interpreter
after the soft mask merge.

I'll go back a few revisions and see what happens.

Comment 3 Ken Sharp 2009-05-11 08:47:17 UTC

Hmm, well reverting back to a 'pre softmask merge' revision doesn't resolve the
problem, so I guess its long standing.

Comment 4 Ken Sharp 2009-05-11 08:56:53 UTC

I have a quick hack which 'fixes' this, but I'd like to understand the problem
better before I make any commits.

Comment 5 Till Kamppeter 2009-05-11 08:58:32 UTC

Ken, the bug is not only in HEAD but also in released Ghostscript 8.64.

Comment 6 Ken Sharp 2009-05-11 09:05:22 UTC

Till, it seems to be of very long standing. The ps2write device is converting
'something' (I don't know what yet) into an image, and then trying to decide how
best to compress the resulting image (flate, LZW, DCT etc). 

To help do this it converts a few colours in the current space and sees what
comes back. The problem is that when we do the conversion we don't have an
imager state, and so the colour conversion fails (crashes actually).

My quick fix is to check to see if we have a genuine colour space before doing
the test conversion, and that works fine, but I'd just like a slightly better
understanding of how and why we get into this confused state. I suspect its just
an oversight due to a convoluted path through the code (the same compression
test is used in lots of places), but I'd like to be sure.

Comment 7 Ken Sharp 2009-05-12 03:13:18 UTC

The object being converted to an image is a shading apparently. The conversion is
deliberately done without a colour space context, which normally is OK. However
if the image is large (>512Kb) then the PostScript code attempts to compress it,
and as part of this it probes the colour space. Since we have no colour space it
causes a crash.

Revision 9738, patch here:
http://ghostscript.com/pipermail/gs-cvs/2009-May/009324.html

should resolve the problem by skipping the colour space probing if we don't have
a colour space.

Comment 8 Till Kamppeter 2009-05-12 08:36:44 UTC

I have applied the patch to the released Ghostscript 8.64 for Ubuntu Karmic and
the problem is gone. Thank you very much for the quick fix.