691310 – SEGV caused by invalid font

Bug 691310 - SEGV caused by invalid font

Summary: SEGV caused by invalid font

Status:	RESOLVED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	PDF Writer (show other bugs)
Version:	master
Hardware:	PC Windows NT

Importance:	P2 normal
Assignee:	Ken Sharp

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-05-17 02:07 UTC by Alex Cherepanov
Modified:	2010-05-17 15:51 UTC (History)
CC List:	0 users

See Also:
Customer:
Word Size:	---

Attachments
Sample file from alextest/pdf.0 (2.10 MB, application/pdf) 2010-05-17 02:07 UTC, Alex Cherepanov	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Cherepanov 2010-05-17 02:07:09 UTC

Created attachment 6292 [details]
Sample file from alextest/pdf.0

gs fails with SEGV running ps2pdf on the sample file.
The error is caused by uninitialized ipsp->cs_data->procs
in gxtype1.c:458 .

The SEGV is easy to fix by checking the stack, but this causes
a PostScript error. Somehow, the file runs without an error
on raster devices.

Comment 1 Ken Sharp 2010-05-17 10:32:18 UTC

Well, at least its not caused by the FreeType code, it fails in the same way with the internal Ghostscript font handling.

Comment 2 Ken Sharp 2010-05-17 10:32:38 UTC

Increasing priority for a crash.

Comment 3 Ken Sharp 2010-05-17 15:51:17 UTC

Fixed in revision 11270:
http://ghostscript.com/pipermail/gs-cvs/2010-May/011052.html

I don't think the font is invalid, the problem was caused by not properly interpreting a CFF operation (cntrmask with operands on the stack), which led to us not skipping over bytes in the data stream. Eventually this caused us to interpret data as operators, with unpredictable, but unfortunate, results.