Bug 691625 - Bus error when /ReusableStreamDecode encounters exactly 1024 bytes
Summary: Bus error when /ReusableStreamDecode encounters exactly 1024 bytes
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: PS Interpreter (show other bugs)
Version: 0.00
Hardware: Macintosh MacOS X
: P4 critical
Assignee: Alex Cherepanov
URL:
Keywords:
: 692021 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-09-18 22:04 UTC by Eric
Modified: 2011-03-03 22:28 UTC (History)
0 users

See Also:
Customer:
Word Size: ---


Attachments
PS file causing GS to crash with a bus error (618.25 KB, application/postscript)
2010-09-18 22:04 UTC, Eric
Details
patch (447 bytes, patch)
2010-09-20 01:28 UTC, Alex Cherepanov
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eric 2010-09-18 22:04:07 UTC
Created attachment 6734 [details]
PS file causing GS to crash with a bus error

The attached file causes gs to crash with a Bus Error. I've narrowed it down to the the following segment of code:

currentfile <</Filter /SubFileDecode /DecodeParms <</EODCount 0 /EODString (%%MavImprintPS849211050912169921Data)>> >> /ReusableStreamDecode filter

...exactly 1024 bytes of PS code...

%%MavImprintPS849211050912169921Data
/MavImprintPS849211050912169921Data exch def
/MavImprintPS849211050912169921
{
MavImprintPS849211050912169921Data dup resetfile cvx exec
} bind def

...more code ...

MavImprintPS849211050912169921

The file has been saved with Mac line endings (CR). UNIX (LF) and Windows (CRLF) line endings are processed correctly.

If the number of bytes between 'filter' and the end of data marker is changed to not equal 1024, the crash is eliminated. For example, adding a single space at the end of any line or between any two operators will eliminate the crash.

This crash manifests as a Bus Error in 8.71 and 9.00. The environment is Mac OS X 10.5.8 on an Intel MacBook Pro with an Intel Core 2 Duo processor.

The command used is:

gs -sDEVICE=bmpmono -sOutputFile=/821534875.bmp -q -dBATCH -dNOPAUSE -dDEVICEWIDTHPOINTS=1187.204 -dDEVICEHEIGHTPOINTS=845.9965 -dEPSFITPAGE -sFIXEDMEDIA -dCOLORSCREEN -r600 /Line\ Ending\ Fun.ps
Comment 1 Alex Cherepanov 2010-09-20 01:28:18 UTC
Created attachment 6739 [details]
patch

Fix end-of-file detection in reusable streams. Don't try to read non-existing
blocks after the last one. Just return EOF flag and the data that are already
in the buffer.
Comment 2 Alex Cherepanov 2010-09-20 01:30:50 UTC
The patch has been committed as a rev. 11737.
Comment 3 Eric 2011-03-03 22:28:39 UTC
*** Bug 692021 has been marked as a duplicate of this bug. ***