Bug 691826 - Regression: seg fault reading PS file 11-21.PS at 300 dpi
Summary: Regression: seg fault reading PS file 11-21.PS at 300 dpi
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Regression (show other bugs)
Version: master
Hardware: PC All
: P1 normal
Assignee: Ray Johnston
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-08 21:37 UTC by Marcos H. Woehrmann
Modified: 2011-07-11 06:23 UTC (History)
1 user (show)

See Also:
Customer:
Word Size: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcos H. Woehrmann 2010-12-08 21:37:58 UTC 
Starting with r11414 the following command seg faults:

 .bin/gs -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw \
    -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - < ./11-21.PS

Note that this problem is somewhat indeterministic, so doesn't show up in all revisions.
Comment 1 Marcos H. Woehrmann 2010-12-08 21:39:16 UTC 
Here is the probably useless valgrind output:

valgrind head/debugobj/gs -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - < ./11-21.PS
==13412== Memcheck, a memory error detector
==13412== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==13412== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==13412== Command: head/debugobj/gs -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps -
==13412== 
GPL Ghostscript SVN PRE-RELEASE 9.01 (2010-09-14)
Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3367944 1935627 2755512 1412368 1 done.
% _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 
11-21 SYNTAX 
Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3429344 2095625 2795880 1438387 1 done.
11-21 SYNTAX = 0 Graphic 380 ms 
/11-21__Pg01 0 def %matching 0 
11-21 GSTATE 
==13412== Conditional jump or move depends on uninitialised value(s)
==13412==    at 0x5784AD: ptr_struct_mark (igc.c:1070)
==13412==    by 0x577C85: gc_trace (igc.c:860)
==13412==    by 0x576244: gs_gc_reclaim (igc.c:328)
==13412==    by 0x63BB97: context_reclaim (zcontext.c:278)
==13412==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==13412==    by 0x52BA49: ireclaim (ireclaim.c:75)
==13412==    by 0x525035: interp_reclaim (interp.c:415)
==13412==    by 0x528617: interp (interp.c:1678)
==13412==    by 0x5252C1: gs_call_interp (interp.c:484)
==13412==    by 0x5250DD: gs_interpret (interp.c:442)
==13412==    by 0x5186C8: gs_main_interpret (imain.c:240)
==13412==    by 0x51931E: gs_main_run_string_end (imain.c:556)
==13412== 
==13412== Conditional jump or move depends on uninitialised value(s)
==13412==    at 0x5784AD: ptr_struct_mark (igc.c:1070)
==13412==    by 0x577C85: gc_trace (igc.c:860)
==13412==    by 0x5778A3: gc_trace_chunk (igc.c:756)
==13412==    by 0x5762CF: gs_gc_reclaim (igc.c:337)
==13412==    by 0x63BB97: context_reclaim (zcontext.c:278)
==13412==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==13412==    by 0x52BA49: ireclaim (ireclaim.c:75)
==13412==    by 0x525035: interp_reclaim (interp.c:415)
==13412==    by 0x528617: interp (interp.c:1678)
==13412==    by 0x5252C1: gs_call_interp (interp.c:484)
==13412==    by 0x5250DD: gs_interpret (interp.c:442)
==13412==    by 0x5186C8: gs_main_interpret (imain.c:240)
==13412== 
==13412== Conditional jump or move depends on uninitialised value(s)
==13412==    at 0x57780A: gc_trace_chunk (igc.c:745)
==13412==    by 0x5762CF: gs_gc_reclaim (igc.c:337)
==13412==    by 0x63BB97: context_reclaim (zcontext.c:278)
==13412==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==13412==    by 0x52BA49: ireclaim (ireclaim.c:75)
==13412==    by 0x525035: interp_reclaim (interp.c:415)
==13412==    by 0x528617: interp (interp.c:1678)
==13412==    by 0x5252C1: gs_call_interp (interp.c:484)
==13412==    by 0x5250DD: gs_interpret (interp.c:442)
==13412==    by 0x5186C8: gs_main_interpret (imain.c:240)
==13412==    by 0x51931E: gs_main_run_string_end (imain.c:556)
==13412==    by 0x5191CF: gs_main_run_string_with_length (imain.c:514)
==13412== 
==13412== Conditional jump or move depends on uninitialised value(s)
==13412==    at 0x57781C: gc_trace_chunk (igc.c:746)
==13412==    by 0x5762CF: gs_gc_reclaim (igc.c:337)
==13412==    by 0x63BB97: context_reclaim (zcontext.c:278)
==13412==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==13412==    by 0x52BA49: ireclaim (ireclaim.c:75)
==13412==    by 0x525035: interp_reclaim (interp.c:415)
==13412==    by 0x528617: interp (interp.c:1678)
==13412==    by 0x5252C1: gs_call_interp (interp.c:484)
==13412==    by 0x5250DD: gs_interpret (interp.c:442)
==13412==    by 0x5186C8: gs_main_interpret (imain.c:240)
==13412==    by 0x51931E: gs_main_run_string_end (imain.c:556)
==13412==    by 0x5191CF: gs_main_run_string_with_length (imain.c:514)
==13412== 
==13412== Invalid read of size 8
==13412==    at 0x578F23: igc_reloc_struct_ptr (igc.c:1282)
==13412==    by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346)
==13412==    by 0x578CDF: gc_do_reloc (igc.c:1222)
==13412==    by 0x57674F: gs_gc_reclaim (igc.c:438)
==13412==    by 0x63BB97: context_reclaim (zcontext.c:278)
==13412==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==13412==    by 0x52BA49: ireclaim (ireclaim.c:75)
==13412==    by 0x525035: interp_reclaim (interp.c:415)
==13412==    by 0x528617: interp (interp.c:1678)
==13412==    by 0x5252C1: gs_call_interp (interp.c:484)
==13412==    by 0x5250DD: gs_interpret (interp.c:442)
==13412==    by 0x5186C8: gs_main_interpret (imain.c:240)
==13412==  Address 0xffffffffffffffe8 is not stack'd, malloc'd or (recently) free'd
==13412== 
==13412== 
==13412== Process terminating with default action of signal 11 (SIGSEGV)
==13412==  Access not within mapped region at address 0xFFFFFFFFFFFFFFE8
==13412==    at 0x578F23: igc_reloc_struct_ptr (igc.c:1282)
==13412==    by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346)
==13412==    by 0x578CDF: gc_do_reloc (igc.c:1222)
==13412==    by 0x57674F: gs_gc_reclaim (igc.c:438)
==13412==    by 0x63BB97: context_reclaim (zcontext.c:278)
==13412==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==13412==    by 0x52BA49: ireclaim (ireclaim.c:75)
==13412==    by 0x525035: interp_reclaim (interp.c:415)
==13412==    by 0x528617: interp (interp.c:1678)
==13412==    by 0x5252C1: gs_call_interp (interp.c:484)
==13412==    by 0x5250DD: gs_interpret (interp.c:442)
==13412==    by 0x5186C8: gs_main_interpret (imain.c:240)
==13412==  If you believe this happened as a result of a stack
==13412==  overflow in your program's main thread (unlikely but
==13412==  possible), you can try to increase the size of the
==13412==  main thread stack using the --main-stacksize= flag.
==13412==  The main thread stack size used in this run was 8388608.
==13412== 
==13412== HEAP SUMMARY:
==13412==     in use at exit: 9,662,554 bytes in 692 blocks
==13412==   total heap usage: 2,340 allocs, 1,648 frees, 34,991,292 bytes allocated
==13412== 
==13412== LEAK SUMMARY:
==13412==    definitely lost: 0 bytes in 0 blocks
==13412==    indirectly lost: 0 bytes in 0 blocks
==13412==      possibly lost: 9,640,546 bytes in 687 blocks
==13412==    still reachable: 22,008 bytes in 5 blocks
==13412==         suppressed: 0 bytes in 0 blocks
==13412== Rerun with --leak-check=full to see details of leaked memory
==13412== 
==13412== For counts of detected and suppressed errors, rerun with: -v
==13412== Use --track-origins=yes to see where uninitialised values come from
==13412== ERROR SUMMARY: 82 errors from 5 contexts (suppressed: 8 from 6)
Segmentation fault
marcos@amd64:[13]%
Comment 2 Marcos H. Woehrmann 2010-12-08 21:42:30 UTC 
Running with -Z@$? changes the valgrind output:


valgrind head/debugobj/gs -Z@\$\? -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - < ./11-21.PS
==12193== Memcheck, a memory error detector
==12193== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==12193== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==12193== Command: head/debugobj/gs -Z@$? -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps -
==12193== 
GPL Ghostscript SVN PRE-RELEASE 9.01 (2010-09-14)
Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3367944 1935627 2755512 1412368 1 done.
% _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 
11-21 SYNTAX 
Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3429344 2095625 2795880 1438387 1 done.
11-21 SYNTAX = 0 Graphic 390 ms 
/11-21__Pg01 0 def %matching 0 
11-21 GSTATE 
==12193== Invalid read of size 4
==12193==    at 0x57CFD0: ialloc_validate_object (ilocate.c:545)
==12193==    by 0x578E12: igc_reloc_struct_ptr (igc.c:1253)
==12193==    by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346)
==12193==    by 0x578CDF: gc_do_reloc (igc.c:1222)
==12193==    by 0x57674F: gs_gc_reclaim (igc.c:438)
==12193==    by 0x63BB97: context_reclaim (zcontext.c:278)
==12193==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==12193==    by 0x52BA49: ireclaim (ireclaim.c:75)
==12193==    by 0x525035: interp_reclaim (interp.c:415)
==12193==    by 0x528617: interp (interp.c:1678)
==12193==    by 0x5252C1: gs_call_interp (interp.c:484)
==12193==    by 0x5250DD: gs_interpret (interp.c:442)
==12193==  Address 0xe50 is not stack'd, malloc'd or (recently) free'd
==12193== 
==12193== 
==12193== Process terminating with default action of signal 11 (SIGSEGV)
==12193==  Access not within mapped region at address 0xE50
==12193==    at 0x57CFD0: ialloc_validate_object (ilocate.c:545)
==12193==    by 0x578E12: igc_reloc_struct_ptr (igc.c:1253)
==12193==    by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346)
==12193==    by 0x578CDF: gc_do_reloc (igc.c:1222)
==12193==    by 0x57674F: gs_gc_reclaim (igc.c:438)
==12193==    by 0x63BB97: context_reclaim (zcontext.c:278)
==12193==    by 0x52BCF9: gs_vmreclaim (ireclaim.c:153)
==12193==    by 0x52BA49: ireclaim (ireclaim.c:75)
==12193==    by 0x525035: interp_reclaim (interp.c:415)
==12193==    by 0x528617: interp (interp.c:1678)
==12193==    by 0x5252C1: gs_call_interp (interp.c:484)
==12193==    by 0x5250DD: gs_interpret (interp.c:442)
==12193==  If you believe this happened as a result of a stack
==12193==  overflow in your program's main thread (unlikely but
==12193==  possible), you can try to increase the size of the
==12193==  main thread stack using the --main-stacksize= flag.
==12193==  The main thread stack size used in this run was 8388608.
==12193== 
==12193== HEAP SUMMARY:
==12193==     in use at exit: 9,662,554 bytes in 692 blocks
==12193==   total heap usage: 2,340 allocs, 1,648 frees, 34,991,292 bytes allocated
==12193== 
==12193== LEAK SUMMARY:
==12193==    definitely lost: 0 bytes in 0 blocks
==12193==    indirectly lost: 0 bytes in 0 blocks
==12193==      possibly lost: 9,640,546 bytes in 687 blocks
==12193==    still reachable: 22,008 bytes in 5 blocks
==12193==         suppressed: 0 bytes in 0 blocks
==12193== Rerun with --leak-check=full to see details of leaked memory
==12193== 
==12193== For counts of detected and suppressed errors, rerun with: -v
==12193== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 6)
Segmentation fault
Comment 3 Ray Johnston 2011-07-11 06:23:28 UTC 
We haven't seen this show up on regression testing in a while, so I am closing
this assuming that something fixed it.

We can always open a new bug :-)