Starting with r11414 the following command seg faults: .bin/gs -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw \ -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - < ./11-21.PS Note that this problem is somewhat indeterministic, so doesn't show up in all revisions.
Here is the probably useless valgrind output: valgrind head/debugobj/gs -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - < ./11-21.PS ==13412== Memcheck, a memory error detector ==13412== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==13412== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==13412== Command: head/debugobj/gs -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - ==13412== GPL Ghostscript SVN PRE-RELEASE 9.01 (2010-09-14) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3367944 1935627 2755512 1412368 1 done. % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 11-21 SYNTAX Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3429344 2095625 2795880 1438387 1 done. 11-21 SYNTAX = 0 Graphic 380 ms /11-21__Pg01 0 def %matching 0 11-21 GSTATE ==13412== Conditional jump or move depends on uninitialised value(s) ==13412== at 0x5784AD: ptr_struct_mark (igc.c:1070) ==13412== by 0x577C85: gc_trace (igc.c:860) ==13412== by 0x576244: gs_gc_reclaim (igc.c:328) ==13412== by 0x63BB97: context_reclaim (zcontext.c:278) ==13412== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==13412== by 0x52BA49: ireclaim (ireclaim.c:75) ==13412== by 0x525035: interp_reclaim (interp.c:415) ==13412== by 0x528617: interp (interp.c:1678) ==13412== by 0x5252C1: gs_call_interp (interp.c:484) ==13412== by 0x5250DD: gs_interpret (interp.c:442) ==13412== by 0x5186C8: gs_main_interpret (imain.c:240) ==13412== by 0x51931E: gs_main_run_string_end (imain.c:556) ==13412== ==13412== Conditional jump or move depends on uninitialised value(s) ==13412== at 0x5784AD: ptr_struct_mark (igc.c:1070) ==13412== by 0x577C85: gc_trace (igc.c:860) ==13412== by 0x5778A3: gc_trace_chunk (igc.c:756) ==13412== by 0x5762CF: gs_gc_reclaim (igc.c:337) ==13412== by 0x63BB97: context_reclaim (zcontext.c:278) ==13412== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==13412== by 0x52BA49: ireclaim (ireclaim.c:75) ==13412== by 0x525035: interp_reclaim (interp.c:415) ==13412== by 0x528617: interp (interp.c:1678) ==13412== by 0x5252C1: gs_call_interp (interp.c:484) ==13412== by 0x5250DD: gs_interpret (interp.c:442) ==13412== by 0x5186C8: gs_main_interpret (imain.c:240) ==13412== ==13412== Conditional jump or move depends on uninitialised value(s) ==13412== at 0x57780A: gc_trace_chunk (igc.c:745) ==13412== by 0x5762CF: gs_gc_reclaim (igc.c:337) ==13412== by 0x63BB97: context_reclaim (zcontext.c:278) ==13412== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==13412== by 0x52BA49: ireclaim (ireclaim.c:75) ==13412== by 0x525035: interp_reclaim (interp.c:415) ==13412== by 0x528617: interp (interp.c:1678) ==13412== by 0x5252C1: gs_call_interp (interp.c:484) ==13412== by 0x5250DD: gs_interpret (interp.c:442) ==13412== by 0x5186C8: gs_main_interpret (imain.c:240) ==13412== by 0x51931E: gs_main_run_string_end (imain.c:556) ==13412== by 0x5191CF: gs_main_run_string_with_length (imain.c:514) ==13412== ==13412== Conditional jump or move depends on uninitialised value(s) ==13412== at 0x57781C: gc_trace_chunk (igc.c:746) ==13412== by 0x5762CF: gs_gc_reclaim (igc.c:337) ==13412== by 0x63BB97: context_reclaim (zcontext.c:278) ==13412== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==13412== by 0x52BA49: ireclaim (ireclaim.c:75) ==13412== by 0x525035: interp_reclaim (interp.c:415) ==13412== by 0x528617: interp (interp.c:1678) ==13412== by 0x5252C1: gs_call_interp (interp.c:484) ==13412== by 0x5250DD: gs_interpret (interp.c:442) ==13412== by 0x5186C8: gs_main_interpret (imain.c:240) ==13412== by 0x51931E: gs_main_run_string_end (imain.c:556) ==13412== by 0x5191CF: gs_main_run_string_with_length (imain.c:514) ==13412== ==13412== Invalid read of size 8 ==13412== at 0x578F23: igc_reloc_struct_ptr (igc.c:1282) ==13412== by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346) ==13412== by 0x578CDF: gc_do_reloc (igc.c:1222) ==13412== by 0x57674F: gs_gc_reclaim (igc.c:438) ==13412== by 0x63BB97: context_reclaim (zcontext.c:278) ==13412== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==13412== by 0x52BA49: ireclaim (ireclaim.c:75) ==13412== by 0x525035: interp_reclaim (interp.c:415) ==13412== by 0x528617: interp (interp.c:1678) ==13412== by 0x5252C1: gs_call_interp (interp.c:484) ==13412== by 0x5250DD: gs_interpret (interp.c:442) ==13412== by 0x5186C8: gs_main_interpret (imain.c:240) ==13412== Address 0xffffffffffffffe8 is not stack'd, malloc'd or (recently) free'd ==13412== ==13412== ==13412== Process terminating with default action of signal 11 (SIGSEGV) ==13412== Access not within mapped region at address 0xFFFFFFFFFFFFFFE8 ==13412== at 0x578F23: igc_reloc_struct_ptr (igc.c:1282) ==13412== by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346) ==13412== by 0x578CDF: gc_do_reloc (igc.c:1222) ==13412== by 0x57674F: gs_gc_reclaim (igc.c:438) ==13412== by 0x63BB97: context_reclaim (zcontext.c:278) ==13412== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==13412== by 0x52BA49: ireclaim (ireclaim.c:75) ==13412== by 0x525035: interp_reclaim (interp.c:415) ==13412== by 0x528617: interp (interp.c:1678) ==13412== by 0x5252C1: gs_call_interp (interp.c:484) ==13412== by 0x5250DD: gs_interpret (interp.c:442) ==13412== by 0x5186C8: gs_main_interpret (imain.c:240) ==13412== If you believe this happened as a result of a stack ==13412== overflow in your program's main thread (unlikely but ==13412== possible), you can try to increase the size of the ==13412== main thread stack using the --main-stacksize= flag. ==13412== The main thread stack size used in this run was 8388608. ==13412== ==13412== HEAP SUMMARY: ==13412== in use at exit: 9,662,554 bytes in 692 blocks ==13412== total heap usage: 2,340 allocs, 1,648 frees, 34,991,292 bytes allocated ==13412== ==13412== LEAK SUMMARY: ==13412== definitely lost: 0 bytes in 0 blocks ==13412== indirectly lost: 0 bytes in 0 blocks ==13412== possibly lost: 9,640,546 bytes in 687 blocks ==13412== still reachable: 22,008 bytes in 5 blocks ==13412== suppressed: 0 bytes in 0 blocks ==13412== Rerun with --leak-check=full to see details of leaked memory ==13412== ==13412== For counts of detected and suppressed errors, rerun with: -v ==13412== Use --track-origins=yes to see where uninitialised values come from ==13412== ERROR SUMMARY: 82 errors from 5 contexts (suppressed: 8 from 6) Segmentation fault marcos@amd64:[13]%
Running with -Z@$? changes the valgrind output: valgrind head/debugobj/gs -Z@\$\? -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - < ./11-21.PS ==12193== Memcheck, a memory error detector ==12193== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==12193== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==12193== Command: head/debugobj/gs -Z@$? -o test.ppm -dMaxBitmap=10000 -sDEVICE=ppmraw -r300 -dJOBSERVER %rom%Resource/Init/gs_cet.ps - ==12193== GPL Ghostscript SVN PRE-RELEASE 9.01 (2010-09-14) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3367944 1935627 2755512 1412368 1 done. % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 11-21 SYNTAX Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3429344 2095625 2795880 1438387 1 done. 11-21 SYNTAX = 0 Graphic 390 ms /11-21__Pg01 0 def %matching 0 11-21 GSTATE ==12193== Invalid read of size 4 ==12193== at 0x57CFD0: ialloc_validate_object (ilocate.c:545) ==12193== by 0x578E12: igc_reloc_struct_ptr (igc.c:1253) ==12193== by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346) ==12193== by 0x578CDF: gc_do_reloc (igc.c:1222) ==12193== by 0x57674F: gs_gc_reclaim (igc.c:438) ==12193== by 0x63BB97: context_reclaim (zcontext.c:278) ==12193== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==12193== by 0x52BA49: ireclaim (ireclaim.c:75) ==12193== by 0x525035: interp_reclaim (interp.c:415) ==12193== by 0x528617: interp (interp.c:1678) ==12193== by 0x5252C1: gs_call_interp (interp.c:484) ==12193== by 0x5250DD: gs_interpret (interp.c:442) ==12193== Address 0xe50 is not stack'd, malloc'd or (recently) free'd ==12193== ==12193== ==12193== Process terminating with default action of signal 11 (SIGSEGV) ==12193== Access not within mapped region at address 0xE50 ==12193== at 0x57CFD0: ialloc_validate_object (ilocate.c:545) ==12193== by 0x578E12: igc_reloc_struct_ptr (igc.c:1253) ==12193== by 0x9BFAD9: basic_reloc_ptrs (gsmemory.c:346) ==12193== by 0x578CDF: gc_do_reloc (igc.c:1222) ==12193== by 0x57674F: gs_gc_reclaim (igc.c:438) ==12193== by 0x63BB97: context_reclaim (zcontext.c:278) ==12193== by 0x52BCF9: gs_vmreclaim (ireclaim.c:153) ==12193== by 0x52BA49: ireclaim (ireclaim.c:75) ==12193== by 0x525035: interp_reclaim (interp.c:415) ==12193== by 0x528617: interp (interp.c:1678) ==12193== by 0x5252C1: gs_call_interp (interp.c:484) ==12193== by 0x5250DD: gs_interpret (interp.c:442) ==12193== If you believe this happened as a result of a stack ==12193== overflow in your program's main thread (unlikely but ==12193== possible), you can try to increase the size of the ==12193== main thread stack using the --main-stacksize= flag. ==12193== The main thread stack size used in this run was 8388608. ==12193== ==12193== HEAP SUMMARY: ==12193== in use at exit: 9,662,554 bytes in 692 blocks ==12193== total heap usage: 2,340 allocs, 1,648 frees, 34,991,292 bytes allocated ==12193== ==12193== LEAK SUMMARY: ==12193== definitely lost: 0 bytes in 0 blocks ==12193== indirectly lost: 0 bytes in 0 blocks ==12193== possibly lost: 9,640,546 bytes in 687 blocks ==12193== still reachable: 22,008 bytes in 5 blocks ==12193== suppressed: 0 bytes in 0 blocks ==12193== Rerun with --leak-check=full to see details of leaked memory ==12193== ==12193== For counts of detected and suppressed errors, rerun with: -v ==12193== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 6) Segmentation fault
We haven't seen this show up on regression testing in a while, so I am closing this assuming that something fixed it. We can always open a new bug :-)