Bug 692331 - seg. fault reading ps2write produced file
Summary: seg. fault reading ps2write produced file
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: PS Writer (show other bugs)
Version: master
Hardware: PC All
: P1 normal
Assignee: Robin Watts
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-07 17:37 UTC by Marcos H. Woehrmann
Modified: 2011-07-08 16:30 UTC (History)
0 users

See Also:
Customer:
Word Size: ---


Attachments
reduced2.ps (400.92 KB, application/unknown)
2011-07-08 11:01 UTC, Robin Watts
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcos H. Woehrmann 2011-07-07 17:37:15 UTC
The following pair of commands cause a seg fault with master under linux:

./bin/gs -o temp.ps -sDEVICE=ps2write -r300 ./PDFIA1.7_SUBSET/IA3Z3476.pdf

./bin/gs -o temp.raw -sDEVICE=ppmraw -r300 temp.ps


I believe this is a ps2write issue since if I open the temp.ps file with Apple Preview or Acrobat the image on the first page is wrong, compared to the original PDF file.  Additionally when generating a ppmraw or pdfwrite file from Ghostscript the image on page is correct, so this all points to a ps2write issue.
Comment 1 Marcos H. Woehrmann 2011-07-08 02:04:01 UTC
This is a regression of sorts; versions of Ghostscript earlier than 91b9580bf09b81126d6a99c6fe3e0048972fe3d0 do not seg fault when reading the Ghostscript produced PostScript file, however the PostScript file is not correct nor is the final ppmraw file.
Comment 2 Ken Sharp 2011-07-08 07:55:38 UTC
(In reply to comment #1)
> This is a regression of sorts; versions of Ghostscript earlier than
> 91b9580bf09b81126d6a99c6fe3e0048972fe3d0 do not seg fault when reading the
> Ghostscript produced PostScript file, however the PostScript file is not
> correct nor is the final ppmraw file.

Even if the PostScript isn't valid, GS shouldn't seg fault.
Comment 3 Ken Sharp 2011-07-08 08:33:01 UTC
I'd like this split into 2 bugs please. 

The problem with ps2write is that it is emitting an RGB image with a very strange /Decode array, this appears to be because the original image is in an Lab colour space.

Although pdfwrite correct;y creates an RGB image from this, ps2write creates a very odd image with this decode array: [ 0 100 -128 127 -128 127]. While there's obviously something wrong, I don't think this is a regression and images in Lab space are fairly unusual. Also other interpreters do not crash with this input, so I'd like this as a separate bug.

The reason the file crashes with Ghostscript is because the image is interpolated. But the interpolation filter (a procedure pointer) is NULL, which leads to us attempting to execute 0x00, thereby crashing.

If I comment out the Decode array then this does not crash in Ghostscript either (it uses a Mitchell filter) , so its the presence of the weird array causing the problem.

OK, in fact the filter gets overwritten (memory corruption) in siscale.c, zoom_y. This is an area I don't know anything about, so I'm going to re-assign this to Robin. Most especially since the revision Marcos points to in comment #2 was by Robin. I note that this changes the code path depending on 'need_decode'.

I'll open a new bug for the ps2write output.
Comment 4 Robin Watts 2011-07-08 11:01:10 UTC
Created attachment 7653 [details]
reduced2.ps

The ps2write output from reduced2.pdf (see bug 692332).

gs/debugbin/gswin32c.exe -o out.ppm -sDEVICE=ppmraw -r300 reduced2.ps

causes a SEGV.
Comment 5 Robin Watts 2011-07-08 16:30:58 UTC
Solved in commit:

commit 73c09fa015d1e5a19083001bc343abbb67992c9d
Author: Robin Watts <Robin.Watts@artifex.com>
Date:   Fri Jul 8 14:12:51 2011 +0100

    Fix Bug 692331: SEGV in image interpolation.

    In fixing bug 692225, it seems I broke this.

    In the setup code that decides whether decoding is required or not, I
    was incorrectly choosing to use the 'decode' case, when in fact the
    'decoding' is done later for CIE colorspaces. As such I should have used
    the no-decode case.

    Fixing this appears to cure the problem.