692558 – Regression: seg fault reading PDF file

Bug 692558 - Regression: seg fault reading PDF file

Summary: Regression: seg fault reading PDF file

Status:	NOTIFIED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	Color (show other bugs)
Version:	master
Hardware:	PC All

Importance:	P2 normal
Assignee:	Michael Vrhel

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-09-29 19:14 UTC by Marcos H. Woehrmann
Modified:	2011-10-02 01:24 UTC (History)
CC List:	0 users

See Also:
Customer:	384
Word Size:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcos H. Woehrmann 2011-09-29 19:14:12 UTC

The customer reports and I've verified that gs9.04 and master seg fault when reading the attached PDF file.

The command line I'm using:

  bin/gs -sDEVICE=tiffg4 -o test.tif ./20605515.pdf

Comment 2 Marcos H. Woehrmann 2011-09-29 19:16:50 UTC

Starting program: /Users/marcos/artifex/ghostpdl/gs/debugbin/gs -sDEVICE=tiffg4 -o test.tif ./test.pdf
GPL Ghostscript GIT PRERELEASE 9.05 (2011-03-30)
Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Processing pages 1 through 8.
Page 1
Substituting font Times-Roman for TimesNewRomanPSMT.
Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3686252 2357229 1874568 571432 3 done.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x00007fff96d604f0 in strlen ()
(gdb) where
#0  0x00007fff96d604f0 in strlen ()
#1  0x000000010068e285 in gx_default_get_params (dev=0x10222e3d0, plist=0x7fff5fbfdb08) at gsdparam.c:141
#2  0x0000000100759c06 in gx_forward_get_params (dev=0x1030ab658, plist=0x7fff5fbfdb08) at gdevnfwd.c:289
#3  0x000000010068dde1 in gs_get_device_or_hw_params (orig_dev=0x1030ab658, plist=0x7fff5fbfdb08, is_hardware=0) at gsdparam.c:63
#4  0x00000001001797aa in zget_device_params (i_ctx_p=0x10206d778, is_hardware=0) at zdevice.c:243
#5  0x00000001001798ef in zgetdeviceparams (i_ctx_p=0x10206d778) at zdevice.c:262
#6  0x0000000100117cfd in do_call_operator (op_proc=0x1001798d0 <zgetdeviceparams>, i_ctx_p=0x10206d778) at interp.c:84
#7  0x000000010011ce71 in interp (pi_ctx_p=0x101814298, pref=0x7fff5fbfec00, perror_object=0x7fff5fbfee90) at interp.c:1539
#8  0x0000000100118726 in gs_call_interp (pi_ctx_p=0x101814298, pref=0x7fff5fbfed68, user_errors=1, pexit_code=0x7fff5fbfeea0, perror_object=0x7fff5fbfee90) at interp.c:490
#9  0x00000001001184ec in gs_interpret (pi_ctx_p=0x101814298, pref=0x7fff5fbfed68, user_errors=1, pexit_code=0x7fff5fbfeea0, perror_object=0x7fff5fbfee90) at interp.c:448
#10 0x0000000100106fb9 in gs_main_interpret (minst=0x101814200, pref=0x7fff5fbfed68, user_errors=1, pexit_code=0x7fff5fbfeea0, perror_object=0x7fff5fbfee90) at imain.c:239
#11 0x000000010010834e in gs_main_run_string_end (minst=0x101814200, user_errors=1, pexit_code=0x7fff5fbfeea0, perror_object=0x7fff5fbfee90) at imain.c:591
#12 0x0000000100108171 in gs_main_run_string_with_length (minst=0x101814200, str=0x1018225c0 "<2e2f746573742e706466>.runfile", length=30, user_errors=1, pexit_code=0x7fff5fbfeea0, perror_object=0x7fff5fbfee90) at imain.c:549
#13 0x0000000100108086 in gs_main_run_string (minst=0x101814200, str=0x1018225c0 "<2e2f746573742e706466>.runfile", user_errors=1, pexit_code=0x7fff5fbfeea0, perror_object=0x7fff5fbfee90) at imain.c:531
#14 0x000000010010c457 in run_string (minst=0x101814200, str=0x1018225c0 "<2e2f746573742e706466>.runfile", options=3) at imainarg.c:823
#15 0x000000010010c33f in runarg (minst=0x101814200, pre=0x1007982d0 "", arg=0x101815e70 "./test.pdf", post=0x10078e982 ".runfile", options=3) at imainarg.c:813
#16 0x000000010010be7f in argproc (minst=0x101814200, arg=0x7fff5fbffc42 "./test.pdf") at imainarg.c:746
#17 0x0000000100109fac in gs_main_init_with_args (minst=0x101814200, argc=5, argv=0x7fff5fbffa70) at imainarg.c:221
#18 0x0000000100001112 in main (argc=5, argv=0x7fff5fbffa70) at gs.c:94
(gdb)

Comment 3 Marcos H. Woehrmann 2011-09-29 19:50:44 UTC

I've confirmed that this issue started in 1787ce:

commit 1787ce3393956701e6241b8efc6f575887c3f5c1
Author: Michael Vrhel <michael.vrhel@artifex.com>
Date:   Sun May 15 15:50:40 2011 -0700

    Change in device ICC profile handling
    
    This is the major portion of the code needed to achieve object dependent
    color management.  This fixes the problems that existed in the
    previous code with the device parameters and introduces an array of
    ICC profiles in the device structure.  The code was cluster pushed and
    showed some very minor differences in a couple files but they appear to be
    OK with bmpcmp.  I still need to do further testing to verify that all the
    functionality is correct (e.g. make sure setting the text profile properly
    affects the text only).  In addition, the rendering intent options need to be
    implemented.
    
    I also need to check that nothing was broken with respect to MT
    rendering and some of the devices that are not tested with cluster
    pushing (e.g. the display device and the x11alpha device).

Comment 4 Michael Vrhel 2011-10-01 15:48:32 UTC

Fixed with http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3380bef5e77ddfaa8aab496a4da13fd297480bd1