Bug 693921 - gs9.07 with -dNOGC core dumps in ps_get_glyphname_or_cid ./psi/zfapi.c:1784
Summary: gs9.07 with -dNOGC core dumps in ps_get_glyphname_or_cid ./psi/zfapi.c:1784
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Font API (show other bugs)
Version: 9.07
Hardware: PC Linux
: P4 normal
Assignee: Chris Liddell (chrisl)
URL:
Keywords:
: 693853 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-04-17 20:39 UTC by William Bader
Modified: 2013-05-07 09:18 UTC (History)
2 users (show)

See Also:
Customer:
Word Size: ---

Attachments
file to cause the problem (308.12 KB, application/postscript)
2013-04-17 20:39 UTC, William Bader 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description William Bader 2013-04-17 20:39:53 UTC 
Created attachment 9572 [details]
file to cause the problem

gs9.07 can view the file below to x11 with
 gs gs-nogc-bug.ps
(you need to press <return> a few times) but it core dumps with -dNOGC
 gs -dNOGC gs-nogc-bug.ps
It is strange because I would have thought that -dNOGC would be less likely to corrupt memory.
I have traces from gdb and valgrind below.
I built gs on Fedora 17 x86_64 using Fedora's gcc 4.7.2 20120921.
gs9.06 is OK, so the problem happened between the 9.06 and 9.07 releases.
William

gdb:

#0  0x0000000000581bee in ps_get_glyphname_or_cid (pbfont=0x1e05f60, charstring=0x0, name=0x0, ccode=72, enc_char_name=0x7fffffffabc0, font_file_path=0x0, cr=0x7fffffffabf0,
    bCID=0) at ./psi/zfapi.c:1784
#1  0x00000000008e6013 in gs_fapi_do_char (pfont=0x1e05f60, pgs=0x181c148, penum=0x1e06ff0, font_file_path=0x0, bBuildGlyph=0, charstring=0x0, glyphname=0x0, chr=72, index=72,
    subfont=0) at ./base/gxfapi.c:1364
#2  0x0000000000582da0 in FAPI_char (i_ctx_p=0x1838318, bBuildGlyph=0, charstring=0x0) at ./psi/zfapi.c:2197
#3  0x00000000005832c0 in zFAPIBuildChar (i_ctx_p=0x1838318) at ./psi/zfapi.c:2307
#4  0x00000000005218fd in interp (pi_ctx_p=0x17e92f8, pref=0x7fffffffb6c0, perror_object=0x7fffffffb8c0) at ./psi/interp.c:1289
#5  0x000000000051fd4e in gs_call_interp (pi_ctx_p=0x17e92f8, pref=0x7fffffffb7f0, user_errors=1, pexit_code=0x7fffffffb8d8, perror_object=0x7fffffffb8c0) at ./psi/interp.c:501
#6  0x000000000051fba2 in gs_interpret (pi_ctx_p=0x17e92f8, pref=0x7fffffffb7f0, user_errors=1, pexit_code=0x7fffffffb8d8, perror_object=0x7fffffffb8c0) at ./psi/interp.c:459
#7  0x0000000000514433 in gs_main_interpret (minst=0x17e9260, pref=0x7fffffffb7f0, user_errors=1, pexit_code=0x7fffffffb8d8, perror_object=0x7fffffffb8c0) at ./psi/imain.c:235
#8  0x000000000051515a in gs_main_run_string_end (minst=0x17e9260, user_errors=1, pexit_code=0x7fffffffb8d8, perror_object=0x7fffffffb8c0) at ./psi/imain.c:609
#9  0x0000000000515027 in gs_main_run_string_with_length (minst=0x17e9260, str=0x183d360 "<67732d6e6f67632d6275672e7073>.runfile", length=38, user_errors=1, 
    pexit_code=0x7fffffffb8d8, perror_object=0x7fffffffb8c0) at ./psi/imain.c:567
#10 0x0000000000514f99 in gs_main_run_string (minst=0x17e9260, str=0x183d360 "<67732d6e6f67632d6275672e7073>.runfile", user_errors=1, pexit_code=0x7fffffffb8d8, 
    perror_object=0x7fffffffb8c0) at ./psi/imain.c:549
#11 0x0000000000517f80 in run_string (minst=0x17e9260, str=0x183d360 "<67732d6e6f67632d6275672e7073>.runfile", options=3) at ./psi/imainarg.c:865
#12 0x0000000000517f09 in runarg (minst=0x17e9260, pre=0xa1c9c3 "", arg=0x7fffffffccde "gs-nogc-bug.ps", post=0xa1cacd ".runfile", options=3) at ./psi/imainarg.c:855
#13 0x0000000000517c16 in argproc (minst=0x17e9260, arg=0x7fffffffccde "gs-nogc-bug.ps") at ./psi/imainarg.c:788
#14 0x00000000005163fd in gs_main_init_with_args (minst=0x17e9260, argc=3, argv=0x7fffffffc4d8) at ./psi/imainarg.c:226
#15 0x000000000045bedb in main (argc=3, argv=0x7fffffffc4d8) at ./psi/gs.c:96

valgrind:

Process terminating with default action of signal 11 (SIGSEGV)
Access not within mapped region at address 0x1200000660
at 0x581BEE: ps_get_glyphname_or_cid (zfapi.c:1784)
by 0x8E6012: gs_fapi_do_char (gxfapi.c:1364)
by 0x582D9F: FAPI_char (zfapi.c:2197)
by 0x5832BF: zFAPIBuildChar (zfapi.c:2307)
by 0x5218FC: interp (interp.c:1289)
by 0x51FD4D: gs_call_interp (interp.c:501)
by 0x51FBA1: gs_interpret (interp.c:459)
by 0x514432: gs_main_interpret (imain.c:235)
by 0x515159: gs_main_run_string_end (imain.c:609)
by 0x515026: gs_main_run_string_with_length (imain.c:567)
by 0x514F98: gs_main_run_string (imain.c:549)
by 0x517F7F: run_string (imainarg.c:865)
Comment 1 Chris Liddell (chrisl) 2013-04-18 07:41:22 UTC 
Fixed in:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=23e6bd3

Bare in mind that -dNOGC does not disable all garbage collection, it just disables some of the ways a GC cycle can be initiated. Hence this problem was, indeed, caused by the garbage collector, and was exposed just because the order of the operations changed.


I guess the moral of the story is: we don't test with -dNOGC, so generally speaking, most people really shouldn't use it.
Comment 2 William Bader 2013-04-18 23:23:33 UTC 
Thanks! I applied the patch, and it worked.
I use -dNOGC because I have files that take about 3 minutes with -dNOGC and 60 minutes without it.
http://bugs.ghostscript.com/show_bug.cgi?id=692611
William
Comment 3 Chris Liddell (chrisl) 2013-05-07 09:18:50 UTC 
*** Bug 693853 has been marked as a duplicate of this bug. ***