Bug 694423 - Segfault at 144 resolution, but not at other resolutions on a certain file
Summary: Segfault at 144 resolution, but not at other resolutions on a certain file
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Graphics Library (show other bugs)
Version: master
Hardware: PC Linux
: P4 major
Assignee: Ray Johnston
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-18 20:50 UTC by Jason Giglio
Modified: 2013-07-23 09:51 UTC (History)
0 users

See Also:
Customer:
Word Size: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Giglio 2013-07-18 20:50:24 UTC 
Created attachment 10073 [details]
file that demonstrates the bug

gsc -dBATCH -dNOPAUSE -dUseCropBox -sDEVICE=tiffsep -sOutputFile=./another -r144 -f 00540GIB770.pdf

I checked several other resolutions and it only crashes at 144 from what I can tell.
Comment 1 Jason Giglio 2013-07-18 20:51:43 UTC 
gsc -dBATCH -dNOPAUSE -dUseCropBox -sDEVICE=tiffsep -sOutputFile=./another -r144 -f /storage/archive/00540GIB770.pdf
GPL Ghostscript GIT PRERELEASE 9.08 (2013-01-29)
Copyright (C) 2012 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Processing pages 1 through 1.
Page 1
Segmentation fault


gsc -dBATCH -dNOPAUSE -dUseCropBox -sDEVICE=tiffsep -sOutputFile=./another -r145 -f /storage/archive/00540GIB770.pdf
GPL Ghostscript GIT PRERELEASE 9.08 (2013-01-29)
Copyright (C) 2012 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Processing pages 1 through 1.
Page 1
%%SeparationName: Die
%%SeparationName: Varnish
Comment 2 Ken Sharp 2013-07-19 07:59:49 UTC 
I can't reproduce this, on Windows or on Linux (64 bit, you don't say which you are using, 64 or 32). You say the version is 'master' but what is the SHA of the commit you are using ? I'm using 7f764e5.

This looks suspiciously like a memory corruption problem, which might make it extremely hard (or even impossible) to reproduce.

One of my colleagues has tried this as well, and is also unable to reproduce the problem.
Comment 3 Ken Sharp 2013-07-19 08:01:23 UTC 
Hmm, actually it seems it does fail, but only when using the shared library.
Comment 4 Ken Sharp 2013-07-19 08:14:08 UTC 
I still cna't reproduce this (I'm using gcc 4.5.1 on RedHat Fedora 14 64-bit).

However Chris can, and says that it fails in cmd_put_list_op(), which makes it a clist problem.
Comment 5 Jason Giglio 2013-07-19 13:44:17 UTC 
Yes I forgot to mention I'm using the shared compile. 64-bit debian 6.0.7.

commit 10f6e526ec702fd8b74405d3e7461b428bdbdf31

Jun 20

I'm glad you were able to reproduce it.  Sounds like you need a debian-type system instead of Red Hat.
Comment 6 Marcos H. Woehrmann 2013-07-21 18:54:01 UTC 
I can reproduce it as well.  Here's the gdb stack trace:

(gdb) run -sDEVICE=tiffsep -o test.tif -r144 ./regression/00540GIB770.pdf 
Starting program: /home/marcos/artifex/ghostpdl/gs/debugbin/gs -sDEVICE=tiffsep -o test.tif -r144 ./regression/00540GIB770.pdf
[Thread debugging using libthread_db enabled]
GPL Ghostscript GIT PRERELEASE 9.08 (2013-01-29)
Copyright (C) 2012 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
[New Thread 0x7ffff208d700 (LWP 4514)]
[Thread 0x7ffff208d700 (LWP 4514) exited]
Processing pages 1 through 1.
Page 1
[New Thread 0x7ffff208d700 (LWP 4555)]
[Thread 0x7ffff208d700 (LWP 4555) exited]
[New Thread 0x7ffff208d700 (LWP 4556)]
[Thread 0x7ffff208d700 (LWP 4556) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00000000006fc1e8 in cmd_put_list_op (cldev=0x1932e38, pcl=0x1cca370, size=2) at ./base/gxclutil.c:342
342                     pcl->tail->size > dp - (byte *) (pcl->tail + 1)
(gdb) where
#0  0x00000000006fc1e8 in cmd_put_list_op (cldev=0x1932e38, pcl=0x1cca370, size=2) at ./base/gxclutil.c:342
#1  0x00000000006fc47e in cmd_put_op (cldev=0x1932e38, pcls=0x1cc9c90, size=2) at ./base/gxclutil.c:385
#2  0x000000000070be85 in write_image_end_all (dev=0x1932e38, pie=0x2537998) at ./base/gxclimag.c:2247
#3  0x0000000000709051 in clist_image_end_image (info=0x2537998, draw_last=1) at ./base/gxclimag.c:1433
#4  0x0000000000a4c998 in gx_image_end (info=0x2537998, draw_last=1) at ./base/gximage.c:211
#5  0x0000000000953f6c in gs_image_cleanup (penum=0x25350c0, pgs=0x18d22e8) at ./base/gsimage.c:660
#6  0x0000000000953fa0 in gs_image_cleanup_and_free_enum (penum=0x25350c0, pgs=0x18d22e8) at ./base/gsimage.c:671
#7  0x00000000005924c7 in image_cleanup (i_ctx_p=0x18ee518) at ./psi/zimage.c:641
#8  0x0000000000592278 in image_file_continue (i_ctx_p=0x18ee518) at ./psi/zimage.c:589
#9  0x0000000000542d05 in do_call_operator (op_proc=0x591f23 <image_file_continue>, i_ctx_p=0x18ee518) at ./psi/interp.c:86
#10 0x00000000005452da in interp (pi_ctx_p=0x189f3f0, pref=0x7fffffffdb30, perror_object=0x7fffffffdda0) at ./psi/interp.c:1185
#11 0x0000000000543551 in gs_call_interp (pi_ctx_p=0x189f3f0, pref=0x7fffffffdca0, user_errors=1, pexit_code=0x7fffffffddbc, 
    perror_object=0x7fffffffdda0) at ./psi/interp.c:510
#12 0x000000000054336b in gs_interpret (pi_ctx_p=0x189f3f0, pref=0x7fffffffdca0, user_errors=1, pexit_code=0x7fffffffddbc, 
    perror_object=0x7fffffffdda0) at ./psi/interp.c:468
#13 0x0000000000535801 in gs_main_interpret (minst=0x189f350, pref=0x7fffffffdca0, user_errors=1, pexit_code=0x7fffffffddbc, 
    perror_object=0x7fffffffdda0) at ./psi/imain.c:241
#14 0x00000000005366bb in gs_main_run_string_end (minst=0x189f350, user_errors=1, pexit_code=0x7fffffffddbc, perror_object=0x7fffffffdda0)
    at ./psi/imain.c:621
#15 0x000000000053656d in gs_main_run_string_with_length (minst=0x189f350, 
    str=0x1bfc440 "<2e2f72656772657373696f6e2f30303534304749423737302e706466>.runfile", length=66, user_errors=1, pexit_code=0x7fffffffddbc, 
    perror_object=0x7fffffffdda0) at ./psi/imain.c:579
#16 0x00000000005364d2 in gs_main_run_string (minst=0x189f350, 
    str=0x1bfc440 "<2e2f72656772657373696f6e2f30303534304749423737302e706466>.runfile", user_errors=1, pexit_code=0x7fffffffddbc, 
    perror_object=0x7fffffffdda0) at ./psi/imain.c:561
#17 0x0000000000539b6d in run_string (minst=0x189f350, str=0x1bfc440 "<2e2f72656772657373696f6e2f30303534304749423737302e706466>.runfile", 
    options=3) at ./psi/imainarg.c:897
#18 0x0000000000539aef in runarg (minst=0x189f350, pre=0xacae83 "", arg=0x7fffffffeccc "./regression/00540GIB770.pdf", post=0xacaf8d ".runfile", 
    options=3) at ./psi/imainarg.c:887
#19 0x0000000000539730 in argproc (minst=0x189f350, arg=0x7fffffffeccc "./regression/00540GIB770.pdf") at ./psi/imainarg.c:811
#20 0x0000000000537c9e in gs_main_init_with_args (minst=0x189f350, argc=6, argv=0x7fffffffe9f8) at ./psi/imainarg.c:233
#21 0x00000000004690c3 in main (argc=6, argv=0x7fffffffe9f8) at ./psi/gs.c:96
(gdb)
Comment 7 Marcos H. Woehrmann 2013-07-21 19:12:57 UTC 
This appears to be a regression, starting with:

commit 1271b370117a9622fc255df665c007487e16296f
Author: Ray Johnston <ray.johnston@artifex.com>
Date:   Tue Jun 4 13:46:07 2013 -0700

    Fix bug 694290 caused by an image totally off the page.
    
    This went away with the change to clipping, commit e0ba422, but we
    might as well fix this long standing issue as well.
Comment 8 Ray Johnston 2013-07-23 09:51:49 UTC 
There was an 'off-by-one' error in the check for coordinates off the page.

Fixed in commit a8384d5