Opening http://www.dcs.ed.ac.uk/home/adamd/research/fccm97.ps.gz and scrolling through gets me a reliable FPE (This backtrace was taken on Fedora through evince, but also happens with gs directly, or okular and also on Ubuntu) Program terminated with signal SIGFPE, Arithmetic exception. #0 0x00007f79818442d6 in gx_pattern_size_estimate (pinst=pinst@entry=0x7f796901df00, has_tags=has_tags@entry=0) at base/gxpcmap.c:225 225 size = raster > max_int / pinst->size.y ? (max_int & ~0xFFFF) : raster * pinst->size.y; [Current thread is 1 (Thread 0x7f7982ffd700 (LWP 11521))] Thread 6 (Thread 0x7f79ba4d0a00 (LWP 11503)): #0 0x00007f79b663ffdd in poll () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x00007f79b708916c in g_main_context_poll (priority=2147483647, n_fds=3, fds=0x5613cc772f60, timeout=<optimized out>, context=0x5613cc5f4e60) at gmain.c:4135 poll_func = 0x7f79b7098060 <g_poll> #2 g_main_context_iterate (context=context@entry=0x5613cc5f4e60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3835 max_priority = 2147483647 timeout = 14454 some_ready = <optimized out> nfds = 3 allocated_nfds = 3 fds = 0x5613cc772f60 #3 0x00007f79b708927c in g_main_context_iteration (context=0x5613cc5f4e60, context@entry=0x0, may_block=may_block@entry=1) at gmain.c:3901 retval = <optimized out> #4 0x00007f79b767399c in g_application_run (application=0x5613cc693130, argc=0, argv=0x0) at gapplication.c:2311 arguments = 0x5613cc772f60 status = 0 __func__ = "g_application_run" #5 0x00005613cad211e7 in main (argc=1, argv=0x7fff640fb1a8) at main.c:316 application = 0x5613cc693130 context = <optimized out> error = 0x0 status = <optimized out> Thread 5 (Thread 0x7f79a5003700 (LWP 11511)): #0 0x00007f79b663ffdd in poll () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x00007f79b708916c in g_main_context_poll (priority=2147483647, n_fds=1, fds=0x7f79900010c0, timeout=<optimized out>, context=0x5613cca48d20) at gmain.c:4135 poll_func = 0x7f79b7098060 <g_poll> #2 g_main_context_iterate (context=context@entry=0x5613cca48d20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3835 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = 1 fds = 0x7f79900010c0 #3 0x00007f79b708927c in g_main_context_iteration (context=context@entry=0x5613cca48d20, may_block=may_block@entry=1) at gmain.c:3901 retval = <optimized out> #4 0x00007f79a50142ad in dconf_gdbus_worker_thread (user_data=0x5613cca48d20) at dconf-gdbus-thread.c:82 context = 0x5613cca48d20 #5 0x00007f79b70af835 in g_thread_proxy (data=0x5613cca68b20) at gthread.c:778 thread = <optimized out> #6 0x00007f79b691160a in start_thread (arg=0x7f79a5003700) at pthread_create.c:334 __res = <optimized out> pd = 0x7f79a5003700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140160436025088, -6998575921002060718, 140734872133983, 140160436025088, 8388608, 0, 6922976317479707730, 6923014927301731410}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #7 0x00007f79b664ba7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 No locals. Thread 4 (Thread 0x7f79a6b3e700 (LWP 11504)): #0 0x00007f79b663ffdd in poll () at ../sysdeps/unix/syscall-template.S:84 No locals. #1 0x00007f79b708916c in g_main_context_poll (priority=2147483647, n_fds=2, fds=0x7f79a00008e0, timeout=<optimized out>, context=0x5613cc689570) at gmain.c:4135 poll_func = 0x7f79b7098060 <g_poll> #2 g_main_context_iterate (context=context@entry=0x5613cc689570, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3835 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 2 allocated_nfds = 2 fds = 0x7f79a00008e0 #3 0x00007f79b708927c in g_main_context_iteration (context=0x5613cc689570, may_block=may_block@entry=1) at gmain.c:3901 retval = <optimized out> #4 0x00007f79b70892b9 in glib_worker_main (data=<optimized out>) at gmain.c:5672 No locals. #5 0x00007f79b70af835 in g_thread_proxy (data=0x5613cc61f8a0) at gthread.c:778 thread = <optimized out> #6 0x00007f79b691160a in start_thread (arg=0x7f79a6b3e700) at pthread_create.c:334 __res = <optimized out> pd = 0x7f79a6b3e700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140160464578304, -6998575921002060718, 140734872135311, 140160464578304, 8388608, 0, 6922979444752770130, 6923014927301731410}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #7 0x00007f79b664ba7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Please attach the file here, references often go stale before we have a chance to look at them. Please also state the exact command line used to invoke Ghostscript. You could also try the current version (9.18). Did you build Ghostscript yourself from our source repository, use the binary we supply, or get a binary from somewhere else (eg a package) ?
(In reply to Ken Sharp from comment #1) > Please attach the file here, references often go stale before we have a > chance to look at them. Since it's not my document, I don't feel comfortable taking a copy of it into your bug system. > Please also state the exact command line used to > invoke Ghostscript. Hmm, I'm failing to repeat it under gs by itself; but it's triggering in both okular and evince through the libgs build. > You could also try the current version (9.18). Did you build Ghostscript > yourself from our source repository, use the binary we supply, or get a > binary from somewhere else (eg a package) ? I used the packaged builds on both Fedora 23 and Ubuntu X, package versions: ghostscript-core-9.16-3.fc23.x86_64 9.16~dfsg~0-0ubuntu3 however, I've just built from source and I get the same thing; e21aae2ee801a6468e44697970d11d4d56d0c6ab #0 0x00007fffcd8cdad9 in gx_pattern_size_estimate () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #1 0x00007fffcd8cf6b1 in gx_pattern_load () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #2 0x00007fffcdc0bf08 in gx_remap_color () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #3 0x00007fffcd8d3330 in gs_rectfill () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #4 0x00007fffcdc69404 in zrectfill () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #5 0x00007fffcdc8b4ea in interp () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #6 0x00007fffcdc8ce69 in gs_interpret () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #7 0x00007fffcdc815e8 in gs_main_run_string_continue () at /home/dg/tmp/ghostpdl/sobin/libgs.so.9 #8 0x00007fffcede2497 in spectre_gs_process () at /lib64/libspectre.so.1 #9 0x00007fffcede28a4 in spectre_gs_send_page () at /lib64/libspectre.so.1 #10 0x00007fffcede3372 in spectre_device_render () at /lib64/libspectre.so.1 #11 0x00007fffcede3b33 in spectre_page_render () at /lib64/libspectre.so.1 #12 0x00007fffcf000044 in GSRendererThread::run() () at /usr/lib64/kde4/okularGenerator_ghostview.so #13 0x00007ffff4f3f37c in QThreadPrivate::start(void*) (arg=0x555555d7bc80) at thread/qthread_unix.cpp:352 #14 0x00007ffff4c9d60a in start_thread (arg=0x7fffcd2ad700) at pthread_create.c:334 #15 0x00007ffff3eb5a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 since this happens on both evince and okular I don't think it's either of their fault. The original backtrace from the packaged thread that failed was: Thread 1 (Thread 0x7f7982ffd700 (LWP 11521)): #0 0x00007f79818442d6 in gx_pattern_size_estimate (pinst=pinst@entry=0x7f796901df00, has_tags=has_tags@entry=0) at base/gxpcmap.c:225 tdev = 0x7f79684c68e8 depth = <optimized out> raster = 0 size = <optimized out> #1 0x00007f7981845fa1 in gx_pattern_load (pdc=0x7f796901aad0, pis=0x7f7968147618, dev=0x7f79684c68e8, select=gs_color_select_texture) at base/gxpcmap.c:1247 adev = 0x0 pinst = 0x7f796901df00 saved = <optimized out> ctile = 0x0 mem = 0x7f7968546fe8 has_tags = 0 code = <optimized out> #2 0x00007f7981ab5638 in gx_remap_color (pgs=0x7f7968147618) at base/gxcmap.c:560 pcs = <optimized out> code = <optimized out> #3 0x00007f79817e78c8 in gs_rectfill (pgs=0x7f7968147618, pr=0x7f7982ffbff0, count=1) at base/gsdps1.c:206 rlist = 0x7f7982ffbff0 pcpath = 0x7f7982ffc05c rcount = 1 code = <optimized out> pdev = 0x7f79684c68e8 pdc = 0x7f796901aad0 pis = 0x7f7968147618 hl_color_available = <optimized out> hl_color = 0 center_of_pixel = 0 #4 0x00007f79817e8a87 in zrectfill (i_ctx_p=0x7f79681872c0) at psi/zdps1.c:305 lr = {pr = 0x7f7982ffbff0, count = 1, rl = {{p = {x = 454, y = 2315}, q = {x = 463, y = 2310}}, {p = {x = 6.9247951498971551e-310, y = 6.9248174503560001e-310}, q = {x = 6.9248174503556048e-310, y = 6.9248162340168241e-310}}, {p = {x = 4.9406564584124654e-324, y = 6.9248174503552096e-310}, q = {x = 0, y = 2.1219957909652723e-314}}, {p = {x = 0, y = 0}, q = {x = 6.9248174503563953e-310, y = 6.9248167178230486e-310}}, {p = {x = 5.1068300372655284e-314, y = 6.924795905735776e-310}, q = {x = 0, y = -1.3142280496664694e-22}}}} npop = 4 code = <optimized out> #5 0x00007f79818521aa in interp (pi_ctx_p=pi_ctx_p@entry=0x7f79684be150, pref=<optimized out>, perror_object=perror_object@entry=0x7f79684be130) at psi/interp.c:1185 i_ctx_p = 0x7f79681872c0 iref_packed = 0x7f796900f088 icount = 0 iosp = 0x7f79684880c8 iesp = <optimized out> code = <optimized out> token = {tas = {type_attrs = 1148, _pad = 26648, rsize = 2}, value = {intval = 140159429501416, boolval = 57832, realval = 9.81364018e+24, saveid = 140159429501416, bytes = 0x7f796901e1e8 "\006\r", const_bytes = 0x7f796901e1e8 "\006\r", refs = 0x7f796901e1e8, const_refs = 0x7f796901e1e8, pname = 0x7f796901e1e8, const_pname = 0x7f796901e1e8, pdict = 0x7f796901e1e8, const_pdict = 0x7f796901e1e8, packed = 0x7f796901e1e8, writable_packed = 0x7f796901e1e8, opproc = 0x7f796901e1e8, pfile = 0x7f796901e1e8, pdevice = 0x7f796901e1e8, pstruct = 0x7f796901e1e8, dummy = 140159429501416}} pvalue = 0x7f7968bcaa78 opindex = <optimized out> whichp = <optimized out> ierror = {code = -106, line = 1224, obj = 0x7f79680be480, full = {tas = {type_attrs = 3968, _pad = 33157, rsize = 693}, value = {intval = 140159840836432, boolval = 23376, realval = -4.9354853e-38, saveid = 140159840836432, bytes = 0x7f7981865b50 <zfileposition> "SH\213\237p\002", const_bytes = 0x7f7981865b50 <zfileposition> "SH\213\237p\002", refs = 0x7f7981865b50 <zfileposition>, const_refs = 0x7f7981865b50 <zfileposition>, pname = 0x7f7981865b50 <zfileposition>, const_pname = 0x7f7981865b50 <zfileposition>, pdict = 0x7f7981865b50 <zfileposition>, const_pdict = 0x7f7981865b50 <zfileposition>, packed = 0x7f7981865b50 <zfileposition>, writable_packed = 0x7f7981865b50 <zfileposition>, opproc = 0x7f7981865b50 <zfileposition>, pfile = 0x7f7981865b50 <zfileposition>, pdevice = 0x7f7981865b50 <zfileposition>, pstruct = 0x7f7981865b50 <zfileposition>, dummy = 140159840836432}}} int_nt = <optimized out> ticks_left = 224 #6 0x00007f7981853af9 in gs_call_interp (perror_object=0x7f79684be130, pexit_code=<optimized out>, user_errors=<optimized out>, pref=0x7f7982ffc850, pi_ctx_p=<optimized out>) at psi/interp.c:510 doref = {tas = {type_attrs = 1512, _pad = 0, rsize = 3}, value = {intval = 140159425011206, boolval = 24070, realval = 7.15409353e+24, saveid = 140159425011206, bytes = 0x7f7968bd5e06 "\271\301\350\005\021hP", const_bytes = 0x7f7968bd5e06 "\271\301\350\005\021hP", refs = 0x7f7968bd5e06, const_refs = 0x7f7968bd5e06, pname = 0x7f7968bd5e06, const_pname = 0x7f7968bd5e06, pdict = 0x7f7968bd5e06, const_pdict = 0x7f7968bd5e06, packed = 0x7f7968bd5e06, writable_packed = 0x7f7968bd5e06, opproc = 0x7f7968bd5e06, pfile = 0x7f7968bd5e06, pdevice = 0x7f7968bd5e06, pstruct = 0x7f7968bd5e06, dummy = 140159425011206}} error_name = {tas = {type_attrs = 3332, _pad = 26681, rsize = 441}, value = {intval = 140159413720768, boolval = 5824, realval = 2.74065121e+24, saveid = 140159413720768, bytes = 0x7f79681116c0 "\001", const_bytes = 0x7f79681116c0 "\001", refs = 0x7f79681116c0, const_refs = 0x7f79681116c0, pname = 0x7f79681116c0, const_pname = 0x7f79681116c0, pdict = 0x7f79681116c0, const_pdict = 0x7f79681116c0, packed = 0x7f79681116c0, writable_packed = 0x7f79681116c0, opproc = 0x7f79681116c0, pfile = 0x7f79681116c0, pdevice = 0x7f79681116c0, pstruct = 0x7f79681116c0, dummy = 140159413720768}} ccode = <optimized out> saref = {tas = {type_attrs = 51456, _pad = 33535, rsize = 32633}, value = {intval = -4943865882587495168, boolval = 1280, realval = 2.16421334e+26, saveid = 13502878191122056448, bytes = 0xbb63dc2c6b330500 <error: Cannot access memory at address 0xbb63dc2c6b330500>, const_bytes = 0xbb63dc2c6b330500 <error: Cannot access memory at address 0xbb63dc2c6b330500>, refs = 0xbb63dc2c6b330500, const_refs = 0xbb63dc2c6b330500, pname = 0xbb63dc2c6b330500, const_pname = 0xbb63dc2c6b330500, pdict = 0xbb63dc2c6b330500, const_pdict = 0xbb63dc2c6b330500, packed = 0xbb63dc2c6b330500, writable_packed = 0xbb63dc2c6b330500, opproc = 0xbb63dc2c6b330500, pfile = 0xbb63dc2c6b330500, pdevice = 0xbb63dc2c6b330500, pstruct = 0xbb63dc2c6b330500, dummy = 13502878191122056448}} i_ctx_p = 0x7f79681872c0 perrordict = 0x7f7968132488 gc_signal = 0 epref = 0x7f7982ffc990 code = <optimized out> #7 gs_interpret (pi_ctx_p=<optimized out>, pref=pref@entry=0x7f7982ffc990, user_errors=user_errors@entry=0, pexit_code=pexit_code@entry=0x7f7982ffc9e4, perror_object=0x7f79684be130) at psi/interp.c:468 i_ctx_p = <optimized out> error_root = {next = 0x7f7968a5fa30, ptype = 0x7f7981e64620 <ptr_ref_procs>, p = 0x7f7982ffc8a8, free_on_unregister = 0} #8 0x00007f7981847a47 in gs_main_interpret (perror_object=<optimized out>, pexit_code=0x7f7982ffc9e4, user_errors=0, pref=0x7f7982ffc990, minst=<optimized out>) at psi/imain.c:247 No locals. #9 gs_main_run_string_continue (minst=<optimized out>, str=str@entry=0x7f79a452a120 <buf> "MS (n)4402 5498 MS ( )4444 5498 MS (f)4463 5498 MS (o)4490 5498 MS (r)4532 5498 MS\n(i)2535 5598 MS (t)2559 5598 MS (.)2582 5598 MS ( )2604 5598 MS (T)2630 5598 MS (h)2682 5598 MS (e)2724 5598 MS ( )27"..., length=<optimized out>, user_errors=user_errors@entry=0, pexit_code=pexit_code@entry=0x7f7982ffc9e4, perror_object=<optimized out>) at psi/imain.c:649 rstr = {tas = {type_attrs = 4704, _pad = 26789, rsize = 32768}, value = {intval = 140160424648992, boolval = 41248, realval = -4.56729694e-17, saveid = 140160424648992, bytes = 0x7f79a452a120 <buf> "MS (n)4402 5498 MS ( )4444 5498 MS (f)4463 5498 MS (o)4490 5498 MS (r)4532 5498 MS\n(i)2535 5598 MS (t)2559 5598 MS (.)2582 5598 MS ( )2604 5598 MS (T)2630 5598 MS (h)2682 5598 MS (e)2724 5598 MS ( )27"..., const_bytes = 0x7f79a452a120 <buf> "MS (n)4402 5498 MS ( )4444 5498 MS (f)4463 5498 MS (o)4490 5498 MS (r)4532 5498 MS\n(i)2535 5598 MS (t)2559 5598 MS (.)2582 5598 MS ( )2604 5598 MS (T)2630 5598 MS (h)2682 5598 MS (e)2724 5598 MS ( )27"..., refs = 0x7f79a452a120 <buf>, const_refs = 0x7f79a452a120 <buf>, pname = 0x7f79a452a120 <buf>, const_pname = 0x7f79a452a120 <buf>, pdict = 0x7f79a452a120 <buf>, const_pdict = 0x7f79a452a120 <buf>, packed = 0x7f79a452a120 <buf>, writable_packed = 0x7f79a452a120 <buf>, opproc = 0x7f79a452a120 <buf>, pfile = 0x7f79a452a120 <buf>, pdevice = 0x7f79a452a120 <buf>, pstruct = 0x7f79a452a120 <buf>, dummy = 140160424648992}} pexit_code = 0x7f7982ffc9e4 user_errors = 0 str = 0x7f79a452a120 <buf> "MS (n)4402 5498 MS ( )4444 5498 MS (f)4463 5498 MS (o)4490 5498 MS (r)4532 5498 MS\n(i)2535 5598 MS (t)2559 5598 MS (.)2582 5598 MS ( )2604 5598 MS (T)2630 5598 MS (h)2682 5598 MS (e)2724 5598 MS ( )27"... minst = <optimized out> perror_object = <optimized out> #10 0x00007f798184c43e in gsapi_run_string_continue (lib=lib@entry=0x7f7968a5f910, str=str@entry=0x7f79a452a120 <buf> "MS (n)4402 5498 MS ( )4444 5498 MS (f)4463 5498 MS (o)4490 5498 MS (r)4532 5498 MS\n(i)2535 5598 MS (t)2559 5598 MS (.)2582 5598 MS ( )2604 5598 MS (T)2630 5598 MS (h)2682 5598 MS (e)2724 5598 MS ( )27"..., length=<optimized out>, user_errors=user_errors@entry=0, pexit_code=pexit_code@entry=0x7f7982ffc9e4) at psi/iapi.c:383 ctx = 0x7f7968a5f910
(In reply to Dr. David Alan Gilbert from comment #2) > (In reply to Ken Sharp from comment #1) > > Please attach the file here, references often go stale before we have a > > chance to look at them. > > Since it's not my document, I don't feel comfortable taking a copy of it > into your bug system. Either you attach it or I will have to, we need an example file to reproduce the problem. > Hmm, I'm failing to repeat it under gs by itself; but it's triggering in > both okular and evince through the libgs build. Well if you can't give me a Ghostscript command line, I can't reproduce it and can't fix it. > I used the packaged builds on both Fedora 23 and Ubuntu X, package versions: Then I'd suggest you try using our source and building yourselves. Packages sometimes do odd things. > however, I've just built from source and I get the same thing; > e21aae2ee801a6468e44697970d11d4d56d0c6ab And the command line is ? The stack trace is all but useless.
(In reply to Ken Sharp from comment #3) > (In reply to Dr. David Alan Gilbert from comment #2) > > (In reply to Ken Sharp from comment #1) > > > Please attach the file here, references often go stale before we have a > > > chance to look at them. > > > > Since it's not my document, I don't feel comfortable taking a copy of it > > into your bug system. > > Either you attach it or I will have to, we need an example file to reproduce > the problem. Since it's not my file, not on my site, I don't feel I have the permission to do that. > > Hmm, I'm failing to repeat it under gs by itself; but it's triggering in > > both okular and evince through the libgs build. > > Well if you can't give me a Ghostscript command line, I can't reproduce it > and can't fix it. > > > > I used the packaged builds on both Fedora 23 and Ubuntu X, package versions: > > Then I'd suggest you try using our source and building yourselves. Packages > sometimes do odd things. > > > > however, I've just built from source and I get the same thing; > > e21aae2ee801a6468e44697970d11d4d56d0c6ab > > And the command line is ? The stack trace is all but useless. okular ./fccm97.ps or evince ./fccm97.ps both are failing with the FPE at the same place a few pages through the doc (or forcing a redraw).
(In reply to Dr. David Alan Gilbert from comment #4) > > And the command line is ? The stack trace is all but useless. > > okular ./fccm97.ps > or > evince ./fccm97.ps *Ghostscript* command line.
(In reply to Ken Sharp from comment #5) > (In reply to Dr. David Alan Gilbert from comment #4) > > > > And the command line is ? The stack trace is all but useless. > > > > okular ./fccm97.ps > > or > > evince ./fccm97.ps > > *Ghostscript* command line. I don't have a gs command line that will make it crash; I have okular and evince crashes, both using the gs library.
(In reply to Dr. David Alan Gilbert from comment #6) > > I don't have a gs command line that will make it crash; I have okular and > evince crashes, both using the gs library. Both evince and okular call Ghostscript through libspectre. There's no way we can reasonably debug evince or okular, *then* debug libspectre, before we then get to debug Ghostscript. Your best bet is to report the crash to either evince or okular developers, hopefully, then can work with the libspectre devs to reproduce the problem in libspectre, and then the libspectre folks can work with us to reproduce the problem in Ghostscript.
No example file, no command line, no way to reproduce and fix the problem.