Bug 689723

Summary: Ghostscript crashes reading PDF file (valgrind reports problems)
Product: Ghostscript Reporter: Marcos H. Woehrmann <marcos.woehrmann>
Component: GeneralAssignee: Ray Johnston <ray.johnston>
Status: NOTIFIED FIXED    
Severity: normal CC: schultz
Priority: P2    
Version: master   
Hardware: PC   
OS: Linux   
Customer: 661 Word Size: ---

Description Marcos H. Woehrmann 2008-02-26 16:22:17 UTC 
The customer reports the attached PDF file causes Ghostscript to crash; I'm able
to duplicate this issue with gs8.61, but not reliably (i.e. changing the DEVICE
or resolution makes the problem go away).  Running the file with gshead (r8548)
and valgrind shows some issues:

==28860== Memcheck, a memory error detector.
==28860== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==28860== Using LibVEX rev 1732, a library for dynamic binary translation.
==28860== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==28860== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework.
==28860== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==28860== For more details, rerun with: -v
==28860==
GPL Ghostscript SVN PRE-RELEASE 8.62 (2007-11-22)
Copyright (C) 2007 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Processing pages 1 through 2.
Page 1
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x4A17B1: ptr_struct_mark (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4A1C6A: gc_trace (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4A22F2: gs_gc_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x517171: context_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47F913: ireclaim (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47B63E: interp_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47D11B: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x4A23C7: gs_gc_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x517171: context_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47F913: ireclaim (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47B63E: interp_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47D11B: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x40A030: main (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x4A23CC: gs_gc_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x517171: context_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47F913: ireclaim (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47B63E: interp_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47D11B: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x40A030: main (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x4A17B1: ptr_struct_mark (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4A1C6A: gc_trace (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4A242F: gs_gc_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x517171: context_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47F913: ireclaim (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47B63E: interp_reclaim (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47D11B: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x6C0AE3: memflip8x8 (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E53DD: copy_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E604E: image_render_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E4A3F: gx_image1_plane_data (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6B37CF: gs_image_next_planes (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x49F726: image_file_continue (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47C3E7: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x70CF27: mem_true24_copy_mono (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E5058: copy_portrait (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E543E: copy_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E604E: image_render_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E4A3F: gx_image1_plane_data (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6B37CF: gs_image_next_planes (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x49F726: image_file_continue (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47C3E7: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x6C0BB2: memflip8x8 (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E53DD: copy_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E604E: image_render_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E4A3F: gx_image1_plane_data (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6B37CF: gs_image_next_planes (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x49F726: image_file_continue (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47C3E7: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
Page 2
==28860==
==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x6C0BC5: memflip8x8 (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E53DD: copy_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E604E: image_render_landscape (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6E4A3F: gx_image1_plane_data (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x6B37CF: gs_image_next_planes (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x49F726: image_file_continue (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x47C3E7: gs_interpret (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x472B6D: gs_main_run_string_end (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x473B1F: run_string (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x474205: runarg (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4743BB: argproc (in /home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==    by 0x4758EB: gs_main_init_with_args (in
/home/marcos/Desktop/artifex/gs.8548/bin/gs)
==28860==
==28860== ERROR SUMMARY: 2649 errors from 8 contexts (suppressed: 8 from 1)
==28860== malloc/free: in use at exit: 1,584 bytes in 66 blocks.
==28860== malloc/free: 29,205 allocs, 29,139 frees, 88,691,192 bytes allocated.
==28860== For counts of detected errors, rerun with: -v
==28860== searching for pointers to 66 not-freed blocks.
==28860== checked 9,517,432 bytes.
==28860==
==28860== LEAK SUMMARY:
==28860==    definitely lost: 1,584 bytes in 66 blocks.
==28860==      possibly lost: 0 bytes in 0 blocks.
==28860==    still reachable: 0 bytes in 0 blocks.
==28860==         suppressed: 0 bytes in 0 blocks.
==28860== Rerun with --leak-check=full to see details of leaked memory.
                                                                               
                                                                  
The command line I'm using:

valgrind bin/gs -I./lib:/Users/marcos/Desktop/artifex/fonts -sDEVICE=ppmraw
-sOutputFile=test.ppm -dNOPAUSE -dBATCH ../Invoices001.PDF
Comment 1 Marcos H. Woehrmann 2008-02-26 16:22:59 UTC 
Created attachment 3820 [details]
Invoices001.PDF
Comment 2 Marcos H. Woehrmann 2008-02-28 11:56:48 UTC 
*** Bug 688845 has been marked as a duplicate of this bug. ***
Comment 3 leonardo 2008-03-31 11:57:37 UTC 
I think the most informating issue here is this one :

==28860== Conditional jump or move depends on uninitialised value(s)
==28860==    at 0x70CF27: mem_true24_copy_mono (in

Assigning to its owner.
Comment 4 Ray Johnston 2008-04-18 12:43:52 UTC 
While I do see a 'Segmentation Violation' on Windows with 8.61, 8.62 and
head do not crash.

I looked at this with a debugger, and it crashed in 'jbig2_find_segment'.
I don't know, but suspect that this was fixed by Ken's r8456 patch (12/21/2007).

Closing as "FIXED" since 8.62 works and has been released.