Summary: | Seg. fault in gs_vmreclaim | ||
---|---|---|---|
Product: | Ghostscript | Reporter: | Marcos H. Woehrmann <marcos.woehrmann> |
Component: | General | Assignee: | Michael Vrhel <michael.vrhel> |
Status: | RESOLVED FIXED | ||
Severity: | blocker | CC: | alex |
Priority: | P1 | ||
Version: | master | ||
Hardware: | PC | ||
OS: | All | ||
Customer: | Word Size: | --- | |
Attachments: |
valgrind_18-02F_PS.log
valgrind_Bug690208_pdf.log |
Description
Marcos H. Woehrmann
2010-07-19 04:04:20 UTC
Example gdb output: marcos@peeves:[36]% gdb gs.11517/debugobj/gs GNU gdb (GDB) 7.0-ubuntu Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/marcos/gs.11517/debugobj/gs...done. (gdb) run -sDEVICE=pgmraw -o test.pgm -r300 ./18-02F.PS Starting program: /home/marcos/gs.11517/debugobj/gs -sDEVICE=pgmraw -o test.pgm -r300 ./18-02F.PS [Thread debugging using libthread_db enabled] GPL Ghostscript SVN PRE-RELEASE 9.00 (2010-07-31) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3339304 1972567 2121672 827062 1 done. % _Pg checksums collected from GPL Ghostscript SVN PRE-RELEASE version 3010 18-2f GSTATE Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3469672 2154904 2182224 856047 1 done. 18-2f GSTATE = 0 Graphic 380 ms /18-2f__Pg01 0 def %matching 0 18-2f Special Test A 18-2f Special Test A = 29185 Graphic 70 ms Program received signal SIGSEGV, Segmentation fault. 0x00000000005728bf in igc_reloc_struct_ptr (obj=0x1dd52b8, gcst=0x7fffffffc570) at ./psi/igc.c:1282 1282 robj = chead->dest + (gdb) where #0 0x00000000005728bf in igc_reloc_struct_ptr (obj=0x1dd52b8, gcst=0x7fffffffc570) at ./psi/igc.c:1282 #1 0x00000000009ad42a in basic_reloc_ptrs (vptr=0x1a3df80, size=128, pstype=0xa9eae0, gcst=0x7fffffffc570) at ./base/gsmemory.c:346 #2 0x000000000057267c in gc_do_reloc (cp=0x1a3dd50, mem=0x19ffff8, pstate=0x7fffffffc570) at ./psi/igc.c:1222 #3 0x0000000000570190 in gs_gc_reclaim (pspaces=0x1a3e198, global=1) at ./psi/igc.c:441 #4 0x0000000000632c3c in context_reclaim (pspaces=0x1a3e198, global=1) at ./psi/zcontext.c:278 #5 0x0000000000525762 in gs_vmreclaim (dmem=0x1a3e190, global=1) at ./psi/ireclaim.c:153 #6 0x00000000005254b2 in ireclaim (dmem=0x1a3e190, space=-1) at ./psi/ireclaim.c:75 #7 0x000000000051ea9a in interp_reclaim (pi_ctx_p=0x19ff388, space=-1) at ./psi/interp.c:415 #8 0x0000000000522080 in interp (pi_ctx_p=0x19ff388, pref=0x7fffffffd830, perror_object=0x7fffffffd930) at ./psi/interp.c:1678 #9 0x000000000051ed26 in gs_call_interp (pi_ctx_p=0x19ff388, pref=0x7fffffffd830, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/interp.c:484 #10 0x000000000051eb42 in gs_interpret (pi_ctx_p=0x19ff388, pref=0x7fffffffd830, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/interp.c:442 #11 0x0000000000512125 in gs_main_interpret (minst=0x19ff2f0, pref=0x7fffffffd830, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:240 #12 0x0000000000512d7b in gs_main_run_string_end (minst=0x19ff2f0, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:556 #13 0x0000000000512c2c in gs_main_run_string_with_length (minst=0x19ff2f0, str=0x1bbdf30 "<2e2f31382d3032462e5053>.runfile", length=32, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:514 #14 0x0000000000512b91 in gs_main_run_string (minst=0x19ff2f0, str=0x1bbdf30 "<2e2f31382d3032462e5053>.runfile", user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:496 #15 0x0000000000515e71 in run_string (minst=0x19ff2f0, str=0x1bbdf30 "<2e2f31382d3032462e5053>.runfile", options=3) at ./psi/imainarg.c:814 #16 0x0000000000515e16 in runarg (minst=0x19ff2f0, pre=0xa5a7db "", arg=0x1a45eb0 "./18-02F.PS", post=0xa5a8dd ".runfile", options=3) at ./psi/imainarg.c:805 #17 0x0000000000515a7b in argproc (minst=0x19ff2f0, arg=0x7fffffffe82f "./18-02F.PS") at ./psi/imainarg.c:738 #18 0x000000000051425d in gs_main_init_with_args (minst=0x19ff2f0, argc=6, argv=0x7fffffffe568) at ./psi/imainarg.c:215 #19 0x0000000000464db3 in main (argc=6, argv=0x7fffffffe568) at ./psi/gs.c:96 (gdb) (gdb) run -sDEVICE=pgmraw -o test.pgm -r72 ./Bug690208.pdf The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /home/marcos/gs.11517/debugobj/gs -sDEVICE=pgmraw -o test.pgm -r72 ./Bug690208.pdf [Thread debugging using libthread_db enabled] GPL Ghostscript SVN PRE-RELEASE 9.00 (2010-07-31) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 3. Page 1 Page 2 Program received signal SIGSEGV, Segmentation fault. 0x00000000005728bf in igc_reloc_struct_ptr (obj=0x1e65168, gcst=0x7fffffffc570) at ./psi/igc.c:1282 1282 robj = chead->dest + (gdb) where #0 0x00000000005728bf in igc_reloc_struct_ptr (obj=0x1e65168, gcst=0x7fffffffc570) at ./psi/igc.c:1282 #1 0x00000000009ad42a in basic_reloc_ptrs (vptr=0x1a3df80, size=128, pstype=0xa9eae0, gcst=0x7fffffffc570) at ./base/gsmemory.c:346 #2 0x000000000057267c in gc_do_reloc (cp=0x1a3dd50, mem=0x19ffff8, pstate=0x7fffffffc570) at ./psi/igc.c:1222 #3 0x0000000000570190 in gs_gc_reclaim (pspaces=0x1a3e198, global=1) at ./psi/igc.c:441 #4 0x0000000000632c3c in context_reclaim (pspaces=0x1a3e198, global=1) at ./psi/zcontext.c:278 #5 0x0000000000525762 in gs_vmreclaim (dmem=0x1a3e190, global=1) at ./psi/ireclaim.c:153 #6 0x00000000005254b2 in ireclaim (dmem=0x1a3e190, space=-1) at ./psi/ireclaim.c:75 #7 0x000000000051ea9a in interp_reclaim (pi_ctx_p=0x19ff388, space=-1) at ./psi/interp.c:415 #8 0x0000000000522080 in interp (pi_ctx_p=0x19ff388, pref=0x7fffffffd6c0, perror_object=0x7fffffffd930) at ./psi/interp.c:1678 #9 0x000000000051ed26 in gs_call_interp (pi_ctx_p=0x19ff388, pref=0x7fffffffd830, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/interp.c:484 #10 0x000000000051eb42 in gs_interpret (pi_ctx_p=0x19ff388, pref=0x7fffffffd830, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/interp.c:442 #11 0x0000000000512125 in gs_main_interpret (minst=0x19ff2f0, pref=0x7fffffffd830, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:240 #12 0x0000000000512d7b in gs_main_run_string_end (minst=0x19ff2f0, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:556 #13 0x0000000000512c2c in gs_main_run_string_with_length (minst=0x19ff2f0, str=0x1bbdf30 "<2e2f4275673639303230382e706466>.runfile", length=40, user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:514 #14 0x0000000000512b91 in gs_main_run_string (minst=0x19ff2f0, str=0x1bbdf30 "<2e2f4275673639303230382e706466>.runfile", user_errors=1, pexit_code=0x7fffffffd94c, perror_object=0x7fffffffd930) at ./psi/imain.c:496 #15 0x0000000000515e71 in run_string (minst=0x19ff2f0, str=0x1bbdf30 "<2e2f4275673639303230382e706466>.runfile", options=3) at ./psi/imainarg.c:814 #16 0x0000000000515e16 in runarg (minst=0x19ff2f0, pre=0xa5a7db "", arg=0x1a45eb0 "./Bug690208.pdf", post=0xa5a8dd ".runfile", options=3) at ./psi/imainarg.c:805 #17 0x0000000000515a7b in argproc (minst=0x19ff2f0, arg=0x7fffffffe82b "./Bug690208.pdf") at ./psi/imainarg.c:738 #18 0x000000000051425d in gs_main_init_with_args (minst=0x19ff2f0, argc=6, argv=0x7fffffffe568) at ./psi/imainarg.c:215 #19 0x0000000000464db3 in main (argc=6, argv=0x7fffffffe568) at ./psi/gs.c:96 (gdb) Created attachment 6510 [details]
valgrind_18-02F_PS.log
Created attachment 6511 [details]
valgrind_Bug690208_pdf.log
Please re-run with -Z@$? Note, on linux you need to use escapes: -Z@\$\? when running a debug build. I am attempting to duplicate it on Win 7 I ran with -Z@$? Note, on linux you need to use escapes: -Z@\$\? when running a debug build. I was able to duplicate it on Win 7 with a 32-bit DEBUG build. Setting a breakpoint in ilocate.c:535 (in ialloc_validate_object) I get a breakpoint before it later gets a segfault that is probably related. This scan of objects is performed as part of a 'restore' (zrestore). The contents of the object being searched for has funky contents, in that the o_type is 0xfeeefeee as is the size. Going up one level from the breakpoint, into ialloc_validate_chunk, I see the value of pre has some useful information. The value of: pre->d.f.o.t.type points to the st_gsicc_manager struct descriptor and the value if 'index' is 8 (I think it has already been incremented past the pointer that was to the bogus area of memory that ialloc_validate_object can't find). If the bogus index was 7, then that is the pointer to the 'lab_profile' filename (consulting the list of pointers in st_gsicc_manager in gsicc_manage.c:83-87). This may or may not be related to the other issue found with the psdcmyk device that I worked with Michael on recently, but it smells the same. Assigning to Michael. Please let me know if the changes we discussed w.r.t. the filename strings set via userparams don't fix this as well. I am able to duplicate also. The common theme in the two example files is that they both have patterns. I am suspicious that there is something going wrong with the pattern instance saved entry which has a pointer to an icc manager. Clearly it should be traced, but this will take a bit of time to dig through. *** Bug 691482 has been marked as a duplicate of this bug. *** Fixed with rev 11532. |