| Summary: | Segmentation fault at base/gxblend.c:3091 in compose_group_nonknockout_nonblend_isolated_allmask_common | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | Suhwan <prada960808> |
| Component: | Transparency | Assignee: | Michael Vrhel <michael.vrhel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | P4 | ||
| Version: | master | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | Word Size: | --- | |
| Attachments: | poc | ||
SHA1 4b9e86a33b237740df682369300f1a9507dc63c5 exhibits this, assigning to Michael as it appears to be somethign to do with transparency. I built gs on git commit commit 4b9e86a33b237740df682369300f1a9507dc63c5 with gcc compiler and used "make sanitize" GPL Ghostscript GIT PRERELEASE 9.51 (2019-10-15) Copyright (C) 2019 Artifex Software, Inc. All rights reserved. This software is supplied under the GNU AGPLv3 and comes with NO WARRANTY: see the file COPYING for details. **** Error: An error occurred while reading an XREF table. **** The file has been damaged. This may have been caused **** by a problem while converting or transfering the file. **** Ghostscript will attempt to recover the data. **** However, the output may be incorrect. Processing pages 1 through 1. Page 1 **** Error: stream Length incorrect. Output may be incorrect. warning: ignoring zlib error: incorrect data check **** Error: stream Length incorrect. Output may be incorrect. **** Error: stream Length incorrect. Output may be incorrect. **** Error: File has insufficient data for an image. Output may be incorrect. ASAN:DEADLYSIGNAL ================================================================= ==6325==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5587e93ceb3f bp 0x7ffd3e5f3610 sp 0x7ffd3e5f35b0 T0) ==6325==The signal is caused by a READ memory access. ==6325==Hint: address points to the zero page. #0 0x5587e93ceb3e in compose_group_nonknockout_nonblend_isolated_allmask_common base/gxblend.c:3091 #1 0x5587e93d11bc in do_compose_group base/gxblend.c:3509 #2 0x5587e93d6436 in pdf14_compose_group base/gxblend.c:4302 #3 0x5587e93f0e72 in pdf14_pop_transparency_group base/gdevp14.c:1609 #4 0x5587e941076d in pdf14_end_transparency_group base/gdevp14.c:5154 #5 0x5587e93b1153 in gx_end_transparency_group base/gstrans.c:437 #6 0x5587e940c3d7 in gx_update_pdf14_compositor base/gdevp14.c:4643 #7 0x5587e940ca27 in pdf14_create_compositor base/gdevp14.c:4730 #8 0x5587e97a336e in apply_create_compositor base/gxclrast.c:2999 #9 0x5587e9780dd9 in execute_compositor_queue base/gxclrast.c:386 #10 0x5587e97914db in clist_playback_band base/gxclrast.c:1631 #11 0x5587e97b0468 in clist_playback_file_bands base/gxclread.c:920 #12 0x5587e97afc45 in clist_render_rectangle base/gxclread.c:854 #13 0x5587e97aec1b in clist_rasterize_lines base/gxclread.c:743 #14 0x5587e97ada2a in clist_get_bits_rectangle base/gxclread.c:632 #15 0x5587e9816785 in clist_get_bits_rect_mt base/gxclthrd.c:845 #16 0x5587ea25b660 in gx_default_get_bits base/gdevdgbr.c:54 #17 0x5587e943028e in pdf14_clist_create_compositor base/gdevp14.c:8711 #18 0x5587e9427e20 in send_pdf14trans base/gdevp14.c:7737 #19 0x5587e93ae151 in gs_gstate_update_pdf14trans2 base/gstrans.c:168 #20 0x5587e93ae332 in gs_gstate_update_pdf14trans base/gstrans.c:192 #21 0x5587e93b4e4e in gs_pop_pdf14trans_device base/gstrans.c:832 #22 0x5587ea53505c in zpoppdf14devicefilter psi/ztrans.c:551 #23 0x5587ea38cfd3 in do_call_operator psi/interp.c:86 #24 0x5587ea396752 in interp psi/interp.c:1300 #25 0x5587ea38eb20 in gs_call_interp psi/interp.c:520 #26 0x5587ea38e1c5 in gs_interpret psi/interp.c:477 #27 0x5587ea36271c in gs_main_interpret psi/imain.c:253 #28 0x5587ea365bd1 in gs_main_run_string_end psi/imain.c:791 #29 0x5587ea365596 in gs_main_run_string_with_length psi/imain.c:735 #30 0x5587ea365508 in gs_main_run_string psi/imain.c:716 #31 0x5587ea3721cc in run_string psi/imainarg.c:1117 #32 0x5587ea371f6f in runarg psi/imainarg.c:1086 #33 0x5587ea3717ee in argproc psi/imainarg.c:1008 #34 0x5587ea36bfba in gs_main_init_with_args01 psi/imainarg.c:241 #35 0x5587ea36c41e in gs_main_init_with_args psi/imainarg.c:288 #36 0x5587ea37794e in psapi_init_with_args psi/psapi.c:272 #37 0x5587ea546f6d in gsapi_init_with_args psi/iapi.c:148 #38 0x5587e9118598 in main psi/gs.c:95 #39 0x7f0c4217ab96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #40 0x5587e9118339 in _start (gs_gcc_asan+0x36b339) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV base/gxblend.c:3091 in compose_group_nonknockout_nonblend_isolated_allmask_common |
Created attachment 18379 [details] poc Hello. I found a Segmentation fault bug in GhostScript. Please confirm. Thanks. OS: Ubuntu 18.04 64bit Steps to reproduce: 1. Download the .POC files. 2. Compile the source code with ASan. 3. Run following cmd. gs -sOutputFile=tmp -sDEVICE=eplmono $PoC Here's ASAN report. ================================================================= ==384==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000c257b4 bp 0x62900006e444 sp 0x7fff87ad9590 T0) ==384==The signal is caused by a READ memory access. ==384==Hint: address points to the zero page. #0 0xc257b3 in compose_group_nonknockout_nonblend_isolated_allmask_common ghostpdl/./base/gxblend.c:3091:36 #1 0xbf91f0 in do_compose_group ghostpdl/./base/gxblend.c:3509:5 #2 0xbf91f0 in pdf14_compose_group ghostpdl/./base/gxblend.c:4302 #3 0xd1cb2c in pdf14_pop_transparency_group ghostpdl/./base/gdevp14.c:1609:13 #4 0xcda8b4 in pdf14_end_transparency_group ghostpdl/./base/gdevp14.c:5154:12 #5 0xd22d9a in gx_update_pdf14_compositor ghostpdl/./base/gdevp14.c:4643:20 #6 0x14c9a8f in apply_create_compositor ghostpdl/./base/gxclrast.c:2999:12 #7 0x14c9a8f in execute_compositor_queue ghostpdl/./base/gxclrast.c:386 #8 0x14a7e0e in clist_playback_band ghostpdl/./base/gxclrast.c:1623:52 #9 0x14cd97b in clist_playback_file_bands ghostpdl/./base/gxclread.c:920:16 #10 0x14d5c63 in clist_render_rectangle ghostpdl/./base/gxclread.c:854:16 #11 0x14d413f in clist_rasterize_lines ghostpdl/./base/gxclread.c:743:20 #12 0x14d2154 in clist_get_bits_rectangle ghostpdl/./base/gxclread.c:632:12 #13 0x1596512 in clist_get_bits_rect_mt ghostpdl/./base/gxclthrd.c:860:13 #14 0x2bae551 in gx_default_get_bits ghostpdl/./base/gdevdgbr.c:54:12 #15 0xd4f187 in pdf14_clist_create_compositor ghostpdl/./base/gdevp14.c:8711:20 #16 0xcc7569 in send_pdf14trans ghostpdl/./base/gdevp14.c:7737:12 #17 0xbb43ea in gs_gstate_update_pdf14trans2 ghostpdl/./base/gstrans.c:168:12 #18 0xbb43ea in gs_gstate_update_pdf14trans ghostpdl/./base/gstrans.c:192 #19 0xbb43ea in gs_pop_pdf14trans_device ghostpdl/./base/gstrans.c:832 #20 0x2e8bdb6 in interp ghostpdl/./psi/interp.c:1300:28 #21 0x2e8bdb6 in gs_call_interp ghostpdl/./psi/interp.c:520 #22 0x2e8bdb6 in gs_interpret ghostpdl/./psi/interp.c:477 #23 0x2e3f451 in gs_main_interpret ghostpdl/./psi/imain.c:253:12 #24 0x2e3f451 in gs_main_run_string_end ghostpdl/./psi/imain.c:791 #25 0x2e3f451 in gs_main_run_string_with_length ghostpdl/./psi/imain.c:735 #26 0x2e548f0 in run_string ghostpdl/./psi/imainarg.c:1117:12 #27 0x2e548f0 in runarg ghostpdl/./psi/imainarg.c:1086 #28 0x2e5302a in argproc ghostpdl/./psi/imainarg.c:1008:16 #29 0x2e479f7 in gs_main_init_with_args01 ghostpdl/./psi/imainarg.c:241:24 #30 0x2e539d0 in gs_main_init_with_args ghostpdl/./psi/imainarg.c:288:16 #31 0x57b86f in main ghostpdl/./psi/gs.c:95:16 #32 0x7fbc119a3b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 #33 0x482e79 in _start (gs+0x482e79) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV ghostpdl/./base/gxblend.c:3091:36 in compose_group_nonknockout_nonblend_isolated_allmask_common ==384==ABORTING