I can't duplicate this problem on peeves, but on my 64 bit Linux boxes running head (r9772) the nightly regression files 23-12C.PS and 23-12J.PS core dump when writing to a 72 DPI pkmraw file: bin/gs -sOutputFile=test.pkm -dMaxBitmap=30000000 -sDEVICE=pkmraw -r72 -q -dNOPAUSE - dBATCH -K1000000 -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/artifex/nightly/testfiles/23-12C.PS
Stack trace from gdb: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 47478172782224 (LWP 1985)] 0x00000000004bb417 in dict_put (pdref=0x17bec48, pkey=0x17a7fe8, pvalue=0x17a7ff8, pds=0x17bf188) at ./psi/idict.c:504 504 ref_assign_old_in(mem, &pdict->keys, kp, pkey, (gdb) where #0 0x00000000004bb417 in dict_put (pdref=0x17bec48, pkey=0x17a7fe8, pvalue=0x17a7ff8, pds=0x17bf188) at ./psi/idict.c:504 #1 0x00000000004d8e28 in zop_def (i_ctx_p=0x17bf090) at ./psi/zdict.c:142 #2 0x00000000004c06cb in interp (pi_ctx_p=0x1780348, pref=0x7fff50624e60, perror_object=0x7fff50624f30) at ./psi/interp.c:1006 #3 0x00000000004bf67d in gs_call_interp (pi_ctx_p=0x1780348, pref=0x7fff50624e60, user_errors=1, pexit_code=0x7fff50624f48, perror_object=0x7fff50624f30) at ./psi/interp.c:496 #4 0x00000000004bf4b5 in gs_interpret (pi_ctx_p=0x1780348, pref=0x7fff50624e60, user_errors=1, pexit_code=0x7fff50624f48, perror_object=0x7fff50624f30) at ./psi/interp.c:454 #5 0x00000000004b2f5c in gs_main_interpret (minst=0x17802b0, pref=0x7fff50624e60, user_errors=1, pexit_code=0x7fff50624f48, perror_object=0x7fff50624f30) at ./psi/imain.c:214 #6 0x00000000004b3b1a in gs_main_run_string_end (minst=0x17802b0, user_errors=1, pexit_code=0x7fff50624f48, perror_object=0x7fff50624f30) at ./psi/imain.c:526 #7 0x00000000004b39d7 in gs_main_run_string_with_length (minst=0x17802b0, str=0x8fa16e ".runstdin", length=9, user_errors=1, pexit_code=0x7fff50624f48, perror_object=0x7fff50624f30) at ./psi/imain.c:484 #8 0x00000000004b3944 in gs_main_run_string (minst=0x17802b0, str=0x8fa16e ".runstdin", user_errors=1, pexit_code=0x7fff50624f48, perror_object=0x7fff50624f30) at ./psi/imain.c:466 #9 0x00000000004b695b in run_string (minst=0x17802b0, str=0x8fa16e ".runstdin", options=2) at ./psi/imainarg.c:798 #10 0x00000000004b5087 in swproc (minst=0x17802b0, arg=0x7fff50627d01 "USER=marcos", pal=0x7fff506254d0) at ./psi/imainarg.c:267 #11 0x00000000004b4dcc in gs_main_init_with_args (minst=0x17802b0, argc=15, argv=0x7fff50625fd8) at ./psi/imainarg.c:200 #12 0x000000000040b369 in main (argc=15, argv=0x7fff50625fd8) at ./psi/gs.c:77 (gdb)
Valgrind output: marcos@amd64:[19]% valgrind /home/marcos/artifex/ghostscript/gs/debugobj/gs - I/home/marcos/artifex/ghostscript/gs/lib -I/home/marcos/artifex/fonts -o test.pkm - sDEVICE=pkmraw -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < ./23- 12C.PS ==2023== Memcheck, a memory error detector. ==2023== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==2023== Using LibVEX rev 1732, a library for dynamic binary translation. ==2023== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==2023== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework. ==2023== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==2023== For more details, rerun with: -v ==2023== GPL Ghostscript SVN PRE-RELEASE 8.65 (2009-02-04) Copyright (C) 2009 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. ==2023== Conditional jump or move depends on uninitialised value(s) ==2023== at 0x51332F: ptr_struct_mark (igc.c:1067) ==2023== by 0x512B3B: gc_trace (igc.c:857) ==2023== by 0x51105E: gs_gc_reclaim (igc.c:326) ==2023== by 0x5B60C9: context_reclaim (zcontext.c:283) ==2023== by 0x4C6C96: gs_vmreclaim (ireclaim.c:153) ==2023== by 0x4C69FA: ireclaim (ireclaim.c:75) ==2023== by 0x4BF41E: interp_reclaim (interp.c:427) ==2023== by 0x4C36A6: interp (interp.c:1690) ==2023== by 0x4BF67C: gs_call_interp (interp.c:496) ==2023== by 0x4BF4B4: gs_interpret (interp.c:454) ==2023== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2023== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2023== ==2023== Conditional jump or move depends on uninitialised value(s) ==2023== at 0x5126DA: gc_trace_chunk (igc.c:742) ==2023== by 0x511101: gs_gc_reclaim (igc.c:335) ==2023== by 0x5B60C9: context_reclaim (zcontext.c:283) ==2023== by 0x4C6C96: gs_vmreclaim (ireclaim.c:153) ==2023== by 0x4C69FA: ireclaim (ireclaim.c:75) ==2023== by 0x4BF41E: interp_reclaim (interp.c:427) ==2023== by 0x4C36A6: interp (interp.c:1690) ==2023== by 0x4BF67C: gs_call_interp (interp.c:496) ==2023== by 0x4BF4B4: gs_interpret (interp.c:454) ==2023== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2023== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2023== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2023== ==2023== Conditional jump or move depends on uninitialised value(s) ==2023== at 0x5126EC: gc_trace_chunk (igc.c:743) ==2023== by 0x511101: gs_gc_reclaim (igc.c:335) ==2023== by 0x5B60C9: context_reclaim (zcontext.c:283) ==2023== by 0x4C6C96: gs_vmreclaim (ireclaim.c:153) ==2023== by 0x4C69FA: ireclaim (ireclaim.c:75) ==2023== by 0x4BF41E: interp_reclaim (interp.c:427) ==2023== by 0x4C36A6: interp (interp.c:1690) ==2023== by 0x4BF67C: gs_call_interp (interp.c:496) ==2023== by 0x4BF4B4: gs_interpret (interp.c:454) ==2023== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2023== by 0x4B3B19: gs_main_run_string_end (imain.c:526) marcos@amd64:[1]% validlocale marcos@amd64:[1]% valgr valgrind valgrind-listener valgrind.bin marcos@amd64:[1]% valgrind /home/marcos/artifex/ghostscript/gs/debugobj/gs - I/home/marcos/artifex/ghostscript/gs/lib -I/home/marcos/artifex/fonts -o test.pkm - sDEVICE=pkmraw -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < ./23- 12C.PS ==2071== Memcheck, a memory error detector. ==2071== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==2071== Using LibVEX rev 1732, a library for dynamic binary translation. ==2071== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==2071== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework. ==2071== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==2071== For more details, rerun with: -v ==2071== GPL Ghostscript SVN PRE-RELEASE 8.65 (2009-02-04) Copyright (C) 2009 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. ==2071== Conditional jump or move depends on uninitialised value(s) ==2071== at 0x51332F: ptr_struct_mark (igc.c:1067) ==2071== by 0x512B3B: gc_trace (igc.c:857) ==2071== by 0x51105E: gs_gc_reclaim (igc.c:326) ==2071== by 0x5B60C9: context_reclaim (zcontext.c:283) ==2071== by 0x4C6C96: gs_vmreclaim (ireclaim.c:153) ==2071== by 0x4C69FA: ireclaim (ireclaim.c:75) ==2071== by 0x4BF41E: interp_reclaim (interp.c:427) ==2071== by 0x4C36A6: interp (interp.c:1690) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== ==2071== Conditional jump or move depends on uninitialised value(s) ==2071== at 0x5126DA: gc_trace_chunk (igc.c:742) ==2071== by 0x511101: gs_gc_reclaim (igc.c:335) ==2071== by 0x5B60C9: context_reclaim (zcontext.c:283) ==2071== by 0x4C6C96: gs_vmreclaim (ireclaim.c:153) ==2071== by 0x4C69FA: ireclaim (ireclaim.c:75) ==2071== by 0x4BF41E: interp_reclaim (interp.c:427) ==2071== by 0x4C36A6: interp (interp.c:1690) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== ==2071== Conditional jump or move depends on uninitialised value(s) ==2071== at 0x5126EC: gc_trace_chunk (igc.c:743) ==2071== by 0x511101: gs_gc_reclaim (igc.c:335) ==2071== by 0x5B60C9: context_reclaim (zcontext.c:283) ==2071== by 0x4C6C96: gs_vmreclaim (ireclaim.c:153) ==2071== by 0x4C69FA: ireclaim (ireclaim.c:75) ==2071== by 0x4BF41E: interp_reclaim (interp.c:427) ==2071== by 0x4C36A6: interp (interp.c:1690) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 2988504 1533456 13703120 12396882 1 done. % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 23-12c RANGE 1 Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3049904 1701348 13783856 12458048 1 done. 23-12c RANGE 1 = 29106 Text 13940 ms 23-12c RANGE 2 23-12c RANGE 2 = 29106 Text 13370 ms /23-12c_Pg01 58212 def %matching 58212 23-12c RANGE 3 23-12c RANGE 3 = 29106 Text 13020 ms 23-12c RANGE 4 23-12c RANGE 4 = 29106 Text 19400 ms /23-12c_Pg02 58212 def %matching 58212 23-12c RANGE 5 23-12c RANGE 5 = 29106 Text 13130 ms 23-12c RANGE 6 ==2071== ==2071== Invalid read of size 1 ==2071== at 0x4BADA6: real_dict_find (idict.c:377) ==2071== by 0x4B9F0D: dict_find (idict.c:87) ==2071== by 0x4D8E00: zop_def (zdict.c:141) ==2071== by 0x4C06CA: interp (interp.c:1006) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== Address 0xA1EA841 is 609 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 8 ==2071== at 0x4BADC8: real_dict_find (idict.c:378) ==2071== by 0x4B9F0D: dict_find (idict.c:87) ==2071== by 0x4D8E00: zop_def (zdict.c:141) ==2071== by 0x4C06CA: interp (interp.c:1006) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== Address 0xA1EA848 is 616 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 2 ==2071== at 0x4BADD3: real_dict_find (idict.c:378) ==2071== by 0x4B9F0D: dict_find (idict.c:87) ==2071== by 0x4D8E00: zop_def (zdict.c:141) ==2071== by 0x4C06CA: interp (interp.c:1006) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== Address 0xA1EA842 is 610 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 2 ==2071== at 0x4BADF9: real_dict_find (idict.c:378) ==2071== by 0x4B9F0D: dict_find (idict.c:87) ==2071== by 0x4D8E00: zop_def (zdict.c:141) ==2071== by 0x4C06CA: interp (interp.c:1006) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== Address 0xA1EA842 is 610 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 1 ==2071== at 0x4BDBC8: real_dstack_find_name_by_index (idstack.c:151) ==2071== by 0x4BD54F: dstack_find_name_by_index (idstack.c:50) ==2071== by 0x4C1D8D: interp (interp.c:1210) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== by 0x4B4DCB: gs_main_init_with_args (imainarg.c:200) ==2071== Address 0xA1EA891 is 689 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 8 ==2071== at 0x4BDBDA: real_dstack_find_name_by_index (idstack.c:152) ==2071== by 0x4BD54F: dstack_find_name_by_index (idstack.c:50) ==2071== by 0x4C1D8D: interp (interp.c:1210) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== by 0x4B4DCB: gs_main_init_with_args (imainarg.c:200) ==2071== Address 0xA1EA898 is 696 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 2 ==2071== at 0x4BDBE5: real_dstack_find_name_by_index (idstack.c:152) ==2071== by 0x4BD54F: dstack_find_name_by_index (idstack.c:50) ==2071== by 0x4C1D8D: interp (interp.c:1210) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== by 0x4B4DCB: gs_main_init_with_args (imainarg.c:200) ==2071== Address 0xA1EA892 is 690 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 2 ==2071== at 0x4BDC0B: real_dstack_find_name_by_index (idstack.c:152) ==2071== by 0x4BD54F: dstack_find_name_by_index (idstack.c:50) ==2071== by 0x4C1D8D: interp (interp.c:1210) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== by 0x4B4DCB: gs_main_init_with_args (imainarg.c:200) ==2071== Address 0xA1EA892 is 690 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 1 ==2071== at 0x4BDCC0: real_dstack_find_name_by_index (idstack.c:156) ==2071== by 0x4BD54F: dstack_find_name_by_index (idstack.c:50) ==2071== by 0x4C1D8D: interp (interp.c:1210) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== by 0x4B4DCB: gs_main_init_with_args (imainarg.c:200) ==2071== Address 0xA1EA9E1 is 1,025 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== ==2071== Invalid read of size 2 ==2071== at 0x4BDCD2: real_dstack_find_name_by_index (idstack.c:158) ==2071== by 0x4BD54F: dstack_find_name_by_index (idstack.c:50) ==2071== by 0x4C1D8D: interp (interp.c:1210) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) ==2071== by 0x4BF4B4: gs_interpret (interp.c:454) ==2071== by 0x4B2F5B: gs_main_interpret (imain.c:214) ==2071== by 0x4B3B19: gs_main_run_string_end (imain.c:526) ==2071== by 0x4B39D6: gs_main_run_string_with_length (imain.c:484) ==2071== by 0x4B3943: gs_main_run_string (imain.c:466) ==2071== by 0x4B695A: run_string (imainarg.c:798) ==2071== by 0x4B5086: swproc (imainarg.c:267) ==2071== by 0x4B4DCB: gs_main_init_with_args (imainarg.c:200) ==2071== Address 0xA1EA9E0 is 1,024 bytes inside a block of size 20,048 free'd ==2071== at 0x4C2182B: free (vg_replace_malloc.c:233) ==2071== by 0x84A208: gs_heap_free_object (gsmalloc.c:335) ==2071== by 0x822443: alloc_free_chunk (gsalloc.c:1825) ==2071== by 0x81E91F: i_free_all (gsalloc.c:411) ==2071== by 0x51B46A: restore_free (isave.c:987) ==2071== by 0x51AFB3: restore_space (isave.c:851) ==2071== by 0x51ADA4: alloc_restore_step_in (isave.c:788) ==2071== by 0x4EEA56: zrestore (zvmem.c:155) ==2071== by 0x4A117C: z2restore (zdevice2.c:319) ==2071== by 0x4BEFC7: call_operator (interp.c:111) ==2071== by 0x4C2CFA: interp (interp.c:1538) ==2071== by 0x4BF67C: gs_call_interp (interp.c:496) 23-12c RANGE 6 = 29106 Text 16870 ms /23-12c_Pg03 58212 def %matching 58212 Final backchannel utterance: Test Done. ==2071== ==2071== ERROR SUMMARY: 28616 errors from 13 contexts (suppressed: 8 from 1) ==2071== malloc/free: in use at exit: 6 bytes in 2 blocks. ==2071== malloc/free: 157,730 allocs, 157,728 frees, 935,812,133 bytes allocated. ==2071== For counts of detected errors, rerun with: -v ==2071== searching for pointers to 2 not-freed blocks. ==2071== checked 11,553,816 bytes. ==2071== ==2071== LEAK SUMMARY: ==2071== definitely lost: 6 bytes in 2 blocks. ==2071== possibly lost: 0 bytes in 0 blocks. ==2071== still reachable: 0 bytes in 0 blocks. ==2071== suppressed: 0 bytes in 0 blocks. ==2071== Rerun with --leak-check=full to see details of leaked memory. marcos@amd64:[2]%
On peeves, the tests run without significant Valgring warnings. With the following change in igc.c static const bool I_FORCE_GLOBAL_GC = true; there's no warnings at all.
Thanks, Alex! Based on Alex's determination, I am assigning this to Ralph as a memory problem. Ralph, if you disagree, or want to work on this together, let me (ray) know.
I've tested the same files on MacOS X with i686-apple-darwin9-gcc-4.0.1 in 32-bit and 64-bit models. The 32-bit model was also tested under Valgrind. Everything works just file. I think, this is a local problem that requires debugging on the same box where it was observed.
This bugs is very sensitive to the command line. For example, this command line seg faults: head/bin/gs -I/home/marcos/artifex/ghostscript/gs/lib -I/home/marcos/artifex/fonts -sOutputFile=test.pkm -dMaxBitmap=30000000 -sDEVICE=pkmraw -r72 -q -dNOPAUSE -dBATCH -K1000000 -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/artifex/23-12C.PS This one does not: cd /home/marcos/artifex head/bin/gs -I./ghostscript/gs/lib -I/home/marcos/artifex/fonts -sOutputFile=test.pkm -dMaxBitmap=30000000 -sDEVICE=pkmraw -r72 -q -dNOPAUSE -dBATCH -K1000000 -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/artifex/23-12C.PS The only difference is the -I is specified absolutely in the first command line and relative to the current directory in the second. Since the COMPILE_INITS flag is set to 1 the inclusion of the lib directory shouldn't matter in any case (and in fact the command runs without it).
BTW, this is is a regression, it first failed in r9772: r9772 | ray | 2009-05-29 17:22:20 -0700 (Fri, 29 May 2009) | 16 lines Fix the file stream opening logic so that when the open failed, it did not leave buffers and other structures up to the GC for collection. This only affected PS and PDF, but happened on files that needed fonts that were not immediately in the Fontmap. This resulted in up to on the files from bug 690422.
On my computer the change to igc.c mentioned in comment #3 removes the first three valgrind warnings (the ones related to gc_trace and gc_trace_chunk), but the rest remain and the command still seg faults.
I've reproduced Valgrind warning (but not crash) on peeves with the following command line. alexcher@peeves:~$ valgrind --db-attach=no gs_svn/gs/debugobj/gs -I/home/alexcher/assssssssssaa -I/home/alexcher/gs_svn/ gs/Resource/Font/aaaa/aaaaa -sOutputFile=test.pkm -dMaxBitmap=30000000 -sDEVICE=pkmraw -r72 -q -dNOPAUSE -dBATCH -K10000 00 -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps /home/regression/tests_private/ps/ps3cet/23-12C .PS Both -I directories don't exist.
please re-test with rev 9846.
I cannot reproduce Valgrind warning in rev. 9846 or current HEAD (rev. 9920) on the same host and the same command line.
Created attachment 5268 [details] vlog-u64-r9931-r9772.txt On my machine it still shows 3 warnings (Conditional jump or move) with r9931. I have 64-bit ubuntu 9.04 running on vmware fusion. gcc version is (Ubuntu 4.3.3-5ubuntu4). Command line was: $ valgrind bin/gs -Ilib -Ifonts -o test.pkm -sDEVICE=pkmraw -dNOOUTERSAVE -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - <23-12C.PS NOTE: I do NOT have fonts directory in my current directory. I_FORCE_GLOBAL_GC is false (untouched). Revision 9772 shows similar warnings. Both didn't crash though.
The 3 messages about gc_trace_chunk() happen in most files. This issue is tracked as a bug 690176. All these warnings disappear when I_FORCE_GLOBAL_GC is set to true in igc.c . The error itself appears to be harmless and I usually run Valgrind with forced global GC to reduce the noise.
I've disabled 23-12C.PS and 23-12J.PS from the nightly regression by renaming them in the repository; please re-enable them when this issue is resolved.
Marcos can you still reproduce this problem? Alex and Masaki indicate it fixed and I can't reproduce it, only the usual UMR's with smark which is being worked on separately. Maybe there is still a problem on 64 bit linux?
It appears to have been fixed; no more seg faults on 64 bit linux and the errors that valgrind reported are gone. I'm closing and will re-enable the appropriate regression files.
I'm sorry to say the seg fault is back, at least with 23-12J.PS: ./gs/bin/gs -sOutputFile='|md5sum >>./temp/tests_private__ps__ps3cet__23-12J.PS.pbmraw.72.0.md5' -dMaxBitmap=30000000 -sDEVICE=pbmraw -r72 -q -dNOPAUSE -dBATCH -K1000000 -dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < ./tests_private/ps/ps3cet/23-12J.PS % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 ^M 23-12j RANGE 7 ^M 23-12j RANGE 7 = 29106 Text 280 ms ^M 23-12j RANGE 8 ^M Segmentation fault
The good news is that I've been able to make this happen running under a debugger: (gdb) run -sOutputFile=test.out -dMaxBitmap=30000000 -sDEVICE=pbmraw -r72 -q -dNOPAUSE -dBATCH -K1000000 -dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < ../../tests_private/ps/ps3cet/23-12J.PS Starting program: /home/marcos/artifex/nightly.pcl/ghostpdl/gs/debugobj/gs -sOutputFile=test.out -dMaxBitmap=30000000 -sDEVICE=pbmraw -r72 -q -dNOPAUSE -dBATCH -K1000000 -dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < ../../tests_private/ps/ps3cet/23-12J.PS [Thread debugging using libthread_db enabled] % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 23-12j RANGE 7 23-12j RANGE 7 = 29106 Text 360 ms 23-12j RANGE 8 [New Thread 0x7f1aff05b750 (LWP 7249)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f1aff05b750 (LWP 7249)] 0x00000000004b9201 in real_dstack_find_name_by_index (pds=0x1b140e8, nidx=6089) at ./psi/idstack.c:152 152 if (name_index(_mem_not_used, kp) == nidx) { (gdb) where #0 0x00000000004b9201 in real_dstack_find_name_by_index (pds=0x1b140e8, nidx=6089) at ./psi/idstack.c:152 #1 0x00000000004b8b10 in dstack_find_name_by_index (pds=0x1b140e8, nidx=6089) at ./psi/idstack.c:50 #2 0x00000000004bd3a4 in interp (pi_ctx_p=0x1ad5318, pref=0x7fff0707d4e0, perror_object=0x7fff0707d5b0) at ./psi/interp.c:1210 #3 0x00000000004bac9f in gs_call_interp (pi_ctx_p=0x1ad5318, pref=0x7fff0707d4e0, user_errors=1, pexit_code=0x7fff0707d5cc, perror_object=0x7fff0707d5b0) at ./psi/interp.c:496 #4 0x00000000004baad9 in gs_interpret (pi_ctx_p=0x1ad5318, pref=0x7fff0707d4e0, user_errors=1, pexit_code=0x7fff0707d5cc, perror_object=0x7fff0707d5b0) at ./psi/interp.c:454 #5 0x00000000004ae590 in gs_main_interpret (minst=0x1ad5280, pref=0x7fff0707d4e0, user_errors=1, pexit_code=0x7fff0707d5cc, perror_object=0x7fff0707d5b0) at ./psi/imain.c:214 #6 0x00000000004af14d in gs_main_run_string_end (minst=0x1ad5280, user_errors=1, pexit_code=0x7fff0707d5cc, perror_object=0x7fff0707d5b0) at ./psi/imain.c:526 #7 0x00000000004af00a in gs_main_run_string_with_length (minst=0x1ad5280, str=0x8ead8e ".runstdin", length=9, user_errors=1, pexit_code=0x7fff0707d5cc, perror_object=0x7fff0707d5b0) at ./psi/imain.c:484 #8 0x00000000004aef77 in gs_main_run_string (minst=0x1ad5280, str=0x8ead8e ".runstdin", user_errors=1, pexit_code=0x7fff0707d5cc, perror_object=0x7fff0707d5b0) at ./psi/imain.c:466 #9 0x00000000004b1f78 in run_string (minst=0x1ad5280, str=0x8ead8e ".runstdin", options=2) at ./psi/imainarg.c:798 #10 0x00000000004b06a9 in swproc (minst=0x1ad5280, arg=0x7fff0707fa07 "USER=marcos", pal=0x7fff0707db50) at ./psi/imainarg.c:267 #11 0x00000000004b03ee in gs_main_init_with_args (minst=0x1ad5280, argc=19, argv=0x7fff0707e648) at ./psi/imainarg.c:200 #12 0x00000000004053fd in main (argc=19, argv=0x7fff0707e648) at ./psi/gs.c:77 (gdb)
Curiouser and curiouser... This command builds a gs that fails: make distclean ; ./autogen.sh --prefix=/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ; make this one works: make distclean ; ./autogen.sh --prefix=/XXXXXXXXXXXXXXXXXXXXXXXXXXX ; make Note that in either case I never run 'make install', I just execute Ghostscript via 'bin/gs'. The executable contains the string given by the --prefix option eight times, so varying the length of the string does cause things to move around in memory.
This is probably not an issue on your linux machine but on the mac pro I use the following to build 64 bit: make XCFLAGS="-arch x86_64" XLDFLAGS="-arch x86_64" but the flags are not propagated to genarch so the arch.h file is wrong, resulting in many problems. I guess that should be a separate bug for Ralph. If there is some prescription for building a 64 bit gs app on mac os let me know, for now I'll hack up the Makefile.
After fixing the problem explained in comment #20 by changing the Makefile to: CCAUX=$(CC) $(CFLAGS) from: CCAUX=$(CC) $(GCFLAGS) the file works (I did verify longs and ptrs are 8 bytes), so I guess I'll need login information emailed to me to work on this further.
In answer to comment #20 I use: ./autogen.sh CC="gcc -m64" ; make to force 64 bit builds and the same with -m32 for 32 bit builds. The GhostPDL build system doesn't use autogen.sh so instead I use: make pcl "CC=gcc -m64" "CCLD=gcc -m64"
I really can't make progress on this without a machine to reproduce it, I can't even use mac valgrind because it doesn't work with 64-bit Mach-O exes. Assign it back when you have a machine available. I will say we desperately need to integrate valgrind into gs, the problems being reported are severely understated. More specifically there are many uninitialized problems with respect the ghostscript allocator that valgrind never sees. For example, in studying the ptr_struct_mark() issue there are hundreds of problems not reported by valgrind because the memory is recycled through the gs allocator without every returning to the system's malloc and free where it would be tracked by valgrind.
I tried but can't get the problem to occur with the current head. When (if?) I'm able reproduce it I'll setup an account for testing.
I can reproduce valgrind warnings in the current revision on i7a with the following command line. valgrind gs/debugobj/gs -IBBBBBBBBBBBBBBBBBBBBBB -dNOGC -sOutputFile=/dev/null -dMaxBitmap=30000000 -sDEVICE=pbmraw -r72 -dNOPAUSE -dBATCH -K1000000 -dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f ./gs/Resource/Init/gs_cet.ps - </home/ghostscript/tests_private/ps/ps3cet/23-12J.PS.disabled
Please take out -dNOGC from the command line above. The warnings disappear with -dNOGC.
While I agree Marcos' override of CC in comment #22 is the safer approach, I've committed Henry's change from #21 as r10030, so XCFLAGS should work for changing the target width now.
Good news! I can reliably make this happen on peeves with the current head (r10039). To reproduce follow these steps precisely: svn co http://svn.ghostscript.com/ghostscript/trunk/gs -r10039 gs.10039 cd gs.10039 autogen.sh CC="gcc -m64" --disable-cups --disable-fontconfig \ --disable-cairo --prefix=/home/marcos/cluster/gs make ./bin/gs -sOutputFile=test.pgm -sDEVICE=pgmraw \ -dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop \ -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/23-12C.PS
And it also fails with 'make debug': marcos@peeves:[45]% gdb debugobj/gs GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... (gdb) run -sOutputFile=test.pgm -sDEVICE=pgmraw -dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/23-12C.PS Starting program: /home/marcos/gs.10039/debugobj/gs -sOutputFile=test.pgm -sDEVICE=pgmraw - dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/23-12C.PS [Thread debugging using libthread_db enabled] GPL Ghostscript SVN PRE-RELEASE 8.71 (2009-08-01) Copyright (C) 2009 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3017944 1553289 3633112 2312210 1 done. % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 23-12c RANGE 1 Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3059160 1717765 3713848 2372836 1 done. 23-12c RANGE 1 = 29106 Text 250 ms 23-12c RANGE 2 23-12c RANGE 2 = 29106 Text 230 ms /23-12c_Pg01 58212 def %matching 58212 23-12c RANGE 3 23-12c RANGE 3 = 29106 Text 230 ms 23-12c RANGE 4 23-12c RANGE 4 = 29106 Text 380 ms /23-12c_Pg02 58212 def %matching 58212 23-12c RANGE 5 23-12c RANGE 5 = 29106 Text 230 ms 23-12c RANGE 6 [New Thread 0x7fe365af5750 (LWP 18915)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fe365af5750 (LWP 18915)] 0x00000000004b63e2 in real_dict_find (pdref=0x32adba8, pkey=0x3296f48, ppvalue=0x7fff6db1d580) at ./psi/idict.c:378 378 if (name_index(mem, kp) == nidx) { (gdb) where #0 0x00000000004b63e2 in real_dict_find (pdref=0x32adba8, pkey=0x3296f48, ppvalue=0x7fff6db1d580) at ./psi/idict.c:378 #1 0x00000000004b54d2 in dict_find (pdref=0x32adba8, pkey=0x3296f48, ppvalue=0x7fff6db1d580) at ./psi/idict.c:87 #2 0x00000000004d4553 in zop_def (i_ctx_p=0x32adff0) at ./psi/zdict.c:141 #3 0x00000000004bbce2 in interp (pi_ctx_p=0x326f318, pref=0x7fff6db1df90, perror_object=0x7fff6db1e060) at ./psi/interp.c:1006 #4 0x00000000004bac97 in gs_call_interp (pi_ctx_p=0x326f318, pref=0x7fff6db1df90, user_errors=1, pexit_code=0x7fff6db1e07c, perror_object=0x7fff6db1e060) at ./psi/interp.c:496 #5 0x00000000004baad1 in gs_interpret (pi_ctx_p=0x326f318, pref=0x7fff6db1df90, user_errors=1, pexit_code=0x7fff6db1e07c, perror_object=0x7fff6db1e060) at ./psi/interp.c:454 #6 0x00000000004ae588 in gs_main_interpret (minst=0x326f280, pref=0x7fff6db1df90, user_errors=1, pexit_code=0x7fff6db1e07c, perror_object=0x7fff6db1e060) at ./psi/imain.c:214 #7 0x00000000004af145 in gs_main_run_string_end (minst=0x326f280, user_errors=1, pexit_code=0x7fff6db1e07c, perror_object=0x7fff6db1e060) at ./psi/imain.c:526 #8 0x00000000004af002 in gs_main_run_string_with_length (minst=0x326f280, str=0x8ead0e ".runstdin", length=9, user_errors=1, pexit_code=0x7fff6db1e07c, perror_object=0x7fff6db1e060) at ./psi/imain.c:484 #9 0x00000000004aef6f in gs_main_run_string (minst=0x326f280, str=0x8ead0e ".runstdin", user_errors=1, pexit_code=0x7fff6db1e07c, perror_object=0x7fff6db1e060) at ./psi/imain.c:466 #10 0x00000000004b1f70 in run_string (minst=0x326f280, str=0x8ead0e ".runstdin", options=2) at ./psi/imainarg.c:798 #11 0x00000000004b06a1 in swproc (minst=0x326f280, arg=0x7fff6db1f8eb "REMOTEHOST=67.169.4.146", pal=0x7fff6db1e600) at ./psi/imainarg.c:267 #12 0x00000000004b03e6 in gs_main_init_with_args (minst=0x326f280, argc=13, argv=0x7fff6db1f0f8) at ./psi/imainarg.c:200 #13 0x00000000004053fd in main (argc=13, argv=0x7fff6db1f0f8) at ./psi/gs.c:77 (gdb)
And here's the valgrind output: marcos@peeves:[46]% valgrind ./debugobj/gs -sOutputFile=test.pgm -sDEVICE=pgmraw - dNOOUTERSAVE -dJOBSERVER -c false 0 startjob pop -f %rom%Resource/Init/gs_cet.ps - < /home/marcos/23-12C.PS ==19091== Memcheck, a memory error detector. ==19091== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==19091== Using LibVEX rev 1884, a library for dynamic binary translation. ==19091== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==19091== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework. ==19091== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==19091== For more details, rerun with: -v ==19091== GPL Ghostscript SVN PRE-RELEASE 8.71 (2009-08-01) Copyright (C) 2009 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusSanL-Bold font from %rom%Resource/Font/NimbusSanL-Bold... 3017944 1553289 3633112 2312210 1 done. % _Pg checksums collected from PhotoPRINT SE 5.0v2 version 3017.102 23-12c RANGE 1 Loading NimbusRomNo9L-Regu font from %rom%Resource/Font/NimbusRomNo9L-Regu... 3059160 1717765 3713848 2372836 1 done. 23-12c RANGE 1 = 29106 Text 7820 ms 23-12c RANGE 2 23-12c RANGE 2 = 29106 Text 7270 ms /23-12c_Pg01 58212 def %matching 58212 23-12c RANGE 3 23-12c RANGE 3 = 29106 Text 7200 ms 23-12c RANGE 4 23-12c RANGE 4 = 29106 Text 11050 ms /23-12c_Pg02 58212 def %matching 58212 23-12c RANGE 5 23-12c RANGE 5 = 29106 Text 7360 ms 23-12c RANGE 6 ==19091== Invalid read of size 1 ==19091== at 0x4B639E: real_dict_find (idict.c:377) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5f119 is 193 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 8 ==19091== at 0x4B63C0: real_dict_find (idict.c:378) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5f120 is 200 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B63CB: real_dict_find (idict.c:378) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5f11a is 194 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B63EF: real_dict_find (idict.c:378) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5f11a is 194 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4B91C5: real_dstack_find_name_by_index (idstack.c:151) ==19091== by 0x4B8B07: dstack_find_name_by_index (idstack.c:50) ==19091== by 0x4BD39B: interp (interp.c:1210) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x7b5f169 is 273 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 8 ==19091== at 0x4B91D7: real_dstack_find_name_by_index (idstack.c:152) ==19091== by 0x4B8B07: dstack_find_name_by_index (idstack.c:50) ==19091== by 0x4BD39B: interp (interp.c:1210) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x7b5f170 is 280 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B91E2: real_dstack_find_name_by_index (idstack.c:152) ==19091== by 0x4B8B07: dstack_find_name_by_index (idstack.c:50) ==19091== by 0x4BD39B: interp (interp.c:1210) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x7b5f16a is 274 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B9206: real_dstack_find_name_by_index (idstack.c:152) ==19091== by 0x4B8B07: dstack_find_name_by_index (idstack.c:50) ==19091== by 0x4BD39B: interp (interp.c:1210) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x7b5f16a is 274 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4B92CB: real_dstack_find_name_by_index (idstack.c:156) ==19091== by 0x4B8B07: dstack_find_name_by_index (idstack.c:50) ==19091== by 0x4BD39B: interp (interp.c:1210) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x7b5f2b9 is 609 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B92DD: real_dstack_find_name_by_index (idstack.c:158) ==19091== by 0x4B8B07: dstack_find_name_by_index (idstack.c:50) ==19091== by 0x4BD39B: interp (interp.c:1210) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x7b5f2b8 is 608 bytes inside a block of size 20,048 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x80F7AF: i_free_all (gsalloc.c:411) ==19091== by 0x516A88: restore_free (isave.c:987) ==19091== by 0x5165BE: restore_space (isave.c:851) ==19091== by 0x51638B: alloc_restore_step_in (isave.c:788) ==19091== by 0x4EA15B: zrestore (zvmem.c:155) ==19091== by 0x49A974: z2restore (zdevice2.c:319) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BE2F3: interp (interp.c:1538) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4B63B3: real_dict_find (idict.c:377) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4B6446: real_dict_find (idict.c:382) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4C8231: obj_eq (iutil.c:94) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4C824F: obj_eq (iutil.c:100) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4C83EE: obj_eq (iutil.c:134) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4C8221: obj_eq (iutil.c:94) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4C823F: obj_eq (iutil.c:100) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4C83E7: obj_eq (iutil.c:134) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f048 is 16 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4C83F8: obj_eq (iutil.c:134) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B64B1: real_dict_find (idict.c:391) ==19091== by 0x4B54D1: dict_find (idict.c:87) ==19091== by 0x4D4552: zop_def (zdict.c:141) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5edb8 is 15,856 bytes inside a block of size 16,480 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x810B2D: i_free_object (gsalloc.c:820) ==19091== by 0x49178E: s_LZW_release (slzwc.c:38) ==19091== by 0x4CD2EA: sclose (stream.c:425) ==19091== by 0x4CD438: spgetcc (stream.c:457) ==19091== by 0x4CD7A5: sgets (stream.c:541) ==19091== by 0x4D9E42: zreadstring_at (zfileio.c:287) ==19091== by 0x4D9F2F: zreadstring (zfileio.c:316) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4B63B3: real_dict_find (idict.c:377) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4B6446: real_dict_find (idict.c:382) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4C8231: obj_eq (iutil.c:94) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4C824F: obj_eq (iutil.c:100) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== ==19091== Conditional jump or move depends on uninitialised value(s) ==19091== at 0x4C83EE: obj_eq (iutil.c:134) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4B639E: real_dict_find (idict.c:377) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4C8221: obj_eq (iutil.c:94) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4C823F: obj_eq (iutil.c:100) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4C83E7: obj_eq (iutil.c:134) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f048 is 16 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 1 ==19091== at 0x4C83F8: obj_eq (iutil.c:134) ==19091== by 0x4B64F1: real_dict_find (idict.c:397) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== Address 0x7b5f049 is 15 bytes before a block of size 16,480 alloc'd ==19091== at 0x4C278AE: malloc (vg_replace_malloc.c:207) ==19091== by 0x83A85F: gs_heap_alloc_bytes (gsmalloc.c:179) ==19091== by 0x812A9F: alloc_acquire_chunk (gsalloc.c:1678) ==19091== by 0x8118DA: alloc_obj (gsalloc.c:1146) ==19091== by 0x810325: i_alloc_struct_array (gsalloc.c:650) ==19091== by 0x49094D: s_LZWD_init (slzwd.c:74) ==19091== by 0x4D8919: filter_open (zfile.c:1095) ==19091== by 0x4DCA67: filter_read (zfilter.c:238) ==19091== by 0x48AA7D: filter_read_predictor (zfdecode.c:139) ==19091== by 0x48AE8E: zLZWD (zfdecode.c:229) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B64B1: real_dict_find (idict.c:391) ==19091== by 0x4B672D: dict_put (idict.c:451) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== Address 0x7b5edb8 is 15,856 bytes inside a block of size 16,480 free'd ==19091== at 0x4C265AF: free (vg_replace_malloc.c:323) ==19091== by 0x83AF15: gs_heap_free_object (gsmalloc.c:335) ==19091== by 0x813260: alloc_free_chunk (gsalloc.c:1831) ==19091== by 0x810B2D: i_free_object (gsalloc.c:820) ==19091== by 0x49178E: s_LZW_release (slzwc.c:38) ==19091== by 0x4CD2EA: sclose (stream.c:425) ==19091== by 0x4CD438: spgetcc (stream.c:457) ==19091== by 0x4CD7A5: sgets (stream.c:541) ==19091== by 0x4D9E42: zreadstring_at (zfileio.c:287) ==19091== by 0x4D9F2F: zreadstring (zfileio.c:316) ==19091== by 0x4BA5E3: call_operator (interp.c:111) ==19091== by 0x4BCF22: interp (interp.c:1162) ==19091== ==19091== Invalid read of size 2 ==19091== at 0x4B6A0F: dict_put (idict.c:504) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== Address 0x1007b5edb8 is not stack'd, malloc'd or (recently) free'd ==19091== ==19091== Process terminating with default action of signal 11 (SIGSEGV) ==19091== Access not within mapped region at address 0x1007B5EDB8 ==19091== at 0x4B6A0F: dict_put (idict.c:504) ==19091== by 0x4D4579: zop_def (zdict.c:142) ==19091== by 0x4BBCE1: interp (interp.c:1006) ==19091== by 0x4BAC96: gs_call_interp (interp.c:496) ==19091== by 0x4BAAD0: gs_interpret (interp.c:454) ==19091== by 0x4AE587: gs_main_interpret (imain.c:214) ==19091== by 0x4AF144: gs_main_run_string_end (imain.c:526) ==19091== by 0x4AF001: gs_main_run_string_with_length (imain.c:484) ==19091== by 0x4AEF6E: gs_main_run_string (imain.c:466) ==19091== by 0x4B1F6F: run_string (imainarg.c:798) ==19091== by 0x4B06A0: swproc (imainarg.c:267) ==19091== by 0x4B03E5: gs_main_init_with_args (imainarg.c:200) ==19091== If you believe this happened as a result of a stack overflow in your ==19091== program's main thread (unlikely but possible), you can try to increase ==19091== the size of the main thread stack using the --main-stacksize= flag. ==19091== The main thread stack size used in this run was 8388608. ==19091== ==19091== ERROR SUMMARY: 26201 errors from 32 contexts (suppressed: 8 from 1) ==19091== malloc/free: in use at exit: 5,146,573 bytes in 432 blocks. ==19091== malloc/free: 142,824 allocs, 142,392 frees, 885,824,933 bytes allocated. ==19091== For counts of detected errors, rerun with: -v ==19091== Use --track-origins=yes to see where uninitialised values come from ==19091== searching for pointers to 432 not-freed blocks. ==19091== checked 12,928,272 bytes. ==19091== ==19091== LEAK SUMMARY: ==19091== definitely lost: 0 bytes in 0 blocks. ==19091== possibly lost: 0 bytes in 0 blocks. ==19091== still reachable: 5,146,573 bytes in 432 blocks. ==19091== suppressed: 0 bytes in 0 blocks. ==19091== Rerun with --leak-check=full to see details of leaked memory. Segmentation fault marcos@peeves:[47]%
I'm tired of the these files showing up in the regression report; I'm re-disabling them. Please re-re- enable when this is fixed.
I'll try to replicate this on peeves -- if so, I'll have a look.
I tried this again (on peeves) and even did a shell 'while' loop on the stated revision with 8 to 8 character long prefixes in the autogen parameters (doing a make each time) and did not get any misbehavior. what now ???
Created attachment 6053 [details] script (In reply to comment #33) > I tried this again (on peeves) and even did a shell 'while' loop on the > stated revision with 8 to 8 character long prefixes in the autogen > parameters (doing a make each time) and did not get any misbehavior. > > what now ??? If by stated revision you mean r10039 I just tried it again and it still happens. I'm not sure how you were able to test the commands given in Comment #28, the file /home/marcos/23-12C.PS was missing, I had to copy it from another location. Please try running the attached shell script. If it doesn't seg fault for you please try running from my account via tcsh (i.e. sudo su marcos ; tcsh; ./source). Perhaps it's somehow related to an environment variable and/or the account name.
I had a copy of 23-12C.PS There was a typo in my previous comment. The prefix I used was from 8 to 80 (not from 8 to 8) character long prefixes. I'll try again with your suggestions.
I am able to reproduce the segfault as well as with -Z@$? am able to see error messages: GPL Ghostscript SVN PRE-RELEASE 8.71: ./psi/ilocate.c(462): At 0x30fdcc0, array 0x3102548[65] element 0 is not a ref on up to: element 64 is not a ref and then: GPL Ghostscript SVN PRE-RELEASE 8.71: ./psi/ilocate.c(452): At 0x30fdcd0, array 0x31080d0 not in any chunk Note it runs EXTREMELY slowly with these debug switches (more slowly than most files I've used these on). I'm able to get to a breakpoint immediately before the problem by breaking in the dict_alloc gs_alloc call and ignoring the first 13879 hits. Then I can turn on more gs_debug flags (such as 'I', '?' and '@'). Hopefully I can see what is going on here shortly.
Sorry -- the 'ignore' count for right before the failure is 13379 Also, I ONLY get the failure if I am logged in as 'marcos'. I see the error message in ialloc_validate_ref (ilocate.c:452) and it is due to the chunk containing the refs is freed. The snapshot is: [a12:+<.]dict_create_unpacked_keys refs*(1056=66*16) = 0x19c80d0 [a12:+< ]alloc_save_change alloc_change(40) = 0x19c8500 [a12:-$#]dict_resize(old values)(33) 0x19bf1c8 [a12:-$#]dict_resize(old keys)(33) 0x19bf448 [a12:-oF]file_close(buffer) bytes(2048) 0x19c19e8 [a12:-oL]LZW(close) lzw_decode(16388) 0x19c4028 [a-]gs_free(alloc_free_chunk(data)) 0x19c4000(16432) [a-]gs_free(alloc_free_chunk(chunk struct)) 0x1644300(184) [a12:-of]s_std_close LZWDecode state(176) 0x19c17b8 [a12:-of]int_grestore int_gstate(464) 0x19c1388 [a12:-of]gstate_free_contents gx_device_color(744) 0x19c1090 [a12:-of]gstate_free_contents gs_client_color(40) 0x19c1058 [a12:-of]gstate_free_contents clip_path(296) 0x19c0f20 [a13:-o ]gstate_free_contents path(128) 0x1619090 [a12:-oF]gs_grestore gs_state(1344) 0x19c09d0 [a12:-of]gs_grestoreall_for_restore clip_path(296) 0x19bfd00 [a12:-of]int_grestore int_gstate(464) 0x19c07f0 [a12:-of]gstate_free_contents gx_device_color(744) 0x19c04f8 [a12:-of]gstate_free_contents gs_client_color(40) 0x19c04c0 [a12:-of]gstate_free_contents clip_path(296) 0x19c0388 [a13:-o ]gstate_free_contents path(128) 0x1619000 [a12:-oF]gs_grestore gs_state(1344) 0x19bfe38 [a12]closing chunk 0x16443f0 (0x19c8088..0x19c8528, 0x19cc208..0x19cc208..0x19cce90) [a-]gs_free(alloc_free_chunk(data)) 0x19c8070(20000) [a-]gs_free(alloc_free_chunk(chunk struct)) 0x16443f0(184) [a-]gs_free(alloc_free_chunk(chunk struct)) 0x1644210(184) [a12]opening chunk 0x1644120 (0x19bf1b8..0x19bf6b8, 0x19c3338..0x19c3338..0x19c3fc0) [a12:-o ]zrestore savetype(8) 0x19bf6b0 GPL Ghostscript SVN PRE-RELEASE 8.71: ./psi/ilocate.c(452): At 0x19bdcd0, array 0x19c80d0 not in any chunk I have to look into this, but from the above, it seems that there is a 'restore' that is causing the chunk to be freed. I'll look at the PS code being run here and see what's going wrong in the allocation/restore logic (possibly a global dict with local contents).
Reassigning to Ray who commented on this last over 2 years ago, it might be fixed by now, several relevant changes have happened since the comment.
fixed somewhere along the way. Can't get it to fail and -Z@$? doesn't show the 'ilocate' error.