A user has found a heap overflow in Ghostscript.
The issue will be described in a private attachment.
Created attachment 5847 [details]
Created attachment 5848 [details]
May be a font issue
Looks like it is a font issue. Also, like the last one, it gives an error on
Windows instead of a crash. The previous issue was partially due to probably
random data because of broken compressed stream, and influenced by optimisations
in gcc (debug build didn't crash).
I'll need to run it on Linux tomorrow to see what's happening, and probably
build an optimised executable with debug info.
Created attachment 5856 [details]
The original user has sent some further analysis.
He's is also wondering if this issue or the previous one (Bug #691043) were
significant enough to qualify as bountiable. Ray?
Using ddd, the file doesn't provoke a SEGV, in fact on Fedora I'm unable to
reproduce a crash at all. Given the fact that this 'probably' depends on the
content of uninitialised memory that's not entirely surprising.
I have read update.txt but I'm not completely happy about the proposed fix, I'll
do some debugging then some desk checking and think about it.
OK, this is hopefully fixed by revision 10602:
As noted in the log, I've chosen to simply return when the argument to MINDEX is
0. This is because it seems to be legal, if daft, and we know from experience
that just because its silly doesn't mean that producers won't create fonts like
Unfortunately I have never actually managed to reproduce this problem, so I
can't be certain this patch fixes it. It would be best if someone who could
previously reproduce the problem woucl check this.