Starting with c2087967ed7782ec38b1abe9950d18daf4d74572 the following command line segfaults: bin/gs -sDEVICE=lp1800 -o test.tmp ./examples/transparency_example.ps
The gdb stack trace: (gdb) run -sDEVICE=lp1800 -o test.out head/examples/transparency_example.ps Starting program: /home/marcos/artifex/ghostpdl/debugbin/gs -sDEVICE=lp1800 -o test.out head/examples/transparency_example.ps [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". GPL Ghostscript GIT PRERELEASE 9.19 (2015-09-23) Copyright (C) 2015 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Program received signal SIGSEGV, Segmentation fault. 0x00000000007f1d61 in escv_begin_image (dev=0x1fde948, pis=0x1f7cab8, pim=0x7fffffffcc90, format=gs_image_format_chunky, prect=0x0, pdcolor=0x0, pcpath=0x0, mem=0x1f4a048, pinfo=0x7fffffffcc08) at ./contrib/eplaser/gdevescv.c:2499 2499 gx_color_index color = gx_dc_pure_color(pdcolor); (gdb) where #0 0x00000000007f1d61 in escv_begin_image (dev=0x1fde948, pis=0x1f7cab8, pim=0x7fffffffcc90, format=gs_image_format_chunky, prect=0x0, pdcolor=0x0, pcpath=0x0, mem=0x1f4a048, pinfo=0x7fffffffcc08) at ./contrib/eplaser/gdevescv.c:2499 #1 0x0000000000a24db4 in gx_default_begin_typed_image (dev=0x1fde948, pis=0x1f7cab8, pmat=0x0, pic=0x7fffffffcc90, prect=0x0, pdcolor=0x0, pcpath=0x0, memory=0x1f4a048, pinfo=0x7fffffffcc08) at ./base/gdevddrw.c:1059 #2 0x0000000000566d3b in pdf14_clist_create_compositor (dev=0x243daf8, pcdev=0x7fffffffcf90, pct=0x221abf8, pis=0x1f7cab8, mem=0x1f4a048, cdev=0x0) at ./base/gdevp14.c:7184 #3 0x0000000000564db5 in send_pdf14trans (pis=0x1f7cab8, dev=0x243daf8, pcdev=0x7fffffffcf90, pparams=0x7fffffffcfd0, mem=0x1f4a048) at ./base/gdevp14.c:6391 #4 0x0000000000546138 in gs_state_update_pdf14trans (pgs=0x1f7cab8, pparams=0x7fffffffcfd0) at ./base/gstrans.c:169 #5 0x0000000000547ead in gs_pop_pdf14trans_device (pgs=0x1f7cab8, is_pattern=0) at ./base/gstrans.c:787 #6 0x0000000000b129ea in zpoppdf14devicefilter (i_ctx_p=0x1f98d10) at ./psi/ztrans.c:474 #7 0x0000000000a89043 in do_call_operator (op_proc=0xb129ca <zpoppdf14devicefilter>, i_ctx_p=0x1f98d10) at ./psi/interp.c:86 #8 0x0000000000a8bc35 in interp (pi_ctx_p=0x1f49ad0, pref=0x7fffffffdb50, perror_object=0x7fffffffdda0) at ./psi/interp.c:1298 #9 0x0000000000a89905 in gs_call_interp (pi_ctx_p=0x1f49ad0, pref=0x7fffffffdcb0, user_errors=1, pexit_code=0x7fffffffdd98, perror_object=0x7fffffffdda0) at ./psi/interp.c:510 #10 0x0000000000a89705 in gs_interpret (pi_ctx_p=0x1f49ad0, pref=0x7fffffffdcb0, user_errors=1, pexit_code=0x7fffffffdd98, perror_object=0x7fffffffdda0) at ./psi/interp.c:468 #11 0x0000000000a7ac63 in gs_main_interpret (minst=0x1f49a30, pref=0x7fffffffdcb0, user_errors=1, pexit_code=0x7fffffffdd98, perror_object=0x7fffffffdda0) at ./psi/imain.c:243 #12 0x0000000000a7be0b in gs_main_run_string_end (minst=0x1f49a30, user_errors=1, pexit_code=0x7fffffffdd98, perror_object=0x7fffffffdda0) at ./psi/imain.c:661 #13 0x0000000000a7bc83 in gs_main_run_string_with_length (minst=0x1f49a30, str=0x207d590 "<686561642f6578616d706c65732f7472616e73706172656e63795f6578616d706c652e7073>.runfile", length=84, user_errors=1, pexit_code=0x7fffffffdd98, perror_object=0x7fffffffdda0) at ./psi/imain.c:619 #14 0x0000000000a7bbf5 in gs_main_run_string (minst=0x1f49a30, str=0x207d590 "<686561642f6578616d706c65732f7472616e73706172656e63795f6578616d706c652e7073>.runfile", user_errors=1, pexit_code=0x7fffffffdd98, perror_object=0x7fffffffdda0) at ./psi/imain.c:601 #15 0x0000000000a7f802 in run_string (minst=0x1f49a30, str=0x207d590 "<686561642f6578616d706c65732f7472616e73706172656e63795f6578616d706c652e7073>.runfile", options=3) at ./psi/imainarg.c:981 #16 0x0000000000a7f77c in runarg (minst=0x1f49a30, pre=0xfb7563 "", arg=0x7fffffffec7c "head/examples/transparency_example.ps", post=0xfb771d ".runfile", options=3) at ./psi/imainarg.c:971 #17 0x0000000000a7f3ee in argproc (minst=0x1f49a30, arg=0x7fffffffec7c "head/examples/transparency_example.ps") at ./psi/imainarg.c:904 #18 0x0000000000a7d5c9 in gs_main_init_with_args (minst=0x1f49a30, argc=5, argv=0x7fffffffe9c8) at ./psi/imainarg.c:239 #19 0x0000000000463825 in main (argc=5, argv=0x7fffffffe9c8) at ./psi/gs.c:96 (gdb)
Other devices which fail in the same way: lp1900 lp2200 lp2400 lp2500 lp3000c lp7500 lp7700 lp7900 lp8000c lp8100 lp8200c lp8300c lp8300f lp8400f lp8500c lp8600 lp8600f lp8700 lp8800c lp8900 lp9000b lp9000c lp9100 lp9200b lp9200c lp9300 lp9400 lp9500c lp9600 lp9600s lp9800c lps4500 lps6500
And these devices as well: alc1900 alc2000 alc4000 alc4100 alc8500 alc8600 alc9100 epl2050 epl2050p epl2120 epl2500 epl2750 epl5800 epl5900 epl6100 epl6200 eplcolor eplmono
Created attachment 13265 [details] patch Move the calculation of the pure color from the start of the function to right before it is used, to avoid dereferencing a NULL pointer when a device is initialized with a minimal set of parameters. The proposed patch fixes the SEGVs on all listed devices.
Fixed by adopting Peter's patch. commit 340b7c7f79d45ed36cd247ff0c13586e6b6a4763 Author: Robin Watts <robin.watts@artifex.com> Date: Wed Feb 22 23:54:38 2017 +0000 Bug 696520: Avoid dereferencing NULL in epson devices. Adopt Peter Cherepanov's patch to avoid dereferencing NULL. Only calculate the pure color if we know we're going to need it - by which time we know it's safe to deference. Peter: Many thanks!