Bug 697846 - Security fix causes regression
Summary: Security fix causes regression
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: PS Interpreter (show other bugs)
Version: 9.18
Hardware: PC Linux
: P4 normal
Assignee: Chris Liddell (chrisl)
QA Contact: Bug traffic
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-02 18:49 UTC by Till Kamppeter
Modified: 2017-05-03 07:06 UTC (History)
1 user (show)

See Also:
Customer:
Word Size: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Till Kamppeter 2017-05-02 18:49:19 UTC
See the following Ubuntu bug report:

https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/1687614

Original report:

==========

After the last ghostscript udpate I have problems with the textext inkscape plugin that uses pstoedit that uses ghostscript.

The command looks like this:

pstoedit -f plot-svg tmp.pdf tmp.svg -dt -ssp -psarg -r9600x9600 -pta

The error (short version):

Error: /invalidaccess in --run--
Current allocation mode is global
Last OS error: No such file or directory
Current file position is 87896
GPL Ghostscript 9.18: Unrecoverable error, exit code 1
PostScript/PDF Interpreter finished. Return status 256 executed command : /usr/bin/gs -q -dDELAYBIND -dWRITESYSTEMDICT -dNODISPLAY -dNOEPS -r9600x9600 "/tmp/psinsRrD8m"
The interpreter seems to have failed, cannot proceed !

See the attached log for the full text.

I tried to downgrade to circumvent the issue but unsuccessfully.

==========

The only workaround presented in the bug report is to downgrade to the old version before the security update.

Here is the changelog of the security update, containing all CVE numbers:

https://launchpad.net/ubuntu/+source/ghostscript/9.18~dfsg~0-0ubuntu2.4


https://launchpad.net/ubuntu/+source/ghostscript/9.18~dfsg~0-0ubuntu2.4
Comment 1 Ken Sharp 2017-05-02 23:53:19 UTC
We are going to need an example file and command line to reproduce the problem.

I also note that the report is against 9.18, whereas the security patch was against the current source code. We do not guarantee that an isolated patch pulled from our repository can be successfully applied to an 18 month old version of Ghostscript, potentially with a random unknown series of patches applied to it.

Till you are going to need to reproduce this problem against our current code (built using our third party libraries, not system shared libraries), and supply us with a means of reproducing the problem before we can work on it.
Comment 2 Chris Liddell (chrisl) 2017-05-03 02:00:48 UTC
I've been able to reproduce this.

It's to do with the DELAYBIND crap.
Comment 3 Chris Liddell (chrisl) 2017-05-03 07:06:32 UTC
Fixed in:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719