Bug 699815 - Segmentation fault for pdf input to pngalpha driver
Summary: Segmentation fault for pdf input to pngalpha driver
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Graphics Library (show other bugs)
Version: 9.24
Hardware: Macintosh MacOS X
: P1 blocker
Assignee: Ken Sharp
URL:
Keywords:
: 700339 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-09-27 15:28 UTC by frralt102
Modified: 2019-03-04 21:58 UTC (History)
7 users (show)

See Also:
Customer:
Word Size: ---


Attachments
Example PDF file that generates segfault (15.29 KB, application/pdf)
2018-09-27 15:28 UTC, frralt102
Details
segfault causing pdf (19.93 MB, application/pdf)
2018-10-25 07:43 UTC, na
Details

Note You need to log in before you can comment on or make changes to this bug.
Description frralt102 2018-09-27 15:28:37 UTC
Created attachment 15687 [details]
Example PDF file that generates segfault

Starting with version 9.24 (and above, through git commit 9565f4ca4aab712f411420fa4c8cae79a2cf88ed) the subsequent command will fail with a segmentation fault (the referenced PDF file is attached). The command will succeed with version 9.23 and exactly the same input. The problem seems to be related to the image size of the output, since smaller final image sizes can yield success. I'm using Ghostscript built from source for macOS using MacPorts; the segfault appears on both 10.13.6 (High Sierra) and 10.14.0 (Mojave).

/opt/local/bin/gs -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dQUIET -q -sDEVICE=pngalpha -dLastPage=1 '-sOutputFile=./36275aec95788800a43a3a859f633fd9.png' -r9600 -dDownScaleFactor=8 -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -g3733x1467 -c '<</Install {-157 2 translate}>> setpagedevice' -f './36275aec95788800a43a3a859f633fd9.pdf'

(The attached PDF was obtained by executing the following command, where the original PDF -- of the same name -- was generated by pdflatex.

/opt/local/bin/gs -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dQUIET -q -sDEVICE=bbox -r72 -dLastPage=1 './36275aec95788800a43a3a859f633fd9.pdf'

For context: this PDF was generated by the LaTeXTools plugin (to the Sublimetext editor) via pdflatex to generate live inline-math previews. Similar commands will fail for all such generated PDFs when the final output image size is large enough. Setting -r600 or less seems to allow success for final output images that are not too large, such as the example here.)
Comment 1 Ken Sharp 2018-09-28 02:23:09 UTC
For me this seg faults (on Windows 32-bit) in clist playback, so assigning to Ray in the first instance.
Comment 2 rurixiduc 2018-09-30 17:43:00 UTC
(In reply to frralt102 from comment #0)
> (The attached PDF was obtained by executing the following command, where the
> original PDF -- of the same name -- was generated by pdflatex.
> 
> /opt/local/bin/gs -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dQUIET -q
> -sDEVICE=bbox -r72 -dLastPage=1 './36275aec95788800a43a3a859f633fd9.pdf'
> 
> For context: this PDF was generated by the LaTeXTools plugin (to the
> Sublimetext editor) via pdflatex to generate live inline-math previews.
> Similar commands will fail for all such generated PDFs when the final output
> image size is large enough. Setting -r600 or less seems to allow success for
> final output images that are not too large, such as the example here.)

I am experiencing the same bug in the same context, but just as a clarification, this command here doesn't actually generate or modify the pdf. It gets the bounding box information from the pdf, which is then used to compute the dimensions of the converted png (through the -g3733x1467 argument).

I can also confirm that this bug seems to occur only when the size passed to the device via -g is too large. Changing the resolution doesn't seem to affect it. Somewhere around 2.5k pixels is when it happens, though the aspect ratio seems to matter as well.
Comment 3 frralt102 2018-10-01 02:43:49 UTC
I apologize for the confusion(s): I admit that I'm far from an expert with this software, and I composed the bug report pretty hastily.

Still, I'm happy to help if I can: for example, I can easily generate some additional PDFs that are similarly afflicted.
Comment 4 na 2018-10-25 07:43:36 UTC
Created attachment 15951 [details]
segfault causing pdf

I think I'm having the same issue with the attached PDF.

gs -q  -dBATCH -dNOPAUSE -sDEVICE=pngalpha -dUseTrimBox  -dQFactor=1.0  -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -dFirstPage=1 -dLastPage=1 -r300  -sOutputFile="testingout" "testing.pdf";

Let me know if this is indeed the same issue and if I can do something to debug here.
This issue starts with 9.24 for me as well 9.25 also has the issue. 9.23 and below work fine.
Comment 5 Ken Sharp 2018-10-25 09:10:26 UTC
(In reply to na from comment #4)
> Created attachment 15951 [details]
> segfault causing pdf
> 
> I think I'm having the same issue with the attached PDF.
> 
> gs -q  -dBATCH -dNOPAUSE -sDEVICE=pngalpha -dUseTrimBox  -dQFactor=1.0 
> -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -dFirstPage=1 -dLastPage=1 -r300 
> -sOutputFile="testingout" "testing.pdf";
> 
> Let me know if this is indeed the same issue and if I can do something to
> debug here.
> This issue starts with 9.24 for me as well 9.25 also has the issue. 9.23 and
> below work fine.

I don't believe this is the same problem, though its difficult to be certain. However this file and command line does not seg fault for me, whereas the originally reported file does, as described.
Comment 6 Ken Sharp 2018-10-25 09:40:52 UTC
This appears to be a problem caused by the device subclassing (and some seriously ugly code in the pngalpha device), so I'm taking this one on.

Note that you can probably avoid the problem by simply not using -dFirstPage and -dLastPage. If the problem goes away when you drop those command line switches, then its the same problem.
Comment 7 Ken Sharp 2018-10-25 13:31:26 UTC
Fixed in commit 04333a6f1344df6b5069880cafe7b190d0984601

I can't say for sure that it fixes the second case, since that didn't seg fault for me.
Comment 8 Ken Sharp 2018-12-04 00:45:48 UTC
*** Bug 700313 has been marked as a duplicate of this bug. ***
Comment 9 Ken Sharp 2018-12-04 00:47:14 UTC
*** Bug 700315 has been marked as a duplicate of this bug. ***
Comment 10 Ken Sharp 2018-12-04 14:26:24 UTC
*** Bug 700339 has been marked as a duplicate of this bug. ***
Comment 11 elliot.cm 2018-12-05 13:03:37 UTC
(In reply to Ken Sharp from comment #7)
> Fixed in commit 04333a6f1344df6b5069880cafe7b190d0984601
> 
> I can't say for sure that it fixes the second case, since that didn't seg
> fault for me.

Hi Ken,

Thanks for putting through a fix on this, we appear to have the same issue with 9.26 and the `-dLastPage` option.

Do you happen to know the typical timeframe on a new release going out with this bugfix, or should we look at rolling back the `gs` version?

Regards,
Elliot
Comment 12 Ken Sharp 2018-12-05 18:37:41 UTC
(In reply to elliot.cm from comment #11)

> Thanks for putting through a fix on this, we appear to have the same issue
> with 9.26 and the `-dLastPage` option.

If its with 9.26 its a different problem, see bug #700315 I think.

 
> Do you happen to know the typical timeframe on a new release going out with
> this bugfix, or should we look at rolling back the `gs` version?

Ghostscript is normally released twice per year, once in March and once in September. Serious security problems will cause us to issue an interim release, but otherwise that's the schedule.
Comment 13 Alex 2019-03-04 20:40:09 UTC
We have a PDF file with multiple pages. We need to rasterize any page from that PDF file. GhostScript version 9.26 is not working, but version 9.25 works fine. 

Please fix this issue with next update.
Comment 14 Ray Johnston 2019-03-04 21:58:16 UTC
Alex, you should test with the current version on git, or at least with the
release candidate when it becomes available (subscribe to gs-devel mailing
list to be notified). If your condition is different to the one that has been
fixed, and is not fixed in the current git source version, we cannot assure
you that your condition is fixed (you haven't added a problem file and
command line to this bug).