Created attachment 18448 [details] poc Hello I found a Division by Zero bug in GhostScript. Please confirm. Thanks. OS: Ubuntu 18.04 64bit Version: commit 1159afbcad927e1a32008b0ab87e257fc21da8e2 Steps to reproduce: 1. Download the .POC files. 2. Compile the source code with "make sanitize" using gcc. 3. Run following cmd. gs -dBATCH -dNOPAUSE -dSAFER -r8 -dNOCIE -dFitPage -sOutputFile=tmp -sDEVICE=eps9mid $PoC Here's ASAN report. ==7611==ERROR: AddressSanitizer: FPE on unknown address 0x55ca65b69916 (pc 0x55ca65b69916 bp 0x7ffc89ba5a20 sp 0x7ffc89ba58b0 T0) #0 0x55ca65b69915 in eps_print_page devices/gdevepsn.c:343 #1 0x55ca65b6a08e in eps9mid_print_page devices/gdevepsn.c:476 #2 0x55ca65663a02 in gx_default_print_page_copies base/gdevprn.c:1231 #3 0x55ca656633d1 in gdev_prn_output_page_aux base/gdevprn.c:1133 #4 0x55ca656636cb in gdev_prn_bg_output_page base/gdevprn.c:1181 #5 0x55ca65d4183e in gs_output_page base/gsdevice.c:212 #6 0x55ca663a0e6b in zoutputpage psi/zdevice.c:416 #7 0x55ca662bdbc6 in do_call_operator psi/interp.c:86 #8 0x55ca662c7345 in interp psi/interp.c:1300 #9 0x55ca662bf713 in gs_call_interp psi/interp.c:520 #10 0x55ca662bedb8 in gs_interpret psi/interp.c:477 #11 0x55ca6629330f in gs_main_interpret psi/imain.c:253 #12 0x55ca662967c4 in gs_main_run_string_end psi/imain.c:791 #13 0x55ca66296189 in gs_main_run_string_with_length psi/imain.c:735 #14 0x55ca662960fb in gs_main_run_string psi/imain.c:716 #15 0x55ca662a2dbf in run_string psi/imainarg.c:1117 #16 0x55ca662a2b62 in runarg psi/imainarg.c:1086 #17 0x55ca662a23e1 in argproc psi/imainarg.c:1008 #18 0x55ca6629cbad in gs_main_init_with_args01 psi/imainarg.c:241 #19 0x55ca6629d011 in gs_main_init_with_args psi/imainarg.c:288 #20 0x55ca662a8541 in psapi_init_with_args psi/psapi.c:272 #21 0x55ca66477b71 in gsapi_init_with_args psi/iapi.c:148 #22 0x55ca65047ef8 in main psi/gs.c:95 #23 0x7f07735dfb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #24 0x55ca65047c99 in _start (gs+0x36cc99) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE devices/gdevepsn.c:343 in eps_print_page
There's a similar bug in devices/gdevepsc.c:epsc_print_page, which can be seen with: ./sanbin/gs -dBATCH -dNOPAUSE -dSAFER -r8 -dNOCIE -dFitPage -sOutputFile=tmp -sDEVICE=epsonc ../bug-701843.pdf
Fixed in: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f70ab2044429fe4b991801476ea3f4b4a5c0cdf4 https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4e713293de84b689c4ab358f3e110ea54aa81925