Bug 701843 - Division by Zero at devices/gdevepsn.c:343 in eps_print_page
Summary: Division by Zero at devices/gdevepsn.c:343 in eps_print_page
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: General (show other bugs)
Version: master
Hardware: PC Linux
: P4 normal
Assignee: Julian Smith
Depends on:
Reported: 2019-11-05 17:02 UTC by Suhwan
Modified: 2019-11-06 12:20 UTC (History)
0 users

See Also:
Word Size: ---

poc (117.73 KB, application/pdf)
2019-11-05 17:02 UTC, Suhwan

Note You need to log in before you can comment on or make changes to this bug.
Description Suhwan 2019-11-05 17:02:06 UTC
Created attachment 18448 [details]


I found a Division by Zero bug in GhostScript.
Please confirm. 

OS:        Ubuntu 18.04 64bit
Version:   commit 1159afbcad927e1a32008b0ab87e257fc21da8e2

Steps to reproduce:
1. Download the .POC files.
2. Compile the source code with "make sanitize" using gcc.
3. Run following cmd.

gs -dBATCH -dNOPAUSE -dSAFER -r8 -dNOCIE -dFitPage -sOutputFile=tmp -sDEVICE=eps9mid $PoC

Here's ASAN report.

==7611==ERROR: AddressSanitizer: FPE on unknown address 0x55ca65b69916 (pc 0x55ca65b69916 bp 0x7ffc89ba5a20 sp 0x7ffc89ba58b0 T0)
    #0 0x55ca65b69915 in eps_print_page devices/gdevepsn.c:343
    #1 0x55ca65b6a08e in eps9mid_print_page devices/gdevepsn.c:476
    #2 0x55ca65663a02 in gx_default_print_page_copies base/gdevprn.c:1231
    #3 0x55ca656633d1 in gdev_prn_output_page_aux base/gdevprn.c:1133
    #4 0x55ca656636cb in gdev_prn_bg_output_page base/gdevprn.c:1181
    #5 0x55ca65d4183e in gs_output_page base/gsdevice.c:212
    #6 0x55ca663a0e6b in zoutputpage psi/zdevice.c:416
    #7 0x55ca662bdbc6 in do_call_operator psi/interp.c:86
    #8 0x55ca662c7345 in interp psi/interp.c:1300
    #9 0x55ca662bf713 in gs_call_interp psi/interp.c:520
    #10 0x55ca662bedb8 in gs_interpret psi/interp.c:477
    #11 0x55ca6629330f in gs_main_interpret psi/imain.c:253
    #12 0x55ca662967c4 in gs_main_run_string_end psi/imain.c:791
    #13 0x55ca66296189 in gs_main_run_string_with_length psi/imain.c:735
    #14 0x55ca662960fb in gs_main_run_string psi/imain.c:716
    #15 0x55ca662a2dbf in run_string psi/imainarg.c:1117
    #16 0x55ca662a2b62 in runarg psi/imainarg.c:1086
    #17 0x55ca662a23e1 in argproc psi/imainarg.c:1008
    #18 0x55ca6629cbad in gs_main_init_with_args01 psi/imainarg.c:241
    #19 0x55ca6629d011 in gs_main_init_with_args psi/imainarg.c:288
    #20 0x55ca662a8541 in psapi_init_with_args psi/psapi.c:272
    #21 0x55ca66477b71 in gsapi_init_with_args psi/iapi.c:148
    #22 0x55ca65047ef8 in main psi/gs.c:95
    #23 0x7f07735dfb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #24 0x55ca65047c99 in _start (gs+0x36cc99)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE devices/gdevepsn.c:343 in eps_print_page
Comment 1 Julian Smith 2019-11-06 11:55:28 UTC
There's a similar bug in devices/gdevepsc.c:epsc_print_page, which can be seen with:

    ./sanbin/gs -dBATCH -dNOPAUSE -dSAFER -r8 -dNOCIE -dFitPage -sOutputFile=tmp -sDEVICE=epsonc  ../bug-701843.pdf