Bug#619306: ghostscript segfaults on some eps file

To: 619306@bugs.debian.org
Subject: Bug#619306: ghostscript segfaults on some eps file
From: "Håkon A. Hjortland" <post@hakn.net>
Date: Tue, 03 May 2011 05:03:13 +0200
Message-id: <[🔎] 4DBF7071.40306@hakn.net>
Reply-to: "Håkon A. Hjortland" <post@hakn.net>, 619306@bugs.debian.org

My system:
Ubuntu 11.04
ghostscript 9.01~dfsg-1ubuntu5
liblcms1 1.18.dfsg-1.2ubuntu1

Attaching transmitter.pdf, which seems to provoke a different segfault
error than arch-SPOT.eps.

Quickfix 1 (ugly patches):
liblcms_Interp3D_NULL.*: Fixes arch-SPOT.eps segfault.
ghostscript_icc_link_NULL.*: Fixes transmitter.pdf segfault.
WARNING: I have no idea what I'm doing here. The segfaults disappear,
but for all I know the produced output files from ghostscript might be
wrong now.

Quickfix 2 (downgrading liblcms1):
Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 also
fixes the segfaults for both arch-SPOT.eps and transmitter.pdf.

Before fixes:
--------------------------------------------------------------------------------
$ epstopdf arch-SPOT.eps
epstopdf ($Id: epstopdf.pl 17496 2010-03-18 17:57:31Z karl $) 2.15
!!! Error: Writing to gs failed, signal 11
$ pdf2ps transmitter.pdf
Segmentation fault
--------------------------------------------------------------------------------

After using either of the quickfixes:
--------------------------------------------------------------------------------
$ epstopdf arch-SPOT.eps
$ pdf2ps transmitter.pdf
--------------------------------------------------------------------------------



For people who are just interested in a quick and dirty fix right here
and now, here's the gist:

Step-by-step instructions for downgrade-quickfix for amd64:
--------------------------------------------------------------------------------
> (Use at your own risk!)
> 1) wget 'http://ftp.uninett.no/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1_amd64.deb'
> 2) sudo dpkg --install liblcms1_1.16-7ubuntu1_amd64.deb
> 3) Use synaptic to pin the package at that version ("Lock Version") so that it won't be upgraded again.
--------------------------------------------------------------------------------

Step-by-step instructions for downgrade-quickfix for i386:
--------------------------------------------------------------------------------
> (Use at your own risk!)
> 1) wget 'http://ftp.uninett.no/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1_i386.deb'
> 2) sudo dpkg --install liblcms1_1.16-7ubuntu1_i386.deb
> 3) Use synaptic to pin the package at that version ("Lock Version") so that it won't be upgraded again.
--------------------------------------------------------------------------------



--
Håkon

Attachment: transmitter.pdf
Description: Adobe PDF document

diff -ru source/ghostscript-9.01~dfsg/base/gsicc.c x/ghostscript-9.01~dfsg/base/gsicc.c
--- source/ghostscript-9.01~dfsg/base/gsicc.c	2010-12-06 21:30:42.000000000 +0100
+++ x/ghostscript-9.01~dfsg/base/gsicc.c	2011-05-02 15:03:14.416228156 +0200
@@ -345,7 +345,7 @@
     }
     /* Get a link from the cache, or create if it is not there. Need to get 16 bit profile */
     icc_link = gsicc_get_link(pis, dev, pcs, NULL, &rendering_params, pis->memory, false);
-    if (icc_link->is_identity) {
+    if (icc_link == NULL || icc_link->is_identity) {
         psrc_temp = &(psrc[0]);
     } else {
         /* Transform the color */
@@ -368,7 +368,9 @@
 }
 #endif
     /* Release the link */
-    gsicc_release_link(icc_link);
+    if (icc_link != NULL) {
+      gsicc_release_link(icc_link);
+    }
     /* Now do the remap for ICC which amounts to the alpha application
        the transfer function and potentially the halftoning */
     /* Right now we need to go from unsigned short to frac.  I really
diff -ru source/ghostscript-9.01~dfsg/debian/changelog x/ghostscript-9.01~dfsg/debian/changelog
--- source/ghostscript-9.01~dfsg/debian/changelog	2011-04-01 15:02:35.000000000 +0200
+++ x/ghostscript-9.01~dfsg/debian/changelog	2011-05-02 15:04:47.837064929 +0200
@@ -1,3 +1,9 @@
+ghostscript (9.01~dfsg-1ubuntu5quickfix1) natty; urgency=low
+
+  * Quickfix: Handle icc_link == NULL. Fixes a segfault.
+
+ -- Foo Bar <foo@nowhere.com>  Mon, 02 May 2011 13:36:41 +0200
+
 ghostscript (9.01~dfsg-1ubuntu5) natty; urgency=low
 
   * gs-common: Reintroduce dependency on ghostscript, still too many packages

Attachment: ghostscript_icc_link_NULL.sh
Description: Bourne shell script

diff -ru orig/lcms-1.18.dfsg/debian/changelog fixed/lcms-1.18.dfsg/debian/changelog
--- orig/lcms-1.18.dfsg/debian/changelog	2011-05-02 16:03:20.000000000 +0200
+++ fixed/lcms-1.18.dfsg/debian/changelog	2011-05-03 00:41:03.995618170 +0200
@@ -1,3 +1,9 @@
+lcms (1.18.dfsg-1.2ubuntu1quickfix1) natty; urgency=low
+
+  * Quickfix: Handle Lut->CLut16params.Interp3D == NULL. Fixes a segfault.
+
+ -- Foo Bar <foo@nowhere.com>  Mon, 02 May 2011 13:36:41 +0200
+
 lcms (1.18.dfsg-1.2ubuntu1) natty; urgency=low
 
   * Merge from debian unstable.  Remaining changes: (LP: #694364)
diff -ru orig/lcms-1.18.dfsg/src/cmslut.c fixed/lcms-1.18.dfsg/src/cmslut.c
--- orig/lcms-1.18.dfsg/src/cmslut.c	2009-03-21 16:31:52.000000000 +0100
+++ fixed/lcms-1.18.dfsg/src/cmslut.c	2011-05-03 00:39:08.344636953 +0200
@@ -507,7 +507,7 @@
 
 
 
-       if (Lut -> wFlags & LUT_HAS3DGRID) {
+       if (Lut -> wFlags & LUT_HAS3DGRID && Lut->CLut16params.Interp3D) {
 
             Lut ->CLut16params.Interp3D(StageABC, StageLMN, Lut -> T, &Lut -> CLut16params);

Attachment: liblcms_Interp3D_NULL.sh
Description: Bourne shell script

Reply to:

Follow-Ups:
- Bug#619306: ghostscript segfaults on some eps file
  - From: Jonathan Nieder <jrnieder@gmail.com>

Prev by Date: Bug#625247: hplip-data: HP LaserJet 4L printouts enlarget 400%
Next by Date: Bug#619306: ghostscript segfaults on some eps file
Previous by thread: Bug#625247: hplip-data: HP LaserJet 4L printouts enlarget 400%
Next by thread: Bug#619306: ghostscript segfaults on some eps file
Index(es):
- Date
- Thread