--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libgs8: SEGV in gs when called from pstoraster (and in other contexts)
- From: Troy Rollo <linux@troy.rollo.name>
- Date: Sat, 26 Feb 2011 22:09:29 +1100
- Message-id: <20110226110929.22810.37851.reportbug@localhost.localdomain>
Package: libgs8
Version: 8.71~dfsg2-9
Severity: important
Tags: upstream
A SEGV can result when gs is invoked by pstoraster with the command
"/usr/bin/gs -dQUIET -dDEBUG -dPARANOIDSAFER -dNOPAUSE -dBATCH -dNOMEDIAATTRS
-sDEVICE=cups -sstdout=%stderr -sOUTPUTFILE=%stdout -c -f -_", depending on
the input postscript file.
The problem arises because of the interaction between the "stringoption" macro
in cups/gdevcups.c:
#define stringoption(name, sname) \
if ((code = param_read_string(plist, sname, &stringval)) < 0) \
{ \
dprintf2("ERROR: Error setting %s to \"%s\"...\n", sname, \
(char *)(stringval.data)); \
param_signal_error(plist, sname, code); \
return (code); \
} \
else if (code == 0) \
{ \
dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \
(char *)(stringval.data)); \
strncpy(cups->header.name, (const char *)(stringval.data), \
stringval.size); \
cups->header.name[stringval.size] = '\0'; \
}
and the "param_read_string" function in base/gsparam.c:
int
param_read_string(gs_param_list * plist, gs_param_name pkey,
gs_param_string * pvalue)
{
RETURN_READ_TYPED(s, gs_param_type_string);
}
The RETURN_READ_TYPED macro is as follows:
#define RETURN_READ_TYPED(alt, ptype)\
gs_param_typed_value typed;\
int code;\
\
typed.type = ptype;\
code = param_read_requested_typed(plist, pkey, &typed);\
if ( code == 0 )\
*pvalue = typed.value.alt;\
return code
The problem occurs if param_read_requested_typed returns a non-zero status. In
that case, pvalue is never set in param_read_string, which means that the value
from the stringoption macro is left uninitialised. "stringoption" then tries to
use that uninitialised value as a string parameter to dprintf2.
The following change to param_read_string will prevent the SEGV, and allow the
process (and the print job) to complete successfully:
int
param_read_string(gs_param_list * plist, gs_param_name pkey,
gs_param_string * pvalue)
{
pvalue->data = 0;
pvalue->size = 0;
pvalue->persistent = 0;
RETURN_READ_TYPED(s, gs_param_type_string);
}
However it seems more likely that the correct fix is for stringoption not to
attempt to use the stringvalue variable on error, so that the macro would
appear as follows:
#define stringoption(name, sname) \
if ((code = param_read_string(plist, sname, &stringval)) < 0) \
{ \
dprintf2("ERROR: Error setting %s...\n", sname); \
param_signal_error(plist, sname, code); \
return (code); \
} \
else if (code == 0) \
{ \
dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \
(char *)(stringval.data)); \
strncpy(cups->header.name, (const char *)(stringval.data), \
stringval.size); \
cups->header.name[stringval.size] = '\0'; \
}
However the correct fix may be a matter for upstream.
The impact of this bug is that some postscript files cannot be succesfully
printed at all to printers that require rasterisation.
I have an example file, but it contains configential so I can only provide it
if necessary out of band to the developer who will be fixing it. It may be
possible to duplicate this by configuring a Windows 7 system to print to that
printer using a postscript driver, and printing a test page.
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (700, 'stable'), (600, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgs8 depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-2 common error description library
ii libcups2 1.4.4-7 Common UNIX Printing System(tm) -
ii libcupsimage2 1.4.4-7 Common UNIX Printing System(tm) -
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libjasper1 1.900.1-7+b1 The JasPer JPEG-2000 runtime libra
ii libjbig2dec0 0.11-1 JBIG2 decoder library - shared lib
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libpaper1 1.1.24 library for handling paper charact
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libtiff4 3.9.4-5 Tag Image File Format (TIFF) libra
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libgs8 recommends no packages.
libgs8 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
- To: 615202-close@bugs.debian.org
- Subject: Bug#615202: fixed in ghostscript 9.02~dfsg-1
- From: Jonas Smedegaard <dr@jones.dk>
- Date: Sat, 09 Apr 2011 21:17:25 +0000
- Message-id: <E1Q8fX3-0007mk-Ju@franck.debian.org>
Source: ghostscript
Source-Version: 9.02~dfsg-1
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive:
ghostscript-cups_9.02~dfsg-1_amd64.deb
to main/g/ghostscript/ghostscript-cups_9.02~dfsg-1_amd64.deb
ghostscript-dbg_9.02~dfsg-1_amd64.deb
to main/g/ghostscript/ghostscript-dbg_9.02~dfsg-1_amd64.deb
ghostscript-doc_9.02~dfsg-1_all.deb
to main/g/ghostscript/ghostscript-doc_9.02~dfsg-1_all.deb
ghostscript-x_9.02~dfsg-1_amd64.deb
to main/g/ghostscript/ghostscript-x_9.02~dfsg-1_amd64.deb
ghostscript_9.02~dfsg-1.debian.tar.gz
to main/g/ghostscript/ghostscript_9.02~dfsg-1.debian.tar.gz
ghostscript_9.02~dfsg-1.dsc
to main/g/ghostscript/ghostscript_9.02~dfsg-1.dsc
ghostscript_9.02~dfsg-1_amd64.deb
to main/g/ghostscript/ghostscript_9.02~dfsg-1_amd64.deb
ghostscript_9.02~dfsg.orig.tar.gz
to main/g/ghostscript/ghostscript_9.02~dfsg.orig.tar.gz
gs-common_9.02~dfsg-1_all.deb
to main/g/ghostscript/gs-common_9.02~dfsg-1_all.deb
gs-gpl_9.02~dfsg-1_all.deb
to main/g/ghostscript/gs-gpl_9.02~dfsg-1_all.deb
libgs-dev_9.02~dfsg-1_amd64.deb
to main/g/ghostscript/libgs-dev_9.02~dfsg-1_amd64.deb
libgs9-common_9.02~dfsg-1_all.deb
to main/g/ghostscript/libgs9-common_9.02~dfsg-1_all.deb
libgs9_9.02~dfsg-1_amd64.deb
to main/g/ghostscript/libgs9_9.02~dfsg-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 615202@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 Apr 2011 06:56:28 +0200
Source: ghostscript
Binary: ghostscript gs-gpl gs-common ghostscript-cups ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source all amd64
Version: 9.02~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-cups - interpreter for the PostScript language and for PDF - CUPS filter
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
gs-common - Transitional dummy package for ghostscript
gs-gpl - Transitional dummy package for ghostscript
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 615202 616024 620970
Changes:
ghostscript (9.02~dfsg-1) unstable; urgency=low
.
* New upstream release.
Closes: bug#620970. Thanks to Daniel Baumann.
+ Fixes crash in CUPS driver.
Closes: bug#615202.
.
[ Jonas Smedegaard ]
* Set libgs-dev to priority optional (not extra) to match override
file.
* Fix have libgs* depend on lib*-common, source-versioned to ensure
sanity while allow binNMUs. Thanks to Niels Thykier.
* Drop obsolete lintian overrides.
* Fix stop stripping convenience library icclib from upstream source:
Linkage against shared system library was not applied and is not yet
working.
* Update upstream download URL. Tidy note on DFSG repackaging copyright file.
* Drop patches 0001 and 1001: Applied upstream.
* Update copyright file:
+ (Re)add licensing of icclib.
+ Fix treat SunSoft part as exception (not separate license).
+ Reorder Files sections to match hints file.
+ Add new owners.
* Update symbols files.
.
[ Didier Raboud ]
* Add a -dbg package.
Closes: #616024.
Checksums-Sha1:
cf85a4c4b81633b382c31cc12bfb4d59b7d43b95 2520 ghostscript_9.02~dfsg-1.dsc
8c5fdc4c95074723ebd0490f26843acf1f123617 17379399 ghostscript_9.02~dfsg.orig.tar.gz
b05593ed4d05e49c8213eb8415718e018adb30dc 99482 ghostscript_9.02~dfsg-1.debian.tar.gz
278afd20294169b8f73d81fcca1f515ec86e7d5b 44290 gs-gpl_9.02~dfsg-1_all.deb
ab45bc2174f57f5f7c775b93ce8d7b2ea77ac0f0 44032 gs-common_9.02~dfsg-1_all.deb
42079d7fcc035de3a8c03e150103217a192f773a 3128740 ghostscript-doc_9.02~dfsg-1_all.deb
b08e38fd5ee85b74230258b3c8b11a57b5672fd6 4468706 libgs9-common_9.02~dfsg-1_all.deb
16e9efb682c5ff764d8629c995f41b2ccbda357c 80082 ghostscript_9.02~dfsg-1_amd64.deb
fcab4fa1632a5044692c152f4a8f3d787fe039a5 59756 ghostscript-cups_9.02~dfsg-1_amd64.deb
dddbbeac90562a42ff99eee1c704d1d69d57a7cb 79992 ghostscript-x_9.02~dfsg-1_amd64.deb
43a7a1bc568bb78914e67acb232ad80e7cd55be6 2365234 libgs9_9.02~dfsg-1_amd64.deb
ea0ce5adbb986e509b94ac5df7e4afb124e7ef59 2956168 libgs-dev_9.02~dfsg-1_amd64.deb
a3ccf1d607f273d43e2de83ef7cf72ac0ea6d103 8707496 ghostscript-dbg_9.02~dfsg-1_amd64.deb
Checksums-Sha256:
b57219056baa6cb19201210ebaadfd6d6dd0c38136b605b18de161cac3073137 2520 ghostscript_9.02~dfsg-1.dsc
69233af7c43f8af41d897ee4c742aee235e353d850fa779d84ac239e4c84eba2 17379399 ghostscript_9.02~dfsg.orig.tar.gz
2f2ab2e4590008a9bb49b529e5f29262ae898d746e6f255d4f9f2e471f44cb53 99482 ghostscript_9.02~dfsg-1.debian.tar.gz
4c8733daba440079d22fd257ac76c5130f74835c2ea9fa23d1953037fe2ea677 44290 gs-gpl_9.02~dfsg-1_all.deb
13ce3833ffe94300f37cab061cec282d23ce28a2ac38c1e04f4518de01b5f7ab 44032 gs-common_9.02~dfsg-1_all.deb
6df8bf8df33384d8c3876758c522ed69ba474cfc384010fae120641afca944dd 3128740 ghostscript-doc_9.02~dfsg-1_all.deb
c700f5b1fc0b1c8890dcab0d3f93ffd0437589eb72ff65e3db5261eb6f5f7d5b 4468706 libgs9-common_9.02~dfsg-1_all.deb
86a1fc51898ce1a9b98a2957507ea2a89f15f1d29f33f29436069e7ad28bb629 80082 ghostscript_9.02~dfsg-1_amd64.deb
6c88d1046e810036a3c27a5bd8c30f986223278c8910d8ddd94658812a3c9eee 59756 ghostscript-cups_9.02~dfsg-1_amd64.deb
8b3a11621867baf2c3d0000ddcb1fc66e581defa7abc4a59fc7ba398c380f546 79992 ghostscript-x_9.02~dfsg-1_amd64.deb
7f95b578a86cf8496420445b7236be7c9c9e5479d43e582d1b238a4c42f51c8c 2365234 libgs9_9.02~dfsg-1_amd64.deb
a5c89c06c170e5af94339647ddc54b6b9aad0e043f28d3d7069bef004ad09e70 2956168 libgs-dev_9.02~dfsg-1_amd64.deb
4d73be1cc8282995407dff80c441e7f7319f424776ab905895f0ec1cc36b690f 8707496 ghostscript-dbg_9.02~dfsg-1_amd64.deb
Files:
1496fb180f8477507ef993059175bca7 2520 text optional ghostscript_9.02~dfsg-1.dsc
1dbab5cdcfcd711e1d8c7d38cad29d31 17379399 text optional ghostscript_9.02~dfsg.orig.tar.gz
2579bfa016c95cf124acb3afc03d891d 99482 text optional ghostscript_9.02~dfsg-1.debian.tar.gz
55ab4978dd8052115c106faaae9b4b36 44290 text extra gs-gpl_9.02~dfsg-1_all.deb
9500c64f95be5133ab424cbbaa5c4d58 44032 text extra gs-common_9.02~dfsg-1_all.deb
dfe7d3df7bfa7051be8546e83fec1aa4 3128740 doc optional ghostscript-doc_9.02~dfsg-1_all.deb
1f6222bd0243f8bd992062d312a8fb7b 4468706 libs optional libgs9-common_9.02~dfsg-1_all.deb
7253bd79bb99532ee75377fdc539d107 80082 text optional ghostscript_9.02~dfsg-1_amd64.deb
ac6b47409a47353b1a7d7aeeca080e76 59756 text optional ghostscript-cups_9.02~dfsg-1_amd64.deb
e83bd70caf9456481ad2c39d239ad8bc 79992 text optional ghostscript-x_9.02~dfsg-1_amd64.deb
33d42cd1d7007f9aa863ad5cdd0c72d6 2365234 libs optional libgs9_9.02~dfsg-1_amd64.deb
27d4ab61ec7aacc995fc89b45d56dbec 2956168 libdevel optional libgs-dev_9.02~dfsg-1_amd64.deb
fa7ad28b8cf2bfd3ec47b3c906a95723 8707496 debug extra ghostscript-dbg_9.02~dfsg-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJNoFZsAAoJECx8MUbBoAEhZsEP/3qnoeFB0sprHmN32BIw66yb
OPiZpY9z8ozZne2IUZK+TbfcEp2ITW1xgzKECHL/UXy4dh+J8NH1lnvnqzHQqFNZ
JlyIstwA0LIUyNePBuMRkH4aNjqNZo3WJ57biEpZTWCGm1CMdMpElMSudhf12ysw
+7GWAZfcCoZ74x+zmLwb7hXfRc4n5oqFmhD5aaFe/wqIxobmgF5lUFIbUkFo4qE9
xnhEFAyzMwJNIsm3fw4A6qwfQB0a+0s30HKXz8XfEVqEhBLMNSRBGUzOWiwPWbKX
EsnJyiaYyBbuQX265k5fgxwPgstJeG2WAQvZJ2gJWiD1O/ZzRjJBFETWLXF4vlrx
ZzlD6HgAwsekX5aPKYfcZDAuDhO6HzX4Y3IpjAq9K8FblTRQi25UtKZ6u2bKHIo0
UAUkYsFVuuqlRnjUs41PK91t8dXRqxBYSKkCmCzn9k6fKET4bh7uwxs2xR9mUGYD
QlIFEVhgNdqrCSgjlQVuDoiM3gJylD55qjJ0ilPb83n5iMKD6cE5oIQ10YEk8IaN
NbD6M/MBqlqnD1yPBj93i5mIvKrqu7LEteZ+igdTxe4hLkKHflZP2BMW2IAH726G
RfGamuLlkmYlRnX9ax8SekPllLqmTGpNMh8t1/YW1+1z7GnU+CEYJL/L8fryTt3F
cXhOgo01dhsy6THEwnkJ
=HN/s
-----END PGP SIGNATURE-----
--- End Message ---