Bug#970878: ghostscript breaks doc-rfc autopkgtest: segmentation fault
Dear Maintainer,
tried to have a look at this one, found the segfault [1],
and can point to the place where the pointer gets overwritten [2].
Unfortunately Valgrind or ASAN gave me not more details.
Kind regards,
Bernhard
[1]
Program received signal SIGSEGV, Segmentation fault.
0x00007fa54364fc11 in gs_grestore (pgs=0x1) at ./base/gsstate.c:409
409 if (!pgs->saved)
(rr) bt
#0 0x00007fa54364fc11 in gs_grestore (pgs=0x1) at ./base/gsstate.c:409
#1 0x00007fa543662c39 in gx_default_text_restore_state (pte=<optimized out>) at ./base/gxchar.c:252
#2 0x00007fa54358ad46 in textw_text_process (pte=0x55dc1a95c2f8) at ./devices/vector/gdevtxtw.c:2287
#3 0x00007fa54371ca20 in op_show_continue (i_ctx_p=0x55dc17e6be98) at ./psi/zchar.c:690
#4 op_show_continue (i_ctx_p=0x55dc17e6be98) at ./psi/zchar.c:685
#5 0x00007fa5436fd7e5 in interp (perror_object=<optimized out>, pref=<optimized out>, pi_ctx_p=<optimized out>) at ./psi/interp.c:1300
#6 gs_call_interp (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>) at ./psi/interp.c:520
#7 0x00007fa5436fee08 in gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>, perror_object@entry=0x7ffeafc83060) at ./psi/interp.c:477
#8 0x00007fa5436f17de in gs_main_interpret (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, pref=0x7ffeafc82fa0, minst=<optimized out>) at ./psi/imain.c:927
#9 gs_main_run_string_end (minst=minst@entry=0x55dc17e38b50, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=perror_object@entry=0x7ffeafc83060) at ./psi/imain.c:927
#10 0x00007fa5436f1871 in gs_main_run_string_with_length (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, length=9, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imain.c:871
#11 gs_main_run_string_with_length (minst=0x55dc17e38b50, str=0x7fa543801aef ".runstdin", length=9, user_errors=1, pexit_code=0x7ffeafc83050, perror_object=0x7ffeafc83060) at ./psi/imain.c:857
#12 0x00007fa5436f4323 in run_string (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=<optimized out>, options=2, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imainarg.c:1166
#13 swproc (minst=minst@entry=0x55dc17e38b50, arg=0x7ffeafc83060 "\001\017", pal=pal@entry=0x7ffeafc837a0) at ./psi/imainarg.c:367
#14 0x00007fa5436f5543 in gs_main_init_with_args01 (minst=minst@entry=0x55dc17e38b50, argc=7, argv=0x7ffeafc84318) at ./psi/imainarg.c:224
#15 0x00007fa5436f5739 in gs_main_init_with_args (minst=0x55dc17e38b50, argc=<optimized out>, argv=<optimized out>) at ./psi/imainarg.c:289
#16 0x000055dc1650e1bc in main (argc=7, argv=0x7ffeafc84318) at ./psi/dxmainc.c:86
[2] Pointer gets overwritten here:
Hardware watchpoint 1: *0x55dc1a95c680
Old value = (void *) 0x1
New value = (void *) 0x55dc17e6c188
__memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:419
419 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7fa543294d50 <__memmove_avx_unaligned_erms+480>: vmovdqa %ymm3,0x60(%rdi)
(rr) bt
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:419
#1 0x00007fa5437355d7 in memmove (__len=<optimized out>, __src=0x55dc1a95c888, __dest=0x55dc1a95c600) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
#2 gc_objects_compact (gcst=0x7ffeafc81cf0, gcst=0x7ffeafc81cf0, cp=0x55dc1a7d1eb0) at ./psi/igc.c:1348
#3 gs_gc_reclaim (pspaces=<optimized out>, global=0) at ./psi/igc.c:481
#4 0x00007fa543700eb5 in gs_vmreclaim (global=0, dmem=0x55dc17e6bea0) at ./psi/ireclaim.c:165
#5 ireclaim (dmem=0x55dc17e6bea0, space=-1) at ./psi/ireclaim.c:80
#6 0x00007fa5436fc3ed in interp_reclaim (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, space=space@entry=-1) at ./psi/interp.c:450
#7 0x00007fa5436fe1e6 in interp (perror_object=<optimized out>, pref=<optimized out>, pi_ctx_p=<optimized out>) at ./psi/interp.c:1817
#8 gs_call_interp (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>) at ./psi/interp.c:520
#9 0x00007fa5436fee08 in gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>, perror_object@entry=0x7ffeafc83060) at ./psi/interp.c:477
#10 0x00007fa5436f17de in gs_main_interpret (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, pref=0x7ffeafc82fa0, minst=<optimized out>) at ./psi/imain.c:927
#11 gs_main_run_string_end (minst=minst@entry=0x55dc17e38b50, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=perror_object@entry=0x7ffeafc83060) at ./psi/imain.c:927
#12 0x00007fa5436f1871 in gs_main_run_string_with_length (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, length=9, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imain.c:871
#13 gs_main_run_string_with_length (minst=0x55dc17e38b50, str=0x7fa543801aef ".runstdin", length=9, user_errors=1, pexit_code=0x7ffeafc83050, perror_object=0x7ffeafc83060) at ./psi/imain.c:857
#14 0x00007fa5436f4323 in run_string (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=<optimized out>, options=2, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imainarg.c:1166
#15 swproc (minst=minst@entry=0x55dc17e38b50, arg=0x7ffeafc83060 "\001\017", pal=pal@entry=0x7ffeafc837a0) at ./psi/imainarg.c:367
#16 0x00007fa5436f5543 in gs_main_init_with_args01 (minst=minst@entry=0x55dc17e38b50, argc=7, argv=0x7ffeafc84318) at ./psi/imainarg.c:224
#17 0x00007fa5436f5739 in gs_main_init_with_args (minst=0x55dc17e38b50, argc=<optimized out>, argv=<optimized out>) at ./psi/imainarg.c:289
#18 0x000055dc1650e1bc in main (argc=7, argv=0x7ffeafc84318) at ./psi/dxmainc.c:86
# Bullseye/testing amd64 qemu VM 2020-10-10
# enable unstable sources
apt update
apt dist-upgrade
apt install systemd-coredump mc sshfs gdb rr valgrind doc-rfc-old-std
apt install ghostscript/unstable ghostscript-dbgsym libgs9-dbgsym
apt build-dep ghostscript/unstable
echo 1 > /proc/sys/kernel/perf_event_paranoid
mkdir /home/benutzer/source/ghostscript/orig -p
cd /home/benutzer/source/ghostscript/orig
apt source ghostscript/unstable
cd
root@debian:~# dpkg -l | grep ghostscript
ii ghostscript 9.53.3~dfsg-4 amd64 interpreter for the PostScript language and for PDF
benutzer@debian:~$ zcat /usr/share/doc/RFC/links/rfc1247.ps.gz | ps2txt > /dev/null
Segmentation fault (core dumped)
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Sat 2020-10-10 00:10:30 CEST 7932 1000 1000 11 present /usr/bin/gs
root@debian:~# journalctl -e
...
Okt 10 00:10:29 debian kernel: traps: gs[7932] general protection fault ip:7fd02bf99246 sp:7ffd8db40a78 error:0 in libgs.so.9.53[7fd02bd3d000+368000]
Okt 10 00:10:29 debian systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Okt 10 00:10:29 debian systemd[1]: Started Process Core Dump (PID 7933/UID 0).
Okt 10 00:10:30 debian systemd-coredump[7934]: Process 7932 (gs) of user 1000 dumped core.
Stack trace of thread 7932:
#0 0x00007fd02bf99246 gs_text_release (libgs.so.9 + 0x35b246)
#1 0x00007fd02bed1d5e n/a (libgs.so.9 + 0x293d5e)
#2 0x00007fd02c063a20 op_show_continue (libgs.so.9 + 0x425a20)
#3 0x00007fd02c0447e5 n/a (libgs.so.9 + 0x4067e5)
#4 0x00007fd02c045e08 gs_interpret (libgs.so.9 + 0x407e08)
#5 0x00007fd02c0387de gs_main_run_string_end (libgs.so.9 + 0x3fa7de)
#6 0x00007fd02c038871 gs_main_run_string_with_length (libgs.so.9 + 0x3fa871)
#7 0x00007fd02c03b323 n/a (libgs.so.9 + 0x3fd323)
#8 0x00007fd02c03c543 gs_main_init_with_args01 (libgs.so.9 + 0x3fe543)
#9 0x00007fd02c03c739 gs_main_init_with_args (libgs.so.9 + 0x3fe739)
#10 0x0000555caffeb1bc n/a (gs + 0x11bc)
#11 0x00007fd02ba9fcca __libc_start_main (libc.so.6 + 0x26cca)
#12 0x0000555caffeb25a n/a (gs + 0x125a)
Okt 10 00:10:30 debian systemd[1]: systemd-coredump@0-7933-0.service: Succeeded.
root@debian:~# coredumpctl gdb 7932
PID: 7932 (gs)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 11 (SEGV)
Timestamp: Sat 2020-10-10 00:10:29 CEST (2min 21s ago)
Command Line: gs -q -dSAFER -sDEVICE=txtwrite -o - -
Executable: /usr/bin/gs
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: 4b1a6fa77d804bf9bb0ba7fb99e910e0
Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
Hostname: debian
Storage: /var/lib/systemd/coredump/core.gs.1000.4b1a6fa77d804bf9bb0ba7fb99e910e0.7932.1602281429000000.zst
Message: Process 7932 (gs) of user 1000 dumped core.
Stack trace of thread 7932:
#0 0x00007fd02bf99246 gs_text_release (libgs.so.9 + 0x35b246)
#1 0x00007fd02bed1d5e n/a (libgs.so.9 + 0x293d5e)
#2 0x00007fd02c063a20 op_show_continue (libgs.so.9 + 0x425a20)
#3 0x00007fd02c0447e5 n/a (libgs.so.9 + 0x4067e5)
#4 0x00007fd02c045e08 gs_interpret (libgs.so.9 + 0x407e08)
#5 0x00007fd02c0387de gs_main_run_string_end (libgs.so.9 + 0x3fa7de)
#6 0x00007fd02c038871 gs_main_run_string_with_length (libgs.so.9 + 0x3fa871)
#7 0x00007fd02c03b323 n/a (libgs.so.9 + 0x3fd323)
#8 0x00007fd02c03c543 gs_main_init_with_args01 (libgs.so.9 + 0x3fe543)
#9 0x00007fd02c03c739 gs_main_init_with_args (libgs.so.9 + 0x3fe739)
#10 0x0000555caffeb1bc n/a (gs + 0x11bc)
#11 0x00007fd02ba9fcca __libc_start_main (libc.so.6 + 0x26cca)
#12 0x0000555caffeb25a n/a (gs + 0x125a)
GNU gdb (Debian 9.2-1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/gs...
(No debugging symbols found in /usr/bin/gs)
[New LWP 7932]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `gs -q -dSAFER -sDEVICE=txtwrite -o - -'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fd02bf99246 in gs_text_release () from /lib/x86_64-linux-gnu/libgs.so.9
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 0x00007fd02bf99246 in gs_text_release () from /lib/x86_64-linux-gnu/libgs.so.9
#1 0x00007fd02bed1d5e in ?? () from /lib/x86_64-linux-gnu/libgs.so.9
#2 0x00007fd02c063a20 in op_show_continue () from /lib/x86_64-linux-gnu/libgs.so.9
#3 0x00007fd02c0447e5 in ?? () from /lib/x86_64-linux-gnu/libgs.so.9
#4 0x00007fd02c045e08 in gs_interpret () from /lib/x86_64-linux-gnu/libgs.so.9
#5 0x00007fd02c0387de in gs_main_run_string_end () from /lib/x86_64-linux-gnu/libgs.so.9
#6 0x00007fd02c038871 in gs_main_run_string_with_length () from /lib/x86_64-linux-gnu/libgs.so.9
#7 0x00007fd02c03b323 in ?? () from /lib/x86_64-linux-gnu/libgs.so.9
#8 0x00007fd02c03c543 in gs_main_init_with_args01 () from /lib/x86_64-linux-gnu/libgs.so.9
#9 0x00007fd02c03c739 in gs_main_init_with_args () from /lib/x86_64-linux-gnu/libgs.so.9
#10 0x0000555caffeb1bc in ?? ()
#11 0x00007fd02ba9fcca in __libc_start_main (main=0x555caffeb0f0, argc=7, argv=0x7ffd8db42b48, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd8db42b38) at ../csu/libc-start.c:308
#12 0x0000555caffeb25a in ?? ()
(gdb) bt
#0 0x00007fd02bf99246 in gs_text_release (pte=0x555cb2d195e8, cname=0x7fd02c124a15 "txtwrite_text_process") at ./base/gstext.c:767
#1 0x00007fd02bed1d5e in textw_text_process (pte=0x555cb2d192c8) at ./devices/vector/gdevtxtw.c:2290
#2 0x00007fd02c063a20 in op_show_continue (i_ctx_p=0x555cb0228e68) at ./psi/zchar.c:690
#3 op_show_continue (i_ctx_p=0x555cb0228e68) at ./psi/zchar.c:685
#4 0x00007fd02c0447e5 in interp (perror_object=<optimized out>, pref=<optimized out>, pi_ctx_p=<optimized out>) at ./psi/interp.c:1300
#5 gs_call_interp (pi_ctx_p=pi_ctx_p@entry=0x555cb01f5bc0, pref=pref@entry=0x7ffd8db417d0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffd8db41880, perror_object=<optimized out>) at ./psi/interp.c:520
#6 0x00007fd02c045e08 in gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x555cb01f5bc0, pref=pref@entry=0x7ffd8db417d0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffd8db41880, perror_object=<optimized out>, perror_object@entry=0x7ffd8db41890) at ./psi/interp.c:477
#7 0x00007fd02c0387de in gs_main_interpret (perror_object=0x7ffd8db41890, pexit_code=0x7ffd8db41880, user_errors=1, pref=0x7ffd8db417d0, minst=<optimized out>) at ./psi/imain.c:927
#8 gs_main_run_string_end (minst=minst@entry=0x555cb01f5b20, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffd8db41880, perror_object=perror_object@entry=0x7ffd8db41890) at ./psi/imain.c:927
#9 0x00007fd02c038871 in gs_main_run_string_with_length (perror_object=0x7ffd8db41890, pexit_code=0x7ffd8db41880, user_errors=1, length=9, str=0x7fd02c148aef ".runstdin", minst=0x555cb01f5b20) at ./psi/imain.c:871
#10 gs_main_run_string_with_length (minst=0x555cb01f5b20, str=0x7fd02c148aef ".runstdin", length=9, user_errors=1, pexit_code=0x7ffd8db41880, perror_object=0x7ffd8db41890) at ./psi/imain.c:857
#11 0x00007fd02c03b323 in run_string (perror_object=0x7ffd8db41890, pexit_code=0x7ffd8db41880, user_errors=<optimized out>, options=2, str=0x7fd02c148aef ".runstdin", minst=0x555cb01f5b20) at ./psi/imainarg.c:1166
#12 swproc (minst=minst@entry=0x555cb01f5b20, arg=0x7ffd8db41890 "\001\017", pal=pal@entry=0x7ffd8db41fd0) at ./psi/imainarg.c:367
#13 0x00007fd02c03c543 in gs_main_init_with_args01 (minst=minst@entry=0x555cb01f5b20, argc=7, argv=0x7ffd8db42b48) at ./psi/imainarg.c:224
#14 0x00007fd02c03c739 in gs_main_init_with_args (minst=0x555cb01f5b20, argc=<optimized out>, argv=<optimized out>) at ./psi/imainarg.c:289
#15 0x0000555caffeb1bc in main (argc=7, argv=0x7ffd8db42b48) at ./psi/dxmainc.c:86
dpkg --purge rr
# prebuilt current rr version
mkdir -p /home/bernhard/data/entwicklung/2020/rr/2020-10-09
sshfs -o allow_other,uid=1000,gid=1000 bernhard@192.168.178.25:/home/bernhard/data/entwicklung/2020/rr/2020-10-09 /home/bernhard/data/entwicklung/2020/rr/2020-10-09
benutzer@debian:~$ zcat /usr/share/doc/RFC/links/rfc1247.ps.gz | /home/bernhard/data/entwicklung/2020/rr/2020-10-09/obj_x86_64/bin/rr ps2txt > /dev/null
Segmentation fault (core dumped)
benutzer@debian:~$ /home/bernhard/data/entwicklung/2020/rr/2020-10-09/obj_x86_64/bin/rr ps /home/benutzer/.local/share/rr/ps2txt-1/
PID PPID EXIT CMD
9937 -- 139 ps2txt
9940 9937 0 (forked without exec)
9941 9937 -11 gs -q -dSAFER -sDEVICE=txtwrite -o - -
9945 9937 0 rm -f _temp_.err _temp_.out
benutzer@debian:~$ /home/bernhard/data/entwicklung/2020/rr/2020-10-09/obj_x86_64/bin/rr replay -p 9941 /home/benutzer/.local/share/rr/ps2txt-1/
GNU gdb (Debian 9.2-1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/gs...
Reading symbols from /usr/lib/debug/.build-id/82/8e977782c41f59568ca013b880b6067a51b1ad.debug...
Really redefine built-in command "restart"? (y or n) [answered Y; input not from terminal]
Remote debugging using 127.0.0.1:15592
--------------------------------------------------
---> Reached target process 9941 at event 284.
--------------------------------------------------
Reading symbols from /lib64/ld-linux-x86-64.so.2...
Reading symbols from /usr/lib/debug/.build-id/63/7706dbbbd112d03fbad61ca30125b48e60aa92.debug...
0x00007fa5442b0090 in _start () from /lib64/ld-linux-x86-64.so.2
(rr) set width 0
(rr) set pagination off
(rr) directory /home/benutzer/source/ghostscript/orig/ghostscript-9.53.3~dfsg
Source directories searched: /home/benutzer/source/ghostscript/orig/ghostscript-9.53.3~dfsg:$cdir:$cwd
(rr) cont
...
Program received signal SIGSEGV, Segmentation fault.
0x00007fa54364fc11 in gs_grestore (pgs=0x1) at ./base/gsstate.c:409
409 if (!pgs->saved)
(rr) bt
#0 0x00007fa54364fc11 in gs_grestore (pgs=0x1) at ./base/gsstate.c:409
#1 0x00007fa543662c39 in gx_default_text_restore_state (pte=<optimized out>) at ./base/gxchar.c:252
#2 0x00007fa54358ad46 in textw_text_process (pte=0x55dc1a95c2f8) at ./devices/vector/gdevtxtw.c:2287
#3 0x00007fa54371ca20 in op_show_continue (i_ctx_p=0x55dc17e6be98) at ./psi/zchar.c:690
#4 op_show_continue (i_ctx_p=0x55dc17e6be98) at ./psi/zchar.c:685
#5 0x00007fa5436fd7e5 in interp (perror_object=<optimized out>, pref=<optimized out>, pi_ctx_p=<optimized out>) at ./psi/interp.c:1300
#6 gs_call_interp (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>) at ./psi/interp.c:520
#7 0x00007fa5436fee08 in gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>, perror_object@entry=0x7ffeafc83060) at ./psi/interp.c:477
#8 0x00007fa5436f17de in gs_main_interpret (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, pref=0x7ffeafc82fa0, minst=<optimized out>) at ./psi/imain.c:927
#9 gs_main_run_string_end (minst=minst@entry=0x55dc17e38b50, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=perror_object@entry=0x7ffeafc83060) at ./psi/imain.c:927
#10 0x00007fa5436f1871 in gs_main_run_string_with_length (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, length=9, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imain.c:871
#11 gs_main_run_string_with_length (minst=0x55dc17e38b50, str=0x7fa543801aef ".runstdin", length=9, user_errors=1, pexit_code=0x7ffeafc83050, perror_object=0x7ffeafc83060) at ./psi/imain.c:857
#12 0x00007fa5436f4323 in run_string (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=<optimized out>, options=2, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imainarg.c:1166
#13 swproc (minst=minst@entry=0x55dc17e38b50, arg=0x7ffeafc83060 "\001\017", pal=pal@entry=0x7ffeafc837a0) at ./psi/imainarg.c:367
#14 0x00007fa5436f5543 in gs_main_init_with_args01 (minst=minst@entry=0x55dc17e38b50, argc=7, argv=0x7ffeafc84318) at ./psi/imainarg.c:224
#15 0x00007fa5436f5739 in gs_main_init_with_args (minst=0x55dc17e38b50, argc=<optimized out>, argv=<optimized out>) at ./psi/imainarg.c:289
#16 0x000055dc1650e1bc in main (argc=7, argv=0x7ffeafc84318) at ./psi/dxmainc.c:86
(rr) when
Current event: 4877
(rr) print pgs
$36 = (gs_gstate *) 0x1
(rr) print &(penum->pgs)
$39 = (gs_gstate **) 0x55dc1a95c680
(rr) watch *(void**)0x55dc1a95c680
Hardware watchpoint 4: *(void**)0x55dc1a95c680
(rr) reverse-cont
Continuing.
(rr) reverse-cont
Continuing.
(rr) up
#1 0x00007fa543662c39 in gx_default_text_restore_state (pte=<optimized out>) at ./base/gxchar.c:252
252 return gs_grestore(pgs);
(rr) up
#2 0x00007fa54358ad46 in textw_text_process (pte=0x55dc1a95c2f8) at ./devices/vector/gdevtxtw.c:2287
2287 code = gx_default_text_restore_state(pte_fallback);
(rr) print pte_fallback
$5 = (gs_text_enum_t *) 0x55dc1a95c618
(rr) print *pte_fallback
$6 = {text = {operation = 400791592, data = {bytes = 0x55dc1a95d6e8 "p\004", chars = 0x55dc1a95d6e8, glyphs = 0x55dc1a95d6e8, d_char = 94403827193576, d_glyph = 94403827193576}, size = 1056964608, delta_all = {x = 0, y = -nan(0xfffff00000000)}, delta_space = {x = 1.4869529638833479e-08, y = 0}, space = {s_char = 1065353216, s_glyph = 1065353216}, x_widths = 0xbf80000000000000, y_widths = 0x4452800000000000, widths_size = 0}, dev = 0x0, imaging_dev = 0x0, pgs = 0x1, orig_font = 0x80000000, path = 0x3f80000000000000, pdcolor = 0x0, pcpath = 0x43cbd9343f800000, memory = 0x197b2440751ec, procs = 0x100021d47, rc = {ref_count = 1, memory = 0x40797b2680000000, free = 0x4080ea3d80000000}, enum_client_data = 0x40797b2680000000, current_font = 0x4080ea3d80000000, outer_CID = 1082331758593, is_pure_color = 0, log2_scale = {x = 0, y = 0}, pair = 0x0, index = 1, xy_index = 0, fstack = {depth = 0, items = {{font = 0x0, index = 0}, {font = 0x3f80000000000000, index = 128}, {font = 0x100000001, index = 1}, {font = 0x100000001, index = 401113048}, {font = 0x55dc17e87f78, index = 401113192}, {font = 0x7fa54366cbf0 <gx_default_get_cmap_procs>, index = 404361264}}}, cmap_code = 0, single_byte_space = 0, bytes_decoded = 0, FontBBox_as_Metrics2 = {x = 4.6641667020946256e-310, y = 4.6641666196931715e-310}, text_enum_id = 0, device_disabled_grid_fitting = 403864656, fapi_log2_scale = {x = 21980, y = 403865248}, fapi_glyph_shift = {x = 0, y = 0}, returned = {current_char = 0, current_glyph = 0, total_width = {x = 0, y = 0}}, auto_release = 0, pgs2 = 0x55dc17e6d2d8, level = 0, charpath_flag = cpm_show, show_gstate = 0x55dc17e6d2d8, can_cache = 401003224, ibox = {p = {x = 21980, y = 401003224}, q = {x = 21980, y = 401003224}}, obox = {p = {x = 21980, y = 401003224}, q = {x = 21980, y = 401003224}}, ftx = 21980, fty = 401003224, encode_char = 0x55dc17e6d2d8, dev_cache = 0x55dc17e6d2d8, dev_cache2 = 0x55dc17e6d2d8, dev_null = 0x55dc17e6d2d8, wxy = {x = 401003224, y = 21980}, wxy_float = {x = 4.6641665607333535e-310, y = 4.6641665607333535e-310}, use_wxy_float = 401003224, origin = {x = 21980, y = 401003224}, cc = 0x55dc17e6d2d8, width_status = 401003224, continue_proc = 0x55dc17e6d2d8}
(rr) print (gs_show_enum*)pte_fallback
$7 = (gs_show_enum *) 0x55dc1a95c618
(rr) print *(gs_show_enum*)pte_fallback
$8 = {text = {operation = 400791592, data = {bytes = 0x55dc1a95d6e8 "p\004", chars = 0x55dc1a95d6e8, glyphs = 0x55dc1a95d6e8, d_char = 94403827193576, d_glyph = 94403827193576}, size = 1056964608, delta_all = {x = 0, y = -nan(0xfffff00000000)}, delta_space = {x = 1.4869529638833479e-08, y = 0}, space = {s_char = 1065353216, s_glyph = 1065353216}, x_widths = 0xbf80000000000000, y_widths = 0x4452800000000000, widths_size = 0}, dev = 0x0, imaging_dev = 0x0, pgs = 0x1, orig_font = 0x80000000, path = 0x3f80000000000000, pdcolor = 0x0, pcpath = 0x43cbd9343f800000, memory = 0x197b2440751ec, procs = 0x100021d47, rc = {ref_count = 1, memory = 0x40797b2680000000, free = 0x4080ea3d80000000}, enum_client_data = 0x40797b2680000000, current_font = 0x4080ea3d80000000, outer_CID = 1082331758593, is_pure_color = 0, log2_scale = {x = 0, y = 0}, pair = 0x0, index = 1, xy_index = 0, fstack = {depth = 0, items = {{font = 0x0, index = 0}, {font = 0x3f80000000000000, index = 128}, {font = 0x100000001, index = 1}, {font = 0x100000001, index = 401113048}, {font = 0x55dc17e87f78, index = 401113192}, {font = 0x7fa54366cbf0 <gx_default_get_cmap_procs>, index = 404361264}}}, cmap_code = 0, single_byte_space = 0, bytes_decoded = 0, FontBBox_as_Metrics2 = {x = 4.6641667020946256e-310, y = 4.6641666196931715e-310}, text_enum_id = 0, device_disabled_grid_fitting = 403864656, fapi_log2_scale = {x = 21980, y = 403865248}, fapi_glyph_shift = {x = 0, y = 0}, returned = {current_char = 0, current_glyph = 0, total_width = {x = 0, y = 0}}, auto_release = 0, pgs2 = 0x55dc17e6d2d8, level = 0, charpath_flag = cpm_show, show_gstate = 0x55dc17e6d2d8, can_cache = 401003224, ibox = {p = {x = 21980, y = 401003224}, q = {x = 21980, y = 401003224}}, obox = {p = {x = 21980, y = 401003224}, q = {x = 21980, y = 401003224}}, ftx = 21980, fty = 401003224, encode_char = 0x55dc17e6d2d8, dev_cache = 0x55dc17e6d2d8, dev_cache2 = 0x55dc17e6d2d8, dev_null = 0x55dc17e6d2d8, wxy = {x = 401003224, y = 21980}, wxy_float = {x = 4.6641665607333535e-310, y = 4.6641665607333535e-310}, use_wxy_float = 401003224, origin = {x = 21980, y = 401003224}, cc = 0x55dc17e6d2d8, width_status = 401003224, continue_proc = 0x55dc17e6d2d8}
(rr) print pte_fallback->pgs
$9 = (gs_gstate *) 0x1
(rr) print ((gs_show_enum *)pte_fallback)->pgs
$10 = (gs_gstate *) 0x1
(rr) print & (((gs_show_enum *)pte_fallback)->pgs)
$11 = (gs_gstate **) 0x55dc1a95c680
(rr) x/1xg 0x55dc1a95c680
0x55dc1a95c680: 0x0000000000000001
(rr) reverse-cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00007fa54364fc11 in gs_grestore (pgs=0x1) at ./base/gsstate.c:409
409 if (!pgs->saved)
(rr)
Continuing.
Hardware watchpoint 1: *0x55dc1a95c680
Old value = 1
New value = 400998792
__memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:419
419 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: Datei oder Verzeichnis nicht gefunden.
(rr) bt
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:419
#1 0x00007fa5437355d7 in memmove (__len=<optimized out>, __src=0x55dc1a95c888, __dest=0x55dc1a95c600) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
#2 gc_objects_compact (gcst=0x7ffeafc81cf0, gcst=0x7ffeafc81cf0, cp=0x55dc1a7d1eb0) at ./psi/igc.c:1348
#3 gs_gc_reclaim (pspaces=<optimized out>, global=0) at ./psi/igc.c:481
#4 0x00007fa543700eb5 in gs_vmreclaim (global=0, dmem=0x55dc17e6bea0) at ./psi/ireclaim.c:165
#5 ireclaim (dmem=0x55dc17e6bea0, space=-1) at ./psi/ireclaim.c:80
#6 0x00007fa5436fc3ed in interp_reclaim (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, space=space@entry=-1) at ./psi/interp.c:450
#7 0x00007fa5436fe1e6 in interp (perror_object=<optimized out>, pref=<optimized out>, pi_ctx_p=<optimized out>) at ./psi/interp.c:1817
#8 gs_call_interp (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>) at ./psi/interp.c:520
#9 0x00007fa5436fee08 in gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>, perror_object@entry=0x7ffeafc83060) at ./psi/interp.c:477
#10 0x00007fa5436f17de in gs_main_interpret (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, pref=0x7ffeafc82fa0, minst=<optimized out>) at ./psi/imain.c:927
#11 gs_main_run_string_end (minst=minst@entry=0x55dc17e38b50, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=perror_object@entry=0x7ffeafc83060) at ./psi/imain.c:927
#12 0x00007fa5436f1871 in gs_main_run_string_with_length (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, length=9, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imain.c:871
#13 gs_main_run_string_with_length (minst=0x55dc17e38b50, str=0x7fa543801aef ".runstdin", length=9, user_errors=1, pexit_code=0x7ffeafc83050, perror_object=0x7ffeafc83060) at ./psi/imain.c:857
#14 0x00007fa5436f4323 in run_string (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=<optimized out>, options=2, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imainarg.c:1166
#15 swproc (minst=minst@entry=0x55dc17e38b50, arg=0x7ffeafc83060 "\001\017", pal=pal@entry=0x7ffeafc837a0) at ./psi/imainarg.c:367
#16 0x00007fa5436f5543 in gs_main_init_with_args01 (minst=minst@entry=0x55dc17e38b50, argc=7, argv=0x7ffeafc84318) at ./psi/imainarg.c:224
#17 0x00007fa5436f5739 in gs_main_init_with_args (minst=0x55dc17e38b50, argc=<optimized out>, argv=<optimized out>) at ./psi/imainarg.c:289
#18 0x000055dc1650e1bc in main (argc=7, argv=0x7ffeafc84318) at ./psi/dxmainc.c:86
(rr) when
Current event: 4876
(rr) reverse-finish
Run back to call of #0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:419
0x00007fa5437355d2 in memmove (__len=2016, __src=0x55dc1a95c888, __dest=0x55dc1a95c600) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
40 return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
1: x/i $pc
=> 0x7fa5437355d2 <gs_gc_reclaim+4562>: callq 0x7fa5433fdb40 <memmove@plt>
(rr) bt
#0 0x00007fa5437355d2 in memmove (__len=2016, __src=0x55dc1a95c888, __dest=0x55dc1a95c600) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
#1 gc_objects_compact (gcst=0x7ffeafc81cf0, gcst=0x7ffeafc81cf0, cp=0x55dc1a7d1eb0) at ./psi/igc.c:1348
#2 gs_gc_reclaim (pspaces=<optimized out>, global=0) at ./psi/igc.c:481
#3 0x00007fa543700eb5 in gs_vmreclaim (global=0, dmem=0x55dc17e6bea0) at ./psi/ireclaim.c:165
#4 ireclaim (dmem=0x55dc17e6bea0, space=-1) at ./psi/ireclaim.c:80
#5 0x00007fa5436fc3ed in interp_reclaim (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, space=space@entry=-1) at ./psi/interp.c:450
#6 0x00007fa5436fe1e6 in interp (perror_object=<optimized out>, pref=<optimized out>, pi_ctx_p=<optimized out>) at ./psi/interp.c:1817
#7 gs_call_interp (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>) at ./psi/interp.c:520
#8 0x00007fa5436fee08 in gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x55dc17e38bf0, pref=pref@entry=0x7ffeafc82fa0, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=<optimized out>, perror_object@entry=0x7ffeafc83060) at ./psi/interp.c:477
#9 0x00007fa5436f17de in gs_main_interpret (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, pref=0x7ffeafc82fa0, minst=<optimized out>) at ./psi/imain.c:927
#10 gs_main_run_string_end (minst=minst@entry=0x55dc17e38b50, user_errors=user_errors@entry=1, pexit_code=pexit_code@entry=0x7ffeafc83050, perror_object=perror_object@entry=0x7ffeafc83060) at ./psi/imain.c:927
#11 0x00007fa5436f1871 in gs_main_run_string_with_length (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=1, length=9, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imain.c:871
#12 gs_main_run_string_with_length (minst=0x55dc17e38b50, str=0x7fa543801aef ".runstdin", length=9, user_errors=1, pexit_code=0x7ffeafc83050, perror_object=0x7ffeafc83060) at ./psi/imain.c:857
#13 0x00007fa5436f4323 in run_string (perror_object=0x7ffeafc83060, pexit_code=0x7ffeafc83050, user_errors=<optimized out>, options=2, str=0x7fa543801aef ".runstdin", minst=0x55dc17e38b50) at ./psi/imainarg.c:1166
#14 swproc (minst=minst@entry=0x55dc17e38b50, arg=0x7ffeafc83060 "\001\017", pal=pal@entry=0x7ffeafc837a0) at ./psi/imainarg.c:367
#15 0x00007fa5436f5543 in gs_main_init_with_args01 (minst=minst@entry=0x55dc17e38b50, argc=7, argv=0x7ffeafc84318) at ./psi/imainarg.c:224
#16 0x00007fa5436f5739 in gs_main_init_with_args (minst=0x55dc17e38b50, argc=<optimized out>, argv=<optimized out>) at ./psi/imainarg.c:289
#17 0x000055dc1650e1bc in main (argc=7, argv=0x7ffeafc84318) at ./psi/dxmainc.c:86
(rr) print dpre
$19 = (obj_header_t *) 0x55dc1a95c600
(rr) print pre
$20 = (obj_header_t *) 0x55dc1a95c888
(rr) print sizeof(obj_header_t)
$21 = 24
(rr) print size
$22 = 1992
(rr) print sizeof(obj_header_t) + size
$23 = 2016
(rr) print __dest
$40 = (void *) 0x55dc1a95c600
(rr) print __len
$41 = 2016
export DEB_CFLAGS_APPEND=-fsanitize=address
export DEB_CPPFLAGS_APPEND=-fsanitize=address
export DEB_CXXFLAGS_APPEND=-fsanitize=address
export DEB_LDFLAGS_APPEND='-fsanitize=address -static-libasan'
dpkg-buildpackage
benutzer@debian:~$ zcat /usr/share/doc/RFC/links/rfc1247.ps.gz | ps2txt > /dev/null
AddressSanitizer:DEADLYSIGNAL
=================================================================
==70651==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000639 (pc 0x7f224d5d00bb bp 0x7ffc8cd857c0 sp 0x7ffc8cd85050 T0)
==70651==The signal is caused by a READ memory access.
==70651==Hint: address points to the zero page.
#0 0x7f224d5d00bb in gs_grestore base/gsstate.c:409
#1 0x7f224d3c38a3 in textw_text_process devices/vector/gdevtxtw.c:2287
#2 0x7f224d852db4 in op_show_continue psi/zchar.c:690
#3 0x7f224d852db4 in op_show_continue psi/zchar.c:685
#4 0x7f224d7f17ea in interp psi/interp.c:1300
#5 0x7f224d7f17ea in gs_call_interp psi/interp.c:520
#6 0x7f224d7f74f9 in gs_interpret psi/interp.c:477
#7 0x7f224d7cf0fc in gs_main_interpret psi/imain.c:257
#8 0x7f224d7cf0fc in gs_main_run_string_end psi/imain.c:927
#9 0x7f224d7cf210 in gs_main_run_string_with_length psi/imain.c:871
#10 0x7f224d7cf210 in gs_main_run_string_with_length psi/imain.c:857
#11 0x7f224d7d682d in run_string psi/imainarg.c:1166
#12 0x7f224d7d682d in swproc psi/imainarg.c:367
#13 0x7f224d7da30a in gs_main_init_with_args01 psi/imainarg.c:224
#14 0x7f224d7da918 in gs_main_init_with_args psi/imainarg.c:289
#15 0x55f6a08af647 in main psi/dxmainc.c:86
#16 0x7f224c968cc9 in __libc_start_main ../csu/libc-start.c:308
#17 0x55f6a08af7e9 (/usr/bin/gs+0x97e9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV base/gsstate.c:409 in gs_grestore
==70651==ABORTING
Reply to: