Bug#619306: marked as done (ghostscript segfaults on some eps file)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 04 Jan 2024 22:07:11 -0600
with message-id <6576160.K2JlShyGXD@riemann>
and subject line Re: ghostscript segfaults on some eps file
has caused the Debian Bug report #619306,
regarding ghostscript segfaults on some eps file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
619306: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619306
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ghostscript segfaults on some eps file
• From: Alexandre Duret-Lutz <adl@lrde.epita.fr>
• Date: Tue, 22 Mar 2011 20:38:07 +0100
• Message-id: <20110322193807.32342.22661.reportbug@hush.va-et-vient.net>

Package: ghostscript
Version: 9.01~dfsg-2
Severity: important

Running gs on the attached file ends with a segfault.

% gs -dSAFER arch-SPOT.eps
GPL Ghostscript 9.01 (2011-02-07)
Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
zsh: segmentation fault  gs -dSAFER arch-SPOT.eps

Here are the output of valgrind and gdb.

% valgrind gs -q -dSAFER arch-SPOT.eps
==356== Memcheck, a memory error detector
==356== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==356== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==356== Command: gs -q -dSAFER arch-SPOT.eps
==356==
==356== Conditional jump or move depends on uninitialised value(s)
==356==    at 0x4FD6C11: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FD72FE: gs_gc_reclaim (in /usr/lib/libgs.so.9.01)
==356==    by 0x5039F93: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA5E03: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA1730: interp_reclaim (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA2B3E: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA383A: gs_interpret (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F987B4: gs_main_run_string_end (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9993D: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9A129: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9B69F: gs_main_init_with_args (in /usr/lib/libgs.so.9.01)
==356==    by 0x400AEB: main (in /usr/bin/gs)
==356==
==356== Conditional jump or move depends on uninitialised value(s)
==356==    at 0x4FD73EA: gs_gc_reclaim (in /usr/lib/libgs.so.9.01)
==356==    by 0x5039F93: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA5E03: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA1730: interp_reclaim (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA2B3E: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA383A: gs_interpret (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F987B4: gs_main_run_string_end (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9993D: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9A129: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9B69F: gs_main_init_with_args (in /usr/lib/libgs.so.9.01)
==356==    by 0x400AEB: main (in /usr/bin/gs)
==356==
==356== Conditional jump or move depends on uninitialised value(s)
==356==    at 0x4FD73EF: gs_gc_reclaim (in /usr/lib/libgs.so.9.01)
==356==    by 0x5039F93: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA5E03: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA1730: interp_reclaim (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA2B3E: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4FA383A: gs_interpret (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F987B4: gs_main_run_string_end (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9993D: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9A129: ??? (in /usr/lib/libgs.so.9.01)
==356==    by 0x4F9B69F: gs_main_init_with_args (in /usr/lib/libgs.so.9.01)
==356==    by 0x400AEB: main (in /usr/bin/gs)
==356==
==356== Jump to the invalid address stated on the next line
==356==    at 0x0: ???
==356==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==356==
==356==
==356== Process terminating with default action of signal 11 (SIGSEGV)
==356==  Bad permissions for mapped region at address 0x0
==356==    at 0x0: ???
==356==
==356== HEAP SUMMARY:
==356==     in use at exit: 10,781,132 bytes in 1,094 blocks
==356==   total heap usage: 2,766 allocs, 1,672 frees, 24,340,180 bytes allocated
==356==
==356== LEAK SUMMARY:
==356==    definitely lost: 264 bytes in 3 blocks
==356==    indirectly lost: 176 bytes in 4 blocks
==356==      possibly lost: 10,687,578 bytes in 733 blocks
==356==    still reachable: 93,114 bytes in 354 blocks
==356==         suppressed: 0 bytes in 0 blocks
==356== Rerun with --leak-check=full to see details of leaked memory
==356==
==356== For counts of detected and suppressed errors, rerun with: -v
==356== Use --track-origins=yes to see where uninitialised values come from
==356== ERROR SUMMARY: 93 errors from 4 contexts (suppressed: 40 from 9)
zsh: segmentation fault  valgrind gs -q -dSAFER arch-SPOT.eps

% gdb -q --args gs -q -dSAFER arch-SPOT.eps
Reading symbols from /usr/bin/gs...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/gs -q -dSAFER arch-SPOT.eps
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007ffff6593bce in cmsEvalLUT () from /usr/lib/liblcms.so.1
#2  0x00007ffff659c0a6 in ?? () from /usr/lib/liblcms.so.1
#3  0x00007ffff6588071 in _cmsComputePrelinearizationTablesFromXFORM ()
   from /usr/lib/liblcms.so.1
#4  0x00007ffff659e8d7 in _cmsPrecalculateDeviceLink ()
   from /usr/lib/liblcms.so.1
#5  0x00007ffff659cc7a in cmsCreateProofingTransform ()
   from /usr/lib/liblcms.so.1
#6  0x00007ffff659d35b in cmsCreateTransform () from /usr/lib/liblcms.so.1
#7  0x00007ffff74019ca in gsicc_get_link_profile () from /usr/lib/libgs.so.9
#8  0x00007ffff73fe817 in ?? () from /usr/lib/libgs.so.9
#9  0x00007ffff7341dba in gx_remap_CIEA () from /usr/lib/libgs.so.9
#10 0x00007ffff759fa1c in gx_remap_color () from /usr/lib/libgs.so.9
#11 0x00007ffff758fb68 in gs_text_begin () from /usr/lib/libgs.so.9
#12 0x00007ffff758ff10 in gs_xyshow_begin () from /usr/lib/libgs.so.9
#13 0x00007ffff730a987 in ?? () from /usr/lib/libgs.so.9
#14 0x00007ffff737177d in ?? () from /usr/lib/libgs.so.9
#15 0x00007ffff737283b in gs_interpret () from /usr/lib/libgs.so.9
#16 0x00007ffff73677b5 in gs_main_run_string_end () from /usr/lib/libgs.so.9
#17 0x00007ffff736893e in ?? () from /usr/lib/libgs.so.9
#18 0x00007ffff736912a in ?? () from /usr/lib/libgs.so.9
#19 0x00007ffff736a6a0 in gs_main_init_with_args () from /usr/lib/libgs.so.9
#20 0x0000000000400aec in main ()
(gdb)



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ghostscript depends on:
ii  debconf [de 1.5.38                       Debian configuration management sy
ii  debianutils 3.4.4                        Miscellaneous utilities specific t
ii  gsfonts     1:8.11+urwcyr1.0.7~pre44-4.2 Fonts for the Ghostscript interpre
ii  libc6       2.11.2-13                    Embedded GNU C Library: Shared lib
ii  libgs9      9.01~dfsg-2                  interpreter for the PostScript lan

ghostscript recommends no packages.

Versions of packages ghostscript suggests:
ii  ghostscript-cups             9.01~dfsg-2 interpreter for the PostScript lan
ii  ghostscript-x                9.01~dfsg-2 interpreter for the PostScript lan
pn  hpijs                        <none>      (no description available)

-- no debconf information

Attachment: arch-SPOT.eps
Description: PostScript document

--- End Message ---

--- Begin Message ---

• To: 619306-done@bugs.debian.org
• Subject: Re: ghostscript segfaults on some eps file
• From: Steven Robbins <steve@sumost.ca>
• Date: Thu, 04 Jan 2024 22:07:11 -0600
• Message-id: <6576160.K2JlShyGXD@riemann>
• In-reply-to: <20110322193807.32342.22661.reportbug@hush.va-et-vient.net>

On Tue, 22 Mar 2011 20:38:07 +0100 Alexandre Duret-Lutz <adl@lrde.epita.fr> 
wrote:
> Package: ghostscript
> Version: 9.01~dfsg-2
> Severity: important
> 
> Running gs on the attached file ends with a segfault.
> 
> % gs -dSAFER arch-SPOT.eps

Tested using ghostscript 10.02.1: page displays fine with no segfault.


> GPL Ghostscript 9.01 (2011-02-07)
> Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
> This software comes with NO WARRANTY: see the file PUBLIC for details.
> zsh: segmentation fault  gs -dSAFER arch-SPOT.eps
> 
> Here are the output of valgrind and gdb.
> 
> % valgrind gs -q -dSAFER arch-SPOT.eps
> ==356== Memcheck, a memory error detector
> ==356== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
> ==356== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for 
copyright info
> ==356== Command: gs -q -dSAFER arch-SPOT.eps
> ==356==
> ==356== Conditional jump or move depends on uninitialised value(s)
> ==356==    at 0x4FD6C11: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FD72FE: gs_gc_reclaim (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x5039F93: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA5E03: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA1730: interp_reclaim (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA2B3E: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA383A: gs_interpret (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F987B4: gs_main_run_string_end (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9993D: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9A129: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9B69F: gs_main_init_with_args (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x400AEB: main (in /usr/bin/gs)
> ==356==
> ==356== Conditional jump or move depends on uninitialised value(s)
> ==356==    at 0x4FD73EA: gs_gc_reclaim (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x5039F93: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA5E03: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA1730: interp_reclaim (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA2B3E: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA383A: gs_interpret (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F987B4: gs_main_run_string_end (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9993D: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9A129: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9B69F: gs_main_init_with_args (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x400AEB: main (in /usr/bin/gs)
> ==356==
> ==356== Conditional jump or move depends on uninitialised value(s)
> ==356==    at 0x4FD73EF: gs_gc_reclaim (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x5039F93: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA5E03: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA1730: interp_reclaim (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA2B3E: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4FA383A: gs_interpret (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F987B4: gs_main_run_string_end (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9993D: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9A129: ??? (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x4F9B69F: gs_main_init_with_args (in /usr/lib/libgs.so.9.01)
> ==356==    by 0x400AEB: main (in /usr/bin/gs)
> ==356==

Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---