Package: libgs8 Version: 8.71~dfsg2-9 Severity: important Tags: upstream A SEGV can result when gs is invoked by pstoraster with the command "/usr/bin/gs -dQUIET -dDEBUG -dPARANOIDSAFER -dNOPAUSE -dBATCH -dNOMEDIAATTRS -sDEVICE=cups -sstdout=%stderr -sOUTPUTFILE=%stdout -c -f -_", depending on the input postscript file.
The problem arises because of the interaction between the "stringoption" macro in cups/gdevcups.c: #define stringoption(name, sname) \ if ((code = param_read_string(plist, sname, &stringval)) < 0) \ { \ dprintf2("ERROR: Error setting %s to \"%s\"...\n", sname, \ (char *)(stringval.data)); \ param_signal_error(plist, sname, code); \ return (code); \ } \ else if (code == 0) \ { \ dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \ (char *)(stringval.data)); \ strncpy(cups->header.name, (const char *)(stringval.data), \ stringval.size); \ cups->header.name[stringval.size] = '\0'; \ } and the "param_read_string" function in base/gsparam.c: int param_read_string(gs_param_list * plist, gs_param_name pkey, gs_param_string * pvalue) { RETURN_READ_TYPED(s, gs_param_type_string); } The RETURN_READ_TYPED macro is as follows: #define RETURN_READ_TYPED(alt, ptype)\ gs_param_typed_value typed;\ int code;\ \ typed.type = ptype;\ code = param_read_requested_typed(plist, pkey, &typed);\ if ( code == 0 )\ *pvalue = typed.value.alt;\ return code The problem occurs if param_read_requested_typed returns a non-zero status. In that case, pvalue is never set in param_read_string, which means that the value from the stringoption macro is left uninitialised. "stringoption" then tries to use that uninitialised value as a string parameter to dprintf2. The following change to param_read_string will prevent the SEGV, and allow the process (and the print job) to complete successfully: int param_read_string(gs_param_list * plist, gs_param_name pkey, gs_param_string * pvalue) { pvalue->data = 0; pvalue->size = 0; pvalue->persistent = 0; RETURN_READ_TYPED(s, gs_param_type_string); } However it seems more likely that the correct fix is for stringoption not to attempt to use the stringvalue variable on error, so that the macro would appear as follows: #define stringoption(name, sname) \ if ((code = param_read_string(plist, sname, &stringval)) < 0) \ { \ dprintf2("ERROR: Error setting %s...\n", sname); \ param_signal_error(plist, sname, code); \ return (code); \ } \ else if (code == 0) \ { \ dprintf2("DEBUG: Setting %s to \"%s\"...\n", sname, \ (char *)(stringval.data)); \ strncpy(cups->header.name, (const char *)(stringval.data), \ stringval.size); \ cups->header.name[stringval.size] = '\0'; \ } However the correct fix may be a matter for upstream. The impact of this bug is that some postscript files cannot be succesfully printed at all to printers that require rasterisation. I have an example file, but it contains configential so I can only provide it if necessary out of band to the developer who will be fixing it. It may be possible to duplicate this by configuring a Windows 7 system to print to that printer using a postscript driver, and printing a test page. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (700, 'stable'), (600, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libgs8 depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-2 common error description library ii libcups2 1.4.4-7 Common UNIX Printing System(tm) - ii libcupsimage2 1.4.4-7 Common UNIX Printing System(tm) - ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k ii libjasper1 1.900.1-7+b1 The JasPer JPEG-2000 runtime libra ii libjbig2dec0 0.11-1 JBIG2 decoder library - shared lib ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries ii libpaper1 1.1.24 library for handling paper charact ii libpng12-0 1.2.44-1 PNG library - runtime ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libtiff4 3.9.4-5 Tag Image File Format (TIFF) libra ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime libgs8 recommends no packages. libgs8 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org