Your message dated Sun, 28 Nov 2010 12:47:41 +0100
with message-id <[email protected]>
and subject line Re: Bug#602759: Ghostscript 9.0 segfaus, therefore breaks GNU
gv (all versions)
has caused the Debian Bug report #602759,
regarding Ghostscript 9.0 segfaus, therefore breaks GNU gv (all versions)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
602759: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602759
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ghostscript
Version: 9.00~dfsg-1
Please note that I do not use debian, but the debian package maintainer
Jonas Smedegaard's asked me to report a debian bug for the following bug
found in upstream ghostscript 9.00:
The following bug is introduced with upstream commit 11619 (clearly
between release of 8.71 and 9.0). It is fixed with commit 11808 (which
is clearly after the release of gs 9.0). These commit numbers have been
found by two binary searches. So there is reason to believe that this
bug may be present in debian experimental.
http://bugs.ghostscript.com/show_bug.cgi?id=691651 gives us a sample
document (I've a different one here, but that is copyrighted and I
cannot publish it here without permission).
The upstream bug reports describes the bug quite good:
--- begin cite---
gs 9.00 crashes on the file below. I did ./configure and make with no options
on the distributed source and then ran
/u/ghostscript-9.00/bin/gs -sDEVICE=x11 test.ps
valgrind reports
==17821== Invalid read of size 4
==17821== at 0x842ED36: gx_alloc_char_bits (gxccman.c:612)
==17821== by 0x842DC48: gx_lookup_xfont_char (gxccache.c:226)
==17821== by 0x843273E: show_proceed (gxchar.c:1078)
==17821== by 0x812CA5A: op_show_continue_pop (zchar.c:530)
==17821== by 0x812CD24: zshow (zchar.c:65)
==17821== by 0x810DBF1: interp (interp.c:1150)
==17821== by 0x810F73C: gs_interpret (interp.c:484)
==17821== by 0x81042EB: gs_main_run_string_end (imain.c:240)
==17821== by 0x81046F9: gs_main_run_string (imain.c:496)
==17821== by 0x8105354: run_string (imainarg.c:814)
==17821== by 0x8105AC8: runarg (imainarg.c:805)
==17821== by 0x8105CE2: argproc (imainarg.c:738)
==17821== Address 0x4c4 is not stack'd, malloc'd or (recently) free'd
The patch below stops the crash.
--- gs9.00/base/gxccman.c- 2010-08-10 12:20:19.000000000 -0400
+++ gs9.00/base/gxccman.c 2010-09-28 15:50:14.053145974 -0400
@@ -609,7 +609,7 @@
gs_make_mem_mono_device(pdev, pdev->memory, target);
rc_decrement_only(target, "gx_alloc_char_bits"); /* can't go to 0 */
/* Decrement the ICC profile also. Same device is getting
reinitialized */
- rc_decrement(target->device_icc_profile,"gx_alloc_char_bits(icc
profile)");
+ if (target != NULL)
rc_decrement(target->device_icc_profile,"gx_alloc_char_bits(icc profile)");
pdev->rc = rc;
pdev->retained = retained;
pdev->width = iwidth;
--- end cite ---
To the GNU gv user, the bug appears as follows: Depending on the
document, you can render some pages, all pages or possibly no pages at
all. The remaing pages from the document cause the forked gs process to
stop (the user cannot see that it actually segfaults), so GNU gv waits
forever for ghostscript finishing displaying the current page.
This is the problem I noticed first. By binary search I looked for the
breaking commit, found the commit listed above. Noticed that SVN HEAD
works again, and searched the repairing commit by another binary search.
The Subversion comment of the commit 11808 (the repairing one) mentions
the upstream bug number, so it is quite easy to find the upstream bug.
Greetings from Germany
Markus Steinborn
GNU gv maintainer
--- End Message ---
--- Begin Message ---
Version: 9.00~dfsg-2
On Sun, Nov 07, 2010 at 09:41:06PM +0100, Markus Steinborn wrote:
The following bug is introduced with upstream commit 11619 (clearly
between release of 8.71 and 9.0). It is fixed with commit 11808
(which is clearly after the release of gs 9.0). These commit numbers
have been found by two binary searches. So there is reason to believe
that this bug may be present in debian experimental.
Thanks for the report.
Indeed this bug occur with the Debian package 9.00~dfsg-1.
...and is fixed in 9.00~dfsg-2, uploaded yesterday to experimental.
Kind regards,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
--- End Message ---