Bug#619306: ghostscript segfaults on some eps file
On 11-05-04 at 05:44am, Jonathan Nieder wrote: Jonathan Nieder wrote: Håkon A. Hjortland wrote: Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 also fixes the segfaults for both arch-SPOT.eps and transmitter.pdf. Ah, thanks for this (and for pinpointing which pointers are NULL)! I'll bisect. Ok, so I was looking for an upstream repository to sift through but I don't think there is one for lcms1. Not sure I understand what you mean above: Sure there is upstream source for lcms1: http://www.littlecms.com/download.html When ghostscript renders arch-SPOT.eps, Device2PCS-CLut16params (as filled by cmsReadICCLut) is all-zeroes with modern liblcms1 and in particular the pointer to its Interp3D method is NULL when cmsEvalLUT calls it. Håkon did the brave thing and tried omitting the Interp3D call, and it seemed to work okay. So it's all a little puzzling. Hints welcome. Ghostscript recently added support for LittleCMS 2.x which I hope to soon use instead of LittleCMS 1.x. Thanks to all of you for the valuable work here! - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature
Bug#619306: ghostscript segfaults on some eps file
2011/5/3 Håkon A. Hjortland p...@hakn.net: For people who are just interested in a quick and dirty fix right here and now. Thanks. I've used the ubuntu package on my amd64 wheezy/testing machine and indeed I don't have the segfaults anymore. Hope we can get this resolved on the package update. Cheers, Colin -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTinNDeK+Rw=5utupckuvnybu5g9...@mail.gmail.com
Bug#619306: ghostscript segfaults on some eps file
Hi, Håkon A. Hjortland wrote: Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 also fixes the segfaults for both arch-SPOT.eps and transmitter.pdf. Ah, thanks for this (and for pinpointing which pointers are NULL)! I'll bisect. -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504042206.GE8187@elie
Bug#619306: ghostscript segfaults on some eps file
My system: Ubuntu 11.04 ghostscript 9.01~dfsg-1ubuntu5 liblcms1 1.18.dfsg-1.2ubuntu1 Attaching transmitter.pdf, which seems to provoke a different segfault error than arch-SPOT.eps. Quickfix 1 (ugly patches): liblcms_Interp3D_NULL.*: Fixes arch-SPOT.eps segfault. ghostscript_icc_link_NULL.*: Fixes transmitter.pdf segfault. WARNING: I have no idea what I'm doing here. The segfaults disappear, but for all I know the produced output files from ghostscript might be wrong now. Quickfix 2 (downgrading liblcms1): Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 also fixes the segfaults for both arch-SPOT.eps and transmitter.pdf. Before fixes: $ epstopdf arch-SPOT.eps epstopdf ($Id: epstopdf.pl 17496 2010-03-18 17:57:31Z karl $) 2.15 !!! Error: Writing to gs failed, signal 11 $ pdf2ps transmitter.pdf Segmentation fault After using either of the quickfixes: $ epstopdf arch-SPOT.eps $ pdf2ps transmitter.pdf For people who are just interested in a quick and dirty fix right here and now, here's the gist: Step-by-step instructions for downgrade-quickfix for amd64: (Use at your own risk!) 1) wget 'http://ftp.uninett.no/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1_amd64.deb' 2) sudo dpkg --install liblcms1_1.16-7ubuntu1_amd64.deb 3) Use synaptic to pin the package at that version (Lock Version) so that it won't be upgraded again. Step-by-step instructions for downgrade-quickfix for i386: (Use at your own risk!) 1) wget 'http://ftp.uninett.no/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1_i386.deb' 2) sudo dpkg --install liblcms1_1.16-7ubuntu1_i386.deb 3) Use synaptic to pin the package at that version (Lock Version) so that it won't be upgraded again. -- Håkon transmitter.pdf Description: Adobe PDF document diff -ru source/ghostscript-9.01~dfsg/base/gsicc.c x/ghostscript-9.01~dfsg/base/gsicc.c --- source/ghostscript-9.01~dfsg/base/gsicc.c 2010-12-06 21:30:42.0 +0100 +++ x/ghostscript-9.01~dfsg/base/gsicc.c 2011-05-02 15:03:14.416228156 +0200 @@ -345,7 +345,7 @@ } /* Get a link from the cache, or create if it is not there. Need to get 16 bit profile */ icc_link = gsicc_get_link(pis, dev, pcs, NULL, rendering_params, pis-memory, false); -if (icc_link-is_identity) { +if (icc_link == NULL || icc_link-is_identity) { psrc_temp = (psrc[0]); } else { /* Transform the color */ @@ -368,7 +368,9 @@ } #endif /* Release the link */ -gsicc_release_link(icc_link); +if (icc_link != NULL) { + gsicc_release_link(icc_link); +} /* Now do the remap for ICC which amounts to the alpha application the transfer function and potentially the halftoning */ /* Right now we need to go from unsigned short to frac. I really diff -ru source/ghostscript-9.01~dfsg/debian/changelog x/ghostscript-9.01~dfsg/debian/changelog --- source/ghostscript-9.01~dfsg/debian/changelog 2011-04-01 15:02:35.0 +0200 +++ x/ghostscript-9.01~dfsg/debian/changelog 2011-05-02 15:04:47.837064929 +0200 @@ -1,3 +1,9 @@ +ghostscript (9.01~dfsg-1ubuntu5quickfix1) natty; urgency=low + + * Quickfix: Handle icc_link == NULL. Fixes a segfault. + + -- Foo Bar f...@nowhere.com Mon, 02 May 2011 13:36:41 +0200 + ghostscript (9.01~dfsg-1ubuntu5) natty; urgency=low * gs-common: Reintroduce dependency on ghostscript, still too many packages ghostscript_icc_link_NULL.sh Description: Bourne shell script diff -ru orig/lcms-1.18.dfsg/debian/changelog fixed/lcms-1.18.dfsg/debian/changelog --- orig/lcms-1.18.dfsg/debian/changelog 2011-05-02 16:03:20.0 +0200 +++ fixed/lcms-1.18.dfsg/debian/changelog 2011-05-03 00:41:03.995618170 +0200 @@ -1,3 +1,9 @@ +lcms (1.18.dfsg-1.2ubuntu1quickfix1) natty; urgency=low + + * Quickfix: Handle Lut-CLut16params.Interp3D == NULL. Fixes a segfault. + + -- Foo Bar f...@nowhere.com Mon, 02 May 2011 13:36:41 +0200 + lcms (1.18.dfsg-1.2ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: (LP: #694364) diff -ru orig/lcms-1.18.dfsg/src/cmslut.c fixed/lcms-1.18.dfsg/src/cmslut.c --- orig/lcms-1.18.dfsg/src/cmslut.c 2009-03-21 16:31:52.0 +0100 +++ fixed/lcms-1.18.dfsg/src/cmslut.c 2011-05-03 00:39:08.344636953 +0200 @@ -507,7 +507,7 @@ - if (Lut - wFlags LUT_HAS3DGRID) { + if (Lut - wFlags LUT_HAS3DGRID
Bug#619306: ghostscript segfaults on some eps file
On Mon, Apr 18, 2011 at 10:37 PM, Jonas Smedegaard d...@jones.dk wrote: Pinning is one approach, yes. Another is to only temporarily subscribe to unstable and pay close attention to which packages gets installed when requesting to update the ghostscript package (use aptitude in fullscreen mode rather that apt-get!). At first I tried this but it wanted to update a bunch of libs, including libc. I cancelled that. A thir aproach is to download and install using dpkg. Next I tried this solution and installed the following packages: liblcms1_1.18.dfsg-1.2+b3_amd64.deb libgs9-common_9.02~dfsg-1_all.deb libgs9_9.02~dfsg-1_amd64.deb ghostscript-dbg_9.02~dfsg-1_amd64.deb ghostscript_9.02~dfsg-1_amd64.deb But the problem persists: $ gdb -q --args gs -q -dSAFER arch-SPOT.eps Reading symbols from /usr/bin/gs...Reading symbols from /usr/lib/debug/usr/bin/gs...done. done. (gdb) run Starting program: /usr/bin/gs -q -dSAFER arch-SPOT.eps [Thread debugging using libthread_db enabled] Program received signal SIGSEGV, Segmentation fault. 0x in ?? () (gdb) bt #0 0x in ?? () #1 0x76577bce in cmsEvalLUT () from /usr/lib/liblcms.so.1 #2 0x765800a6 in ?? () from /usr/lib/liblcms.so.1 #3 0x7656c071 in _cmsComputePrelinearizationTablesFromXFORM () from /usr/lib/liblcms.so.1 #4 0x765828d7 in _cmsPrecalculateDeviceLink () from /usr/lib/liblcms.so.1 #5 0x76580c7a in cmsCreateProofingTransform () from /usr/lib/liblcms.so.1 #6 0x7658135b in cmsCreateTransform () from /usr/lib/liblcms.so.1 #7 0x773e87ff in gsicc_get_link_profile (pis=value optimized out, dev=value optimized out, gs_input_profile=0xac58e0, gs_output_profile=0x785280, rendering_params=0x7fffc660, memory=value optimized out, include_softproof=0) at ./base/gsicc_cache.c:594 #8 0x773e5717 in gx_remap_ICC (pcc=0x95cb00, pcs=0x9bcd68, pdc=0x991f50, pis=0x624fa8, dev=0x68ca88, select=gs_color_select_texture) at ./base/gsicc.c:347 #9 0x773262ca in gx_remap_CIEA (pc=0x95cb00, pcs=0x9bccb8, pdc=0x991f50, pis=0x624fa8, dev=0x68ca88, select=gs_color_select_texture) at ./base/gsciemap.c:700 #10 0x775859ac in gx_remap_color (pgs=0x624fa8) at ./base/gxcmap.c:553 #11 0x77578298 in gs_text_begin (pgs=0x624fa8, text=0x7fffc7d0, mem=0x602888, ppte=0x7fffc8b8) at ./base/gstext.c:262 #12 0x775785f5 in gs_xyshow_begin (pgs=0x624fa8, str=value optimized out, size=value optimized out, x_widths=0xaac268, y_widths=0x0, widths_size=6, mem=0x602888, ppte=0x7fffc8b8) at ./base/gstext.c:413 #13 0x772eddc7 in moveshow (i_ctx_p=0x641180, have_x=1, have_y=0) at ./psi/zcharx.c:113 #14 0x77355a7b in interp (pi_ctx_p=0x602388, pref=value optimized out, perror_object=0x7fffd790) at ./psi/interp.c:1263 #15 0x77356bbb in gs_call_interp (pi_ctx_p=value optimized out, pref=value optimized out, user_errors=1, pexit_code=0x7fffd7ac, perror_object=0x7fffd790) at ./psi/interp.c:484 #16 gs_interpret (pi_ctx_p=value optimized out, pref=value optimized out, user_errors=1, pexit_code=0x7fffd7ac, perror_object=0x7fffd790) at ./psi/interp.c:442 #17 0x7734be35 in gs_main_interpret (minst=value optimized out, user_errors=value optimized out, pexit_code=value optimized out, perror_object=value optimized out) at ./psi/imain.c:240 #18 gs_main_run_string_end (minst=value optimized out, user_errors=value optimized out, pexit_code=value optimized out, perror_object=value optimized out) at ./psi/imain.c:556 #19 0x7734cbd2 in run_string (minst=0x6022f0, str=value optimized out, options=value optimized out) at ./psi/imainarg.c:814 #20 0x7734cd6a in runarg (minst=0x6022f0, pre=0x7766b51d , arg=value optimized out, post=0x775e12a9 .runfile, options=3) at ./psi/imainarg.c:805 #21 0x7734e8d0 in gs_main_init_with_args (minst=0x6022f0, argc=4, argv=0x7fffe368) at ./psi/imainarg.c:215 ---Type return to continue, or q return to quit--- #22 0x00400bc4 in main (argc=4, argv=0x7fffe368) at ./psi/dxmainc.c:84 If this was corrected on this version this should not happen, right? If all of those feel scary, then there is the option of waiting until it enters testing :-) Hmm ... will testing get this on the next 10 days? Thanks Jonas. Cheers, Colin -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTinOi3JtJCw1kN=t4clp7op9kt6...@mail.gmail.com
Bug#619306: ghostscript segfaults on some eps file
found 619306 ghostscript/9.02~dfsg-1 quit Hi, Colin wrote: On Mon, Apr 18, 2011 at 10:37 PM, Jonas Smedegaard d...@jones.dk wrote: A thir aproach is to download and install using dpkg. Next I tried this solution and installed the following packages: liblcms1_1.18.dfsg-1.2+b3_amd64.deb libgs9-common_9.02~dfsg-1_all.deb libgs9_9.02~dfsg-1_amd64.deb ghostscript-dbg_9.02~dfsg-1_amd64.deb ghostscript_9.02~dfsg-1_amd64.deb But the problem persists: [...] If this was corrected on this version this should not happen, right? Right. Thanks for checking. -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110419105840.GA19691@elie
Bug#619306: ghostscript segfaults on some eps file
I should add that before of installing these packages from unstable, I compiled ghostscript-9.02.tar.gz from sourceforge and installed in /opt2 just for testing. This seems the same version of unstable. I wasn't able to reproduce the bug with my compiled gs. Here's a part of the configure, I just used ./configure --prefix=/opt2: config.log: Configured with: ../src/configure -v --with-pkgversion='Debian 4.5.2-8' --with-bugurl=file:///usr/share/doc/gcc-4.5/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.5 --enable-shared --enable-multiarch --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.5 --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin --enable-gold --enable-ld=default --with-plugin-ld=ld.gold --enable-objc-gc --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.5.2 (Debian 4.5.2-8) Cheers, Colin -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTinStn=-yprgzrpijkxrcwj3q5b...@mail.gmail.com
Bug#619306: ghostscript segfaults on some eps file
Hi Colin, Thanks for your additions to this bugreport! On 11-04-18 at 03:21pm, Colin wrote: I'm affected by this bug too with some of my eps files. Any update on this? Yes there is a potential update: Since this bug was reported, a newer 9.02 release have been packaged and is now in Debian unstable. It includes an addon package with debug data, and also contains some Debian-specific bugfixes related to color management library linkage. So please try with 9.02 and tell if the problem persist there. If it does, then please install the ghostscript-dbg package and post a gdb trace here to the bugreport. Please also include the EPS files that trigger the bug and the gs command which triggers it. Kind regards, - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature
Bug#619306: ghostscript segfaults on some eps file
On 11-04-18 at 07:30pm, Colin wrote: On Mon, Apr 18, 2011 at 5:38 PM, Jonas Smedegaard d...@jones.dk wrote: So please try with 9.02 and tell if the problem persist there. If it does, then please install the ghostscript-dbg package and post a gdb trace here to the bugreport. Please also include the EPS files that trigger the bug and the gs command which triggers it. Hi Jonas, I would love to test that out but I'm running testing. Do I have to resort to apt pinning to try it out as it is only on unstable? Thanks. Pinning is one approach, yes. Another is to only temporarily subscribe to unstable and pay close attention to which packages gets installed when requesting to update the ghostscript package (use aptitude in fullscreen mode rather that apt-get!). A thir aproach is to download and install using dpkg. If all of those feel scary, then there is the option of waiting until it enters testing :-) - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature
Bug#619306: ghostscript segfaults on some eps file
tags 619306 + confirmed quit Hi, Alexandre Duret-Lutz wrote: Running gs on the attached file ends with a segfault. % gs -dSAFER arch-SPOT.eps I can't reproduce this with upstream gs (I'm probably using the wrong build-time parameters) but I can easily reproduce it with the ghostscript Debian package. Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x in ?? () (gdb) bt #0 0x in ?? () #1 0x77fc4206 in cmsEvalLUT (Lut=0x887920, In=value optimized out, Out=0x7fffc970) at cmslut.c:512 #2 0x77fcb741 in NormalXFORM (p=0x887770, in=value optimized out, out=value optimized out, Size=1) at cmsxform.c:210 #3 0x77fbab71 in _cmsComputePrelinearizationTablesFromXFORM (h=0x7fffcb10, nTransforms=1, Grid=0x8895c0) at cmsgmt.c:1121 #4 0x77fce217 in _cmsPrecalculateDeviceLink (h=0x887770, dwFlags=value optimized out) at cmssamp.c:271 #5 0x77fcc8bd in cmsCreateProofingTransform (InputProfile=value optimized out, InputFormat=196618, OutputProfile=0x580660, OutputFormat=262170, ProofingProfile=value optimized out, nIntent=1, ProofingIntent=3, dwFlags=9216) at cmsxform.c:1537 #6 0x77fccfbb in cmsCreateTransform (Input=value optimized out, InputFormat=value optimized out, Output=value optimized out, OutputFormat=value optimized out, Intent=value optimized out, dwFlags=value optimized out) at cmsxform.c:1618 #7 0x775eb3d7 in gsicc_get_link_profile (pis=value optimized out, dev=value optimized out, gs_input_profile=0x885bf0, gs_output_profile=0x5b1c10, rendering_params=0x7fffccf0, memory=0x4028c8, include_softproof=0) at ./base/gsicc_cache.c:592 #8 0x775e82f7 in gx_remap_ICC (pcc=0x6d1b00, pcs=0x445ba8, pdc=0x770db0, pis=0x428d58, dev=0x4903b8, select=gs_color_select_texture) at ./base/gsicc.c:347 #9 0x77529b8a in gx_remap_CIEA (pc=0x6d1b00, pcs=0x445af8, pdc=0x770db0, pis=0x428d58, dev=0x4903b8, select=gs_color_select_texture) at ./base/gsciemap.c:665 #10 0x777862bc in gx_remap_color (pgs=0x428d58) at ./base/gxcmap.c:553 #11 0x77778cb8 in gs_text_begin (pgs=0x428d58, text=0x7fffce60, mem=0x4028c8, ppte=0x7fffcf48) at ./base/gstext.c:262 #12 0x77779015 in gs_xyshow_begin (pgs=0x428d58, str=value optimized out, size=value optimized out, x_widths=0x882b08, y_widths=0x0, widths_size=6, mem=0x4028c8, ppte=0x7fffcf48) at ./base/gstext.c:413 #13 0x774f1777 in moveshow (i_ctx_p=0x444d50, have_x=1, have_y=0) at ./psi/zcharx.c:113 #14 0x775592eb in interp (pi_ctx_p=0x402388, pref=value optimized out, perror_object=0x7fffde20) at ./psi/interp.c:1263 In other words, the Device2PCS-CLut16params.Interp3D callback passed to cmsEvalLUT is null. In fact, the entire CLut16params struct consists of zeroes. The relevant Device2PCS structure has few nonzero fields: .wFlags = 584, .InputChan = 3, .OutputChan = 3, .OutputEntries = 2, .L2 = {0x72ea80, 0x72efc0, 0x729e70, 0, ...}, .Out16params = { .nSamples = 2, .nInputs = 1, .nOutputs = 1, .Domain = 1, }, .Mat4 = { .v = { [0] = {.n = {14870, 11683, 5040},}, [1] = {.n = {7908, 9, 2630},}, [2] = {.n = {467, 2684, 23883},}, } }, .L4 = {0x78ebc0, 0x78efd0, 0x78f3e0, 0, ...}, .L4params = { .nSamples = 512, .nInputs = 1, .nOutputs = 1, .Domain = 511, }, .L4Entries = 512 That structure is filled by cmsReadICCLut, which calls ReadLUT_A2B(Icc, NewLUT, offset, sig) to fill it. What this all means is beyond my expertise. Hints? $ dpkg-query -W liblcms1 liblcms11.18.dfsg-1.2 -- To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110325081347.GA29625@elie