Bug#619306: ghostscript segfaults on some eps file

2011-05-04 Thread Jonas Smedegaard 
On 11-05-04 at 05:44am, Jonathan Nieder wrote:
 Jonathan Nieder wrote:
  Håkon A. Hjortland wrote:
 
  Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 
  also fixes the segfaults for both arch-SPOT.eps and 
  transmitter.pdf.
 
  Ah, thanks for this (and for pinpointing which pointers are NULL)! 
  I'll bisect.
 
 Ok, so I was looking for an upstream repository to sift through but I 
 don't think there is one for lcms1.

Not sure I understand what you mean above: Sure there is upstream source 
for lcms1: http://www.littlecms.com/download.html


 When ghostscript renders arch-SPOT.eps, Device2PCS-CLut16params (as 
 filled by cmsReadICCLut) is all-zeroes with modern liblcms1 and in 
 particular the pointer to its Interp3D method is NULL when cmsEvalLUT 
 calls it.  Håkon did the brave thing and tried omitting the Interp3D 
 call, and it seemed to work okay.
 
 So it's all a little puzzling.  Hints welcome.

Ghostscript recently added support for LittleCMS 2.x which I hope to 
soon use instead of LittleCMS 1.x.


Thanks to all of you for the valuable work here!


 - Jonas

-- 
 * Jonas Smedegaard - idealist  Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: Digital signature

Bug#619306: ghostscript segfaults on some eps file

2011-05-03 Thread Colin 
2011/5/3 Håkon A. Hjortland p...@hakn.net:
 For people who are just interested in a quick and dirty fix right here
 and now.

Thanks.
I've used the ubuntu package on my amd64 wheezy/testing machine and
indeed I don't have the segfaults anymore.
Hope we can get this resolved on the package update.

Cheers,
Colin



--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/BANLkTinNDeK+Rw=5utupckuvnybu5g9...@mail.gmail.com

Bug#619306: ghostscript segfaults on some eps file

2011-05-03 Thread Jonathan Nieder 
Hi,

Håkon A. Hjortland wrote:

 Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 also
 fixes the segfaults for both arch-SPOT.eps and transmitter.pdf.

Ah, thanks for this (and for pinpointing which pointers are NULL)!
I'll bisect.



--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110504042206.GE8187@elie

Bug#619306: ghostscript segfaults on some eps file

2011-05-02 Thread Håkon A. Hjortland 
My system:
Ubuntu 11.04
ghostscript 9.01~dfsg-1ubuntu5
liblcms1 1.18.dfsg-1.2ubuntu1

Attaching transmitter.pdf, which seems to provoke a different segfault
error than arch-SPOT.eps.

Quickfix 1 (ugly patches):
liblcms_Interp3D_NULL.*: Fixes arch-SPOT.eps segfault.
ghostscript_icc_link_NULL.*: Fixes transmitter.pdf segfault.
WARNING: I have no idea what I'm doing here. The segfaults disappear,
but for all I know the produced output files from ghostscript might be
wrong now.

Quickfix 2 (downgrading liblcms1):
Downgrading liblcms1 from 1.18.dfsg-1.2ubuntu1 to 1.16-7ubuntu1 also
fixes the segfaults for both arch-SPOT.eps and transmitter.pdf.

Before fixes:

$ epstopdf arch-SPOT.eps
epstopdf ($Id: epstopdf.pl 17496 2010-03-18 17:57:31Z karl $) 2.15
!!! Error: Writing to gs failed, signal 11
$ pdf2ps transmitter.pdf
Segmentation fault


After using either of the quickfixes:

$ epstopdf arch-SPOT.eps
$ pdf2ps transmitter.pdf




For people who are just interested in a quick and dirty fix right here
and now, here's the gist:

Step-by-step instructions for downgrade-quickfix for amd64:

 (Use at your own risk!)
 1) wget 
 'http://ftp.uninett.no/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1_amd64.deb'
 2) sudo dpkg --install liblcms1_1.16-7ubuntu1_amd64.deb
 3) Use synaptic to pin the package at that version (Lock Version) so that 
 it won't be upgraded again.


Step-by-step instructions for downgrade-quickfix for i386:

 (Use at your own risk!)
 1) wget 
 'http://ftp.uninett.no/ubuntu/pool/main/l/lcms/liblcms1_1.16-7ubuntu1_i386.deb'
 2) sudo dpkg --install liblcms1_1.16-7ubuntu1_i386.deb
 3) Use synaptic to pin the package at that version (Lock Version) so that 
 it won't be upgraded again.




--
Håkon


transmitter.pdf
Description: Adobe PDF document
diff -ru source/ghostscript-9.01~dfsg/base/gsicc.c x/ghostscript-9.01~dfsg/base/gsicc.c
--- source/ghostscript-9.01~dfsg/base/gsicc.c	2010-12-06 21:30:42.0 +0100
+++ x/ghostscript-9.01~dfsg/base/gsicc.c	2011-05-02 15:03:14.416228156 +0200
@@ -345,7 +345,7 @@
 }
 /* Get a link from the cache, or create if it is not there. Need to get 16 bit profile */
 icc_link = gsicc_get_link(pis, dev, pcs, NULL, rendering_params, pis-memory, false);
-if (icc_link-is_identity) {
+if (icc_link == NULL || icc_link-is_identity) {
 psrc_temp = (psrc[0]);
 } else {
 /* Transform the color */
@@ -368,7 +368,9 @@
 }
 #endif
 /* Release the link */
-gsicc_release_link(icc_link);
+if (icc_link != NULL) {
+  gsicc_release_link(icc_link);
+}
 /* Now do the remap for ICC which amounts to the alpha application
the transfer function and potentially the halftoning */
 /* Right now we need to go from unsigned short to frac.  I really
diff -ru source/ghostscript-9.01~dfsg/debian/changelog x/ghostscript-9.01~dfsg/debian/changelog
--- source/ghostscript-9.01~dfsg/debian/changelog	2011-04-01 15:02:35.0 +0200
+++ x/ghostscript-9.01~dfsg/debian/changelog	2011-05-02 15:04:47.837064929 +0200
@@ -1,3 +1,9 @@
+ghostscript (9.01~dfsg-1ubuntu5quickfix1) natty; urgency=low
+
+  * Quickfix: Handle icc_link == NULL. Fixes a segfault.
+
+ -- Foo Bar f...@nowhere.com  Mon, 02 May 2011 13:36:41 +0200
+
 ghostscript (9.01~dfsg-1ubuntu5) natty; urgency=low
 
   * gs-common: Reintroduce dependency on ghostscript, still too many packages


ghostscript_icc_link_NULL.sh
Description: Bourne shell script
diff -ru orig/lcms-1.18.dfsg/debian/changelog fixed/lcms-1.18.dfsg/debian/changelog
--- orig/lcms-1.18.dfsg/debian/changelog	2011-05-02 16:03:20.0 +0200
+++ fixed/lcms-1.18.dfsg/debian/changelog	2011-05-03 00:41:03.995618170 +0200
@@ -1,3 +1,9 @@
+lcms (1.18.dfsg-1.2ubuntu1quickfix1) natty; urgency=low
+
+  * Quickfix: Handle Lut-CLut16params.Interp3D == NULL. Fixes a segfault.
+
+ -- Foo Bar f...@nowhere.com  Mon, 02 May 2011 13:36:41 +0200
+
 lcms (1.18.dfsg-1.2ubuntu1) natty; urgency=low
 
   * Merge from debian unstable.  Remaining changes: (LP: #694364)
diff -ru orig/lcms-1.18.dfsg/src/cmslut.c fixed/lcms-1.18.dfsg/src/cmslut.c
--- orig/lcms-1.18.dfsg/src/cmslut.c	2009-03-21 16:31:52.0 +0100
+++ fixed/lcms-1.18.dfsg/src/cmslut.c	2011-05-03 00:39:08.344636953 +0200
@@ -507,7 +507,7 @@
 
 
 
-   if (Lut - wFlags  LUT_HAS3DGRID) {
+   if (Lut - wFlags  LUT_HAS3DGRID

Bug#619306: ghostscript segfaults on some eps file

2011-04-19 Thread Colin 
On Mon, Apr 18, 2011 at 10:37 PM, Jonas Smedegaard d...@jones.dk wrote:
 Pinning is one approach, yes.  Another is to only temporarily subscribe
 to unstable and pay close attention to which packages gets installed
 when requesting to update the ghostscript package (use aptitude in
 fullscreen mode rather that apt-get!).

At first I tried this but it wanted to update a bunch of libs, including libc.
I cancelled that.

  A thir aproach is to download
 and install using dpkg.

Next I tried this solution and installed the following packages:
liblcms1_1.18.dfsg-1.2+b3_amd64.deb
libgs9-common_9.02~dfsg-1_all.deb
libgs9_9.02~dfsg-1_amd64.deb
ghostscript-dbg_9.02~dfsg-1_amd64.deb
ghostscript_9.02~dfsg-1_amd64.deb
But the problem persists:
$ gdb -q --args gs -q -dSAFER arch-SPOT.eps
Reading symbols from /usr/bin/gs...Reading symbols from
/usr/lib/debug/usr/bin/gs...done.
done.
(gdb) run
Starting program: /usr/bin/gs -q -dSAFER arch-SPOT.eps
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x in ?? ()
(gdb) bt
#0  0x in ?? ()
#1  0x76577bce in cmsEvalLUT () from /usr/lib/liblcms.so.1
#2  0x765800a6 in ?? () from /usr/lib/liblcms.so.1
#3  0x7656c071 in _cmsComputePrelinearizationTablesFromXFORM
() from /usr/lib/liblcms.so.1
#4  0x765828d7 in _cmsPrecalculateDeviceLink () from
/usr/lib/liblcms.so.1
#5  0x76580c7a in cmsCreateProofingTransform () from
/usr/lib/liblcms.so.1
#6  0x7658135b in cmsCreateTransform () from /usr/lib/liblcms.so.1
#7  0x773e87ff in gsicc_get_link_profile (pis=value optimized
out, dev=value optimized out, gs_input_profile=0xac58e0,
gs_output_profile=0x785280, rendering_params=0x7fffc660,
memory=value optimized out, include_softproof=0)
at ./base/gsicc_cache.c:594
#8  0x773e5717 in gx_remap_ICC (pcc=0x95cb00, pcs=0x9bcd68,
pdc=0x991f50, pis=0x624fa8, dev=0x68ca88,
select=gs_color_select_texture) at ./base/gsicc.c:347
#9  0x773262ca in gx_remap_CIEA (pc=0x95cb00, pcs=0x9bccb8,
pdc=0x991f50, pis=0x624fa8, dev=0x68ca88,
select=gs_color_select_texture) at ./base/gsciemap.c:700
#10 0x775859ac in gx_remap_color (pgs=0x624fa8) at ./base/gxcmap.c:553
#11 0x77578298 in gs_text_begin (pgs=0x624fa8,
text=0x7fffc7d0, mem=0x602888, ppte=0x7fffc8b8) at
./base/gstext.c:262
#12 0x775785f5 in gs_xyshow_begin (pgs=0x624fa8, str=value
optimized out, size=value optimized out, x_widths=0xaac268,
y_widths=0x0, widths_size=6, mem=0x602888, ppte=0x7fffc8b8) at
./base/gstext.c:413
#13 0x772eddc7 in moveshow (i_ctx_p=0x641180, have_x=1,
have_y=0) at ./psi/zcharx.c:113
#14 0x77355a7b in interp (pi_ctx_p=0x602388, pref=value
optimized out, perror_object=0x7fffd790) at ./psi/interp.c:1263
#15 0x77356bbb in gs_call_interp (pi_ctx_p=value optimized
out, pref=value optimized out, user_errors=1,
pexit_code=0x7fffd7ac, perror_object=0x7fffd790) at
./psi/interp.c:484
#16 gs_interpret (pi_ctx_p=value optimized out, pref=value
optimized out, user_errors=1, pexit_code=0x7fffd7ac,
perror_object=0x7fffd790) at ./psi/interp.c:442
#17 0x7734be35 in gs_main_interpret (minst=value optimized
out, user_errors=value optimized out,
pexit_code=value optimized out, perror_object=value optimized
out) at ./psi/imain.c:240
#18 gs_main_run_string_end (minst=value optimized out,
user_errors=value optimized out, pexit_code=value optimized out,
perror_object=value optimized out) at ./psi/imain.c:556
#19 0x7734cbd2 in run_string (minst=0x6022f0, str=value
optimized out, options=value optimized out) at ./psi/imainarg.c:814
#20 0x7734cd6a in runarg (minst=0x6022f0, pre=0x7766b51d
, arg=value optimized out, post=0x775e12a9 .runfile,
options=3) at ./psi/imainarg.c:805
#21 0x7734e8d0 in gs_main_init_with_args (minst=0x6022f0,
argc=4, argv=0x7fffe368) at ./psi/imainarg.c:215
---Type return to continue, or q return to quit---
#22 0x00400bc4 in main (argc=4, argv=0x7fffe368) at
./psi/dxmainc.c:84

If this was corrected on this version this should not happen, right?

 If all of those feel scary, then there is the option of waiting until it
 enters testing :-)

Hmm ... will testing get this on the next 10 days?


Thanks Jonas.

Cheers,
Colin



--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/BANLkTinOi3JtJCw1kN=t4clp7op9kt6...@mail.gmail.com

Bug#619306: ghostscript segfaults on some eps file

2011-04-19 Thread Jonathan Nieder 
found 619306 ghostscript/9.02~dfsg-1
quit

Hi,

Colin wrote:
 On Mon, Apr 18, 2011 at 10:37 PM, Jonas Smedegaard d...@jones.dk wrote:

  A thir aproach is to download
 and install using dpkg.

 Next I tried this solution and installed the following packages:
 liblcms1_1.18.dfsg-1.2+b3_amd64.deb
 libgs9-common_9.02~dfsg-1_all.deb
 libgs9_9.02~dfsg-1_amd64.deb
 ghostscript-dbg_9.02~dfsg-1_amd64.deb
 ghostscript_9.02~dfsg-1_amd64.deb
 But the problem persists:
[...]
 If this was corrected on this version this should not happen, right?

Right.  Thanks for checking.



--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110419105840.GA19691@elie

Bug#619306: ghostscript segfaults on some eps file

2011-04-19 Thread Colin 
I should add that before of installing these packages from unstable, I
compiled ghostscript-9.02.tar.gz from sourceforge and installed in
/opt2 just for testing. This seems the same version of unstable.
I wasn't able to reproduce the bug with my compiled gs.
Here's a part of the configure, I just used ./configure --prefix=/opt2:
config.log:
Configured with: ../src/configure -v --with-pkgversion='Debian
4.5.2-8' --with-bugurl=file:///usr/share/doc/gcc-4.5/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.5 --enable-shared --enable-multiarch
--enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.5 --libdir=/usr/lib
--enable-nls --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --enable-plugin --enable-gold
--enable-ld=default --with-plugin-ld=ld.gold --enable-objc-gc
--with-arch-32=i586 --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.5.2 (Debian 4.5.2-8)

Cheers,
Colin



-- 
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/BANLkTinStn=-yprgzrpijkxrcwj3q5b...@mail.gmail.com

Bug#619306: ghostscript segfaults on some eps file

2011-04-18 Thread Jonas Smedegaard 
Hi Colin,

Thanks for your additions to this bugreport!

On 11-04-18 at 03:21pm, Colin wrote:
 I'm affected by this bug too with some of my eps files.
 Any update on this?

Yes there is a potential update: Since this bug was reported, a newer 
9.02 release have been packaged and is now in Debian unstable. It 
includes an addon package with debug data, and also contains some 
Debian-specific bugfixes related to color management library linkage.

So please try with 9.02 and tell if the problem persist there.  If it 
does, then please install the ghostscript-dbg package and post a gdb 
trace here to the bugreport.  Please also include the EPS files that 
trigger the bug and the gs command which triggers it.


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist  Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: Digital signature

Bug#619306: ghostscript segfaults on some eps file

2011-04-18 Thread Jonas Smedegaard 
On 11-04-18 at 07:30pm, Colin wrote:
 On Mon, Apr 18, 2011 at 5:38 PM, Jonas Smedegaard d...@jones.dk wrote:
  So please try with 9.02 and tell if the problem persist there.  If 
  it does, then please install the ghostscript-dbg package and post a 
  gdb trace here to the bugreport.  Please also include the EPS files 
  that trigger the bug and the gs command which triggers it.
 
 Hi Jonas,
 I would love to test that out but I'm running testing.
 Do I have to resort to apt pinning to try it out as it is only on 
 unstable?
 Thanks.

Pinning is one approach, yes.  Another is to only temporarily subscribe 
to unstable and pay close attention to which packages gets installed 
when requesting to update the ghostscript package (use aptitude in 
fullscreen mode rather that apt-get!).  A thir aproach is to download 
and install using dpkg.

If all of those feel scary, then there is the option of waiting until it 
enters testing :-)


 - Jonas

-- 
 * Jonas Smedegaard - idealist  Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: Digital signature

Bug#619306: ghostscript segfaults on some eps file

2011-03-25 Thread Jonathan Nieder 
tags 619306 + confirmed
quit

Hi,

Alexandre Duret-Lutz wrote:

 Running gs on the attached file ends with a segfault.
 
 % gs -dSAFER arch-SPOT.eps

I can't reproduce this with upstream gs (I'm probably using the wrong
build-time parameters) but I can easily reproduce it with the ghostscript
Debian package.  Backtrace:

 Program received signal SIGSEGV, Segmentation fault.
 0x in ?? ()
 (gdb) bt
 #0  0x in ?? ()
 #1  0x77fc4206 in cmsEvalLUT (Lut=0x887920, In=value optimized out, 
Out=0x7fffc970)
 at cmslut.c:512
 #2  0x77fcb741 in NormalXFORM (p=0x887770, in=value optimized out, 
out=value optimized out, Size=1)
 at cmsxform.c:210
 #3  0x77fbab71 in _cmsComputePrelinearizationTablesFromXFORM 
(h=0x7fffcb10, nTransforms=1, 
 Grid=0x8895c0) at cmsgmt.c:1121
 #4  0x77fce217 in _cmsPrecalculateDeviceLink (h=0x887770, 
dwFlags=value optimized out)
 at cmssamp.c:271
 #5  0x77fcc8bd in cmsCreateProofingTransform (InputProfile=value 
optimized out, InputFormat=196618, 
 OutputProfile=0x580660, OutputFormat=262170, ProofingProfile=value 
optimized out, nIntent=1, 
 ProofingIntent=3, dwFlags=9216) at cmsxform.c:1537
 #6  0x77fccfbb in cmsCreateTransform (Input=value optimized out, 
InputFormat=value optimized out, 
 Output=value optimized out, OutputFormat=value optimized out, 
Intent=value optimized out, 
 dwFlags=value optimized out) at cmsxform.c:1618
 #7  0x775eb3d7 in gsicc_get_link_profile (pis=value optimized out, 
dev=value optimized out, 
 gs_input_profile=0x885bf0, gs_output_profile=0x5b1c10, 
rendering_params=0x7fffccf0, memory=0x4028c8, 
 include_softproof=0) at ./base/gsicc_cache.c:592
 #8  0x775e82f7 in gx_remap_ICC (pcc=0x6d1b00, pcs=0x445ba8, 
pdc=0x770db0, pis=0x428d58, dev=0x4903b8, 
 select=gs_color_select_texture) at ./base/gsicc.c:347
 #9  0x77529b8a in gx_remap_CIEA (pc=0x6d1b00, pcs=0x445af8, 
pdc=0x770db0, pis=0x428d58, dev=0x4903b8, 
 select=gs_color_select_texture) at ./base/gsciemap.c:665
 #10 0x777862bc in gx_remap_color (pgs=0x428d58) at ./base/gxcmap.c:553
 #11 0x77778cb8 in gs_text_begin (pgs=0x428d58, text=0x7fffce60, 
mem=0x4028c8, ppte=0x7fffcf48)
 at ./base/gstext.c:262
 #12 0x77779015 in gs_xyshow_begin (pgs=0x428d58, str=value optimized 
out, size=value optimized out, 
 x_widths=0x882b08, y_widths=0x0, widths_size=6, mem=0x4028c8, 
ppte=0x7fffcf48) at ./base/gstext.c:413
 #13 0x774f1777 in moveshow (i_ctx_p=0x444d50, have_x=1, have_y=0) at 
./psi/zcharx.c:113
 #14 0x775592eb in interp (pi_ctx_p=0x402388, pref=value optimized 
out, perror_object=0x7fffde20)
 at ./psi/interp.c:1263

In other words, the Device2PCS-CLut16params.Interp3D callback passed
to cmsEvalLUT is null.  In fact, the entire CLut16params struct
consists of zeroes.  The relevant Device2PCS structure has few nonzero
fields:

.wFlags = 584,
.InputChan = 3,
.OutputChan = 3,
.OutputEntries = 2,
.L2 = {0x72ea80, 0x72efc0, 0x729e70, 0, ...},
.Out16params = {
.nSamples = 2,
.nInputs = 1,
.nOutputs = 1,
.Domain = 1,
},
.Mat4 = {
.v = {
[0] = {.n = {14870, 11683, 5040},},
[1] = {.n = {7908, 9, 2630},},
[2] = {.n = {467, 2684, 23883},},
}
},
.L4 = {0x78ebc0, 0x78efd0, 0x78f3e0, 0, ...},
.L4params = {
.nSamples = 512,
.nInputs = 1,
.nOutputs = 1,
.Domain = 511,
},
.L4Entries = 512

That structure is filled by cmsReadICCLut, which calls
ReadLUT_A2B(Icc, NewLUT, offset, sig) to fill it.  What this all means
is beyond my expertise.  Hints?

$ dpkg-query -W liblcms1
liblcms11.18.dfsg-1.2



-- 
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110325081347.GA29625@elie