Bug 1280458
Summary: | [abrt] evince: gs_lcms2_malloc(): evince killed by SIGSEGV | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jeff Bastian <jbastian> | ||||||||||||||||||||||||||
Component: | ghostscript | Assignee: | David Kaspar // Dee'Kej <deekej> | ||||||||||||||||||||||||||
Status: | CLOSED DUPLICATE | QA Contact: | QE Internationalization Bugs <qe-i18n-bugs> | ||||||||||||||||||||||||||
Severity: | medium | Docs Contact: | |||||||||||||||||||||||||||
Priority: | medium | ||||||||||||||||||||||||||||
Version: | 7.2 | ||||||||||||||||||||||||||||
Target Milestone: | rc | ||||||||||||||||||||||||||||
Target Release: | --- | ||||||||||||||||||||||||||||
Hardware: | x86_64 | ||||||||||||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||||||||||||
URL: | http://faf-report.itos.redhat.com/reports/bthash/25708118d9cc01c38a770b961478ca9772dd3c5a | ||||||||||||||||||||||||||||
Whiteboard: | abrt_hash:c203a92d11d80ddc22c7fe1dfed79be2e832f3c2 | ||||||||||||||||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||||||||||||||
Clone Of: | Environment: | ||||||||||||||||||||||||||||
Last Closed: | 2016-05-25 11:36:24 UTC | Type: | --- | ||||||||||||||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||||||||||
Embargoed: | |||||||||||||||||||||||||||||
Attachments: |
|
Description
Jeff Bastian
2015-11-11 19:13:46 UTC
Created attachment 1092839 [details]
File: backtrace
Created attachment 1092840 [details]
File: cgroup
Created attachment 1092841 [details]
File: core_backtrace
Created attachment 1092842 [details]
File: dso_list
Created attachment 1092843 [details]
File: environ
Created attachment 1092844 [details]
File: exploitable
Created attachment 1092845 [details]
File: limits
Created attachment 1092846 [details]
File: machineid
Created attachment 1092847 [details]
File: maps
Created attachment 1092848 [details]
File: open_fds
Created attachment 1092849 [details]
File: proc_pid_status
Created attachment 1092850 [details]
File: var_log_messages
This is a bug in ghostscript. I can not reproduce this but looking at the backtrace and related packages reveals: poppler calls cmsOpenProfileFromMem(profBuf,length) which calls cmsOpenProfileFromMemTHR(NULL, MemPtr, dwSize) this way we get in situation when we call ghostscript's "gs_lcms2_malloc (id=0x0, size=3752)" Current ghostscript handles this a better because it doesn't use the given pointer directly but calls cmsGetContextUserData() on it which handles the NULL there. Looking at the backtrace and Marek's comment #14, this is a duplicate of BZ #959351. *** This bug has been marked as a duplicate of bug 959351 *** |