Bug 1661210

Summary: ghostscript: Regression: pdf2ps reports an error when reading from stdin (Error: /invalidfileaccess in --run--)
Product: Red Hat Enterprise Linux 7 Reporter: Peter Oliver <mavit>
Component: ghostscriptAssignee: Martin Osvald 🛹 <mosvald>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.6CC: bmason, fkrska, simon.matter, thozza
Target Milestone: rcKeywords: Patch, Regression, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ghostscript-9.25-2.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1665919 (view as bug list) Environment:
Last Closed: 2019-08-06 13:13:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1665919    

Description Peter Oliver 2018-12-20 12:35:24 UTC 
Description of problem:
Command pdf2ps exits 1 when reading from standard input.  Despite this, it produces the expected output apparently correctly.

Version-Release number of selected component (if applicable):
ghostscript-9.07-31.el7_6.6.x86_64

How reproducible:
Always

Steps to Reproduce:
pdf2ps - out.ps < /usr/share/doc/libtasn1-4.10/libtasn1.pdf
(or any other PDF file that you happen to have nearby)

Actual results:
Error: /invalidfileaccess in --run--
Operand stack:
   (/tmp/gs_Xvn1Mk)
Execution stack:
   %interp_exit   .runexec2   --nostringval--   run   --nostringval--   2   %stopped_push   --nostringval--   run   run   false   1   %stopped_push   1907   1   3   %oparray_pop   1906   1   3   %oparray_pop   1887   1   3   %oparray_pop
Dictionary stack:
   --dict:938/1684(ro)(G)--   --dict:1/20(G)--   --dict:77/200(L)--
Current allocation mode is local
GPL Ghostscript 9.07: Unrecoverable error, exit code 1

Expected results:
Command silently exits 0.

Additional info:
This problem doesn't occur with ghostscript-9.07-31.el7.x86_64.
Comment 1 Martin Osvald 🛹 2018-12-20 13:19:33 UTC 
Hello,

Thank you very much for reporting this problem!

I am glad to hear that despite the error, it produces the intended output file.

I can reproduce the same and can confirm the problem was introduced with ghostscript-9.07-31.el7_6.1 and that it doesn't happen if the pdf file gets passed through command line argument, but happens when it gets read/redirected through stdin.

I will try to return back to you soon with follow up investigation results.

Kind regards,
-Martin
Comment 2 Martin Osvald 🛹 2018-12-20 14:44:44 UTC 
So I found out the culprit patch behind this.


The regression was introduced with backporting of the below upstream patch:

https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b

to fix CVE-2018-16539 (patchfile: ghostscript-cve-2018-16539.patch).


When I try to build the upstream code checking out exactly that commit, upstream ends with exactly the same error.

This regression was fixed by later upstream commit:

https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0704d18b10314d701a522ad6c16718e0b8e199b7

I checked it and it fixes this regression.


Side note:

pdf2ps is a wrapper script which calls gs with the below params:

~~~
exec "$GS_EXECUTABLE" $OPTIONS -q -dNOPAUSE -dBATCH -P- -dSAFER -sDEVICE=ps2write "-sOutputFile=$outfile" $OPTIONS -c save pop -f "$1"
~~~

If we remove '-dSAFER', pdf2ps no longer prints the reported error.


I will try to get the fix for this BZ included in the next errata.
Comment 7 Martin Osvald 🛹 2018-12-21 06:00:51 UTC 
TEMPORARY WORKAROUND:

- either pass the input file as command line argument instead of letting it be read through stdin
- or ignore the error (the error doesn't look to be influencing contents of the resulting output file)
- or downgrade to ghostscript-9.07-31.el7
- or temporarily remove '-dSAFER' from /usr/bin/pdf2ps
Comment 10 Martin Osvald 🛹 2019-01-10 06:00:40 UTC 
*** Bug 1664890 has been marked as a duplicate of this bug. ***
Comment 13 Martin Osvald 🛹 2019-01-10 08:17:28 UTC 
*** Bug 1664980 has been marked as a duplicate of this bug. ***
Comment 14 Simon Matter 2019-01-10 08:31:20 UTC 
Hi Martin,

You wrote, as a temporary workaround, one can
- or ignore the error (the error doesn't look to be influencing contents of the resulting output file)

That's problematic because depending on how you call pdf2ps, the error message above is included in the output file.
If you do "cat in.pdf | pdf2ps - - > out.ps", then the error is included at the top of out.ps.

So, piping a pdf through pdf2ps results in an invalid ps output stream.
Comment 15 Martin Osvald 🛹 2019-01-10 08:51:52 UTC 
(In reply to Simon Matter from comment #14)
> If you do "cat in.pdf | pdf2ps - - > out.ps", then the error is included at
> the top of out.ps.
> 
> So, piping a pdf through pdf2ps results in an invalid ps output stream.

yes, in this case, you need to specify an output file argument for pdf2ps to workaround it
Comment 26 errata-xmlrpc 2019-08-06 13:13:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:2281