Bug 452998

Summary: gimp postscript plugin gets segmentation fault
Product: Red Hat Enterprise Linux 5 Reporter: Alan Matsuoka <alanm>
Component: gimpAssignee: Nils Philippsen <nphilipp>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: high    
Version: 5.2CC: cward, nphilipp, pknirsch, rdassen, tao, twoerner, vbenes
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-07 12:09:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 499522, 743405    
Attachments:
Description Flags
gimp-2.2.13-postscript-segv.patch none

Description Alan Matsuoka 2008-06-26 14:46:29 UTC
Description of problem:
gimp issues /usr/lib/gimp/2.0/plug-ins/postscript: fatal error:
Segmentation fault

Version-Release number of selected component (if applicable):
gimp-2.2-13-2.0.7.e15

How reproducible:
always

Steps to Reproduce:
1.Create a new image in gimp
2.Save as a PostScript
3.Chose Preview in output option

Actual results:
/usr/lib/gimp/2.0/plug-ins/postscript: fatal error: Segmentation fault

Expected results:
No Segmentation fault, and the image displays as a preview

Additional info:

$ gimp --stack-trace-mode always
/usr/lib/gimp/2.0/plug-ins/postscript: fatal error: Segmentation fault
#0  0x40000402 in __kernel_vsyscall ()
#1  0x007ac92f in fork () from /lib/libc.so.6
#2  0x00a4a13c in g_on_error_stack_trace () from /lib/libglib-2.0.so.0
#3  0x4002eec9 in gimp_plugin_sigfatal_handler (sig_num=11) at gimp.c:1483
#4  <signal handler called>
#5  dither_grey (grey=0x981ffc0 'ÿ§ <repeats 200 times>..., bw=0x9635468 "",
#6  0x0804d7ce in save_ps_setup (ofp=0x980e540, drawable_ID=2, width=420,
#7  0x0804f710 in save_image (filename=<value optimized out>, image_ID=1,
#8  0x08050f21 in run (name=0x95e94f8 "file_ps_save", nparams=15,
#9  0x4002f5ee in gimp_main (info=0x80533c0, argc=6, argv=0xbf93e834)
#10 0x0804e6a7 in main (argc=Cannot access memory at address 0x0
#11 0x00733dec in __libc_start_main () from /lib/libc.so.6
#12 0x0804a3f1 in _start ()
Dear SEG,

Here is an easy bug in gimp. 100% reprodusable, please close.
The segfalut occurs at line 2240 due to corruption of fs_error.
The corruption is related to *limit or limit_array[], I think.

plug-ins/common/postscript.c

2192 dither_grey (guchar *grey,
2193              guchar *bw,
2194              gint    npix,
2195              gint    linecount)
2196 {
2197   register guchar *greyptr, *bwptr, mask;
2198   register int *fse;
2199   int x, greyval, fse_inline;
2200   static int *fs_error = NULL;
2201   static int do_init_arrays = 1;
2202   static int limit_array[1278];
2203   static int
east_error[256],seast_error[256],south_error[256],swest_error[256];
2204   int *limit = &(limit_array[512]);
<snip>
2215       if (do_init_arrays)
2216         {
2217           do_init_arrays = 0;
2218           for (x = -511; x <= 766; x++)
2219             limit[x] = (x < 0) ? 0 : ((x > 255) ? 255 : x);  <--*** direct
cause of the segfault
<snip>
2238   bwptr = bw;
2239   mask = 0x80;
2240   fse_inline = fs_error[0];  <---------****  segmentation fault

SEG Notes:
Attached patch works for customer.

Comment 1 Alan Matsuoka 2008-06-26 14:46:30 UTC
Created attachment 310343 [details]
gimp-2.2.13-postscript-segv.patch

Comment 2 RHEL Program Management 2009-03-26 17:17:12 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 21 errata-xmlrpc 2012-09-07 12:09:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-1242.html