Bug 742349

Summary: ghostscript 9.04 crashes on certain postscript files
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: ghostscriptAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 15CC: behdad, fonts-bugs, kevin, mkasik, twaugh
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ghostscript-9.04-7.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-16 00:31:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Postscript file that triggers crash - landscape produced by IDL none

Description Orion Poplawski 2011-09-29 19:37:08 UTC 
Created attachment 525633 [details]
Postscript file that triggers crash - landscape produced by IDL

Description of problem:

ghostscript 9.04 crashes on certain postscript files like the attached.  gs 9.02 works fine.

Version-Release number of selected component (if applicable):
9.04-3

How reproducible:
everytime

Steps to Reproduce:
1. gs idl.ps

gdb run:

Can't find (or can't open) font file /usr/share/ghostscript/9.04/Resource/Font/NimbusSanL-Regu.
Can't find (or can't open) font file NimbusSanL-Regu.
Can't find (or can't open) font file /usr/share/ghostscript/9.04/Resource/Font/NimbusSanL-Regu.
Can't find (or can't open) font file NimbusSanL-Regu.
Querying operating system for font files...
Loading NimbusSanL-Regu font from /usr/share/fonts/default/Type1/n019003l.pfb... 2599620 1284189 3455088 1629536 3 done.

Program received signal SIGSEGV, Segmentation fault.
FT_Outline_Decompose (outline=0x14, func_interface=0x6e3ff4, user=0xbfffc8ac)
    at freetype/src/base/ftoutln.c:82
82          for ( n = 0; n < outline->n_contours; n++ )
Missing separate debuginfos, use: debuginfo-install avahi-libs-0.6.30-3.fc15.i686 glibc-2.14-5.i686 gnutls-2.10.5-1.fc15.i686 keyutils-libs-1.2-7.fc15.i686 libgcrypt-1.4.6-1.fc15.i686 libgpg-error-1.9-2.fc15.i686 libtasn1-2.7-2.fc15.i686 libuuid-2.19.1-1.4.fc15.i686 libxcb-1.7-2.fc15.i686 nss-softokn-freebl-3.12.10-4.fc15.i686
(gdb) bt
#0  FT_Outline_Decompose (outline=0x14, func_interface=0x6e3ff4, user=0xbfffc8ac)
    at freetype/src/base/ftoutln.c:82
#1  0x0030648a in get_char_outline (a_server=0x8051900, a_path=0xbfffc8f0) at psi/fapi_ft.c:1373
#2  0x003041d9 in outline_char (i_ctx_p=0x80758a8, I=0x8051900, penum_s=0x820eed4, 
    path=0x8075ea0, close_path=1, import_shift_v=-24) at psi/zfapi.c:1636
#3  0x0030447b in fapi_finish_render_aux (i_ctx_p=0x80758a8, pbfont=0x8103908, I=0x8051900)
    at psi/zfapi.c:1891
#4  0x00304f66 in fapi_finish_render (i_ctx_p=0x80758a8) at psi/zfapi.c:1983
#5  0x0030320b in FAPI_do_char (i_ctx_p=0x80758a8, pbfont=0x8103908, dev=0x80a877c, 
    font_file_path=0x0, bBuildGlyph=0, charstring=0x0) at psi/zfapi.c:2766
#6  0x00303e0b in FAPI_char (i_ctx_p=0x80758a8, bBuildGlyph=0, charstring=0x0)
    at psi/zfapi.c:2790
#7  0x00222674 in interp (pi_ctx_p=0x804a22c, pref=<optimized out>, perror_object=0xbfffdb64)
    at psi/interp.c:1276
#8  0x0022380f in gs_call_interp (perror_object=0xbfffdb64, pexit_code=0xbfffdb6c, 
    user_errors=1, pref=0xbfffdab8, pi_ctx_p=0x804a22c) at psi/interp.c:490
#9  gs_interpret (pi_ctx_p=0x804a22c, pref=0xbfffdab8, user_errors=1, pexit_code=0xbfffdb6c, 
    perror_object=0xbfffdb64) at psi/interp.c:448
#10 0x0021775e in gs_main_interpret (perror_object=0xbfffdb64, pexit_code=0xbfffdb6c, 
    user_errors=1, pref=0xbfffdab8, minst=0x804a1d8) at psi/imain.c:239
#11 gs_main_run_string_end (minst=0x804a1d8, user_errors=1, pexit_code=0xbfffdb6c, 
    perror_object=0xbfffdb64) at psi/imain.c:591
#12 0x00217818 in gs_main_run_string_with_length (minst=0x804a1d8, 
    str=0x8253828 "<69646c2e7073>.runfile", length=22, user_errors=1, pexit_code=0xbfffdb6c, 
    perror_object=0xbfffdb64) at psi/imain.c:549
#13 0x0021786f in gs_main_run_string (minst=0x804a1d8, str=0x8253828 "<69646c2e7073>.runfile", 
    user_errors=1, pexit_code=0xbfffdb6c, perror_object=0xbfffdb64) at psi/imain.c:531
#14 0x00218dc4 in run_string (minst=0x804a1d8, str=<optimized out>, options=3)
    at psi/imainarg.c:822
#15 0x00218f36 in runarg (minst=0x804a1d8, pre=<optimized out>, arg=0x8051a90 "idl.ps", 
    post=0x59ef1e ".runfile", options=3) at psi/imainarg.c:813
#16 0x00219186 in argproc (arg=0xbfffe8e9 "idl.ps", minst=0x804a1d8) at psi/imainarg.c:746
#17 argproc (minst=0x804a1d8, arg=0xbfffe8e9 "idl.ps") at psi/imainarg.c:731
#18 0x0021a7e4 in gs_main_init_with_args (minst=0x804a1d8, argc=2, argv=0xbfffe634)
    at psi/imainarg.c:221
#19 0x0021b89a in gsapi_init_with_args (lib=0x804a118, argc=2, argv=0xbfffe634)
    at psi/iapi.c:172
#20 0x08048715 in main (argc=2, argv=0xbfffe634) at psi/dxmainc.c:84
(gdb) print outline
$1 = (FT_Outline *) 0x14
(gdb) print *outline
Cannot access memory at address 0x14
(gdb) up
#1  0x0030648a in get_char_outline (a_server=0x8051900, a_path=0xbfffc8f0) at psi/fapi_ft.c:1373
1373        ft_error = FT_Outline_Decompose(&s->outline_glyph->outline, &TheFtOutlineFuncs, &p);
(gdb) print s->outline_glyph
$2 = (FT_OutlineGlyph) 0x0
(gdb) print s
$3 = (FF_server *) 0x8051900
(gdb) print *s
$4 = {fapi_server = {ig = {d = 0x6e3fe8}, frac_shift = 16, face = {font_id = 799, ctm = {
        xx = 0, xy = 1.60126217e-06, yx = 1.60126217e-06, yy = 0, tx = 434, ty = 223}, 
      log2_scale = {x = 0, y = 0}, align_to_pixels = 0, HWResolution = {96.0756531, 
        96.0756531}}, ff = {server_font_data = 0x0, need_decrypt = 0, memory = 0x0, 
      font_file_path = 0x0, subfont = 0, is_type1 = 0, is_cid = 0, is_outline_font = 0, 
      is_mtx_skipped = 0, is_vertical = 0, client_ctx_p = 0x0, client_font_data = 0x0, 
      client_font_data2 = 0x0, char_data = 0x809dd02, char_data_len = 3, 
      get_word = 0x2fd6c0 <FAPI_FF_get_word>, get_long = 0x305780 <FAPI_FF_get_long>, 
      get_float = 0x2fcff0 <FAPI_FF_get_float>, get_name = 0x2fe1b0 <FAPI_FF_get_name>, 
      get_proc = 0x2fd4f0 <FAPI_FF_get_proc>, get_gsubr = 0x2fdfe0 <FAPI_FF_get_gsubr>, 
      get_subr = 0x2fdf00 <FAPI_FF_get_subr>, get_raw_subr = 0x2fe0c0 <FAPI_FF_get_raw_subr>, 
      get_glyph = 0x2ff250 <FAPI_FF_get_glyph>, 
      serialize_tt_font = 0x305700 <FAPI_FF_serialize_tt_font>, 
      get_charstring = 0x2fe3c0 <FAPI_FF_get_charstring>, 
      get_charstring_name = 0x2fe2e0 <FAPI_FF_get_charstring_name>}, max_bitmap = 0, 
    skip_glyph = 1, use_outline = 1, initial_FontMatrix = {xx = 0.00100000005, xy = 0, yx = 0, 
      yy = 0.00100000005, tx = 0, ty = 0}, ensure_open = 0x307b20 <ensure_open>, 
    get_scaled_font = 0x306e70 <get_scaled_font>, get_decodingID = 0x305d70 <get_decodingID>, 
    get_font_bbox = 0x305d90 <get_font_bbox>, 
    get_font_proportional_feature = 0x305dc0 <get_font_proportional_feature>, 
    can_retrieve_char_by_name = 0x306d60 <can_retrieve_char_by_name>, 
    can_replace_metrics = 0x305dd0 <can_replace_metrics>, 
    get_fontmatrix = 0x305de0 <get_fontmatrix>, get_char_width = 0x306c40 <get_char_width>, 
    get_char_raster_metrics = 0x306bf0 <get_char_raster_metrics>, 
    get_char_raster = 0x305e10 <get_char_raster>, 
    get_char_outline_metrics = 0x306ba0 <get_char_outline_metrics>, 
    get_char_outline = 0x306420 <get_char_outline>, 
    release_char_data = 0x306360 <release_char_data>, 
    release_typeface = 0x3062b0 <release_typeface>, 
    check_cmap_for_GID = 0x306260 <check_cmap_for_GID>}, freetype_library = 0x81f5630, 
  outline_glyph = 0x0, bitmap_glyph = 0x0, mem = 0x804a038, ftmemory = 0x8187658}
(gdb) print a_server
$5 = (FAPI_server *) 0x8051900
(gdb) print *a_server
$6 = {ig = {d = 0x6e3fe8}, frac_shift = 16, face = {font_id = 799, ctm = {xx = 0, 
      xy = 1.60126217e-06, yx = 1.60126217e-06, yy = 0, tx = 434, ty = 223}, log2_scale = {
      x = 0, y = 0}, align_to_pixels = 0, HWResolution = {96.0756531, 96.0756531}}, ff = {
    server_font_data = 0x0, need_decrypt = 0, memory = 0x0, font_file_path = 0x0, subfont = 0, 
    is_type1 = 0, is_cid = 0, is_outline_font = 0, is_mtx_skipped = 0, is_vertical = 0, 
    client_ctx_p = 0x0, client_font_data = 0x0, client_font_data2 = 0x0, char_data = 0x809dd02, 
    char_data_len = 3, get_word = 0x2fd6c0 <FAPI_FF_get_word>, 
    get_long = 0x305780 <FAPI_FF_get_long>, get_float = 0x2fcff0 <FAPI_FF_get_float>, 
    get_name = 0x2fe1b0 <FAPI_FF_get_name>, get_proc = 0x2fd4f0 <FAPI_FF_get_proc>, 
    get_gsubr = 0x2fdfe0 <FAPI_FF_get_gsubr>, get_subr = 0x2fdf00 <FAPI_FF_get_subr>, 
    get_raw_subr = 0x2fe0c0 <FAPI_FF_get_raw_subr>, get_glyph = 0x2ff250 <FAPI_FF_get_glyph>, 
    serialize_tt_font = 0x305700 <FAPI_FF_serialize_tt_font>, 
    get_charstring = 0x2fe3c0 <FAPI_FF_get_charstring>, 
    get_charstring_name = 0x2fe2e0 <FAPI_FF_get_charstring_name>}, max_bitmap = 0, 
  skip_glyph = 1, use_outline = 1, initial_FontMatrix = {xx = 0.00100000005, xy = 0, yx = 0, 
    yy = 0.00100000005, tx = 0, ty = 0}, ensure_open = 0x307b20 <ensure_open>, 
  get_scaled_font = 0x306e70 <get_scaled_font>, get_decodingID = 0x305d70 <get_decodingID>, 
  get_font_bbox = 0x305d90 <get_font_bbox>, 
  get_font_proportional_feature = 0x305dc0 <get_font_proportional_feature>, 
  can_retrieve_char_by_name = 0x306d60 <can_retrieve_char_by_name>, 
  can_replace_metrics = 0x305dd0 <can_replace_metrics>, 
  get_fontmatrix = 0x305de0 <get_fontmatrix>, get_char_width = 0x306c40 <get_char_width>, 
  get_char_raster_metrics = 0x306bf0 <get_char_raster_metrics>, 
  get_char_raster = 0x305e10 <get_char_raster>, 
  get_char_outline_metrics = 0x306ba0 <get_char_outline_metrics>, 
  get_char_outline = 0x306420 <get_char_outline>, 
  release_char_data = 0x306360 <release_char_data>, 
  release_typeface = 0x3062b0 <release_typeface>, 
  check_cmap_for_GID = 0x306260 <check_cmap_for_GID>}
(gdb) print *a_server->outline_glyph
There is no member named outline_glyph.
Comment 1 Orion Poplawski 2011-09-29 19:38:56 UTC 
Note that with 9.02 this line is different:

Loading NimbusSanL-Regu font from /usr/share/fonts/default/Type1/n019003l.pfb... 2607364 1268057 3436356 1626469 3 done.
Comment 2 Orion Poplawski 2011-09-29 19:39:37 UTC 
And there is:
GPL Ghostscript 9.02: Warning: the Xfonts feature is deprecated and will be removed in a future release.
Comment 3 Orion Poplawski 2011-10-28 21:26:03 UTC 
Assigning to freetype since it seems freetype related and perhaps the maintainer could shed some insight.
Comment 4 Orion Poplawski 2011-10-29 16:45:34 UTC 
Upstream says they have a fix (see upstream bug for more)

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d8089a
Comment 5 Fedora Update System 2011-11-02 13:14:56 UTC 
ghostscript-9.04-5.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/ghostscript-9.04-5.fc16
Comment 6 Fedora Update System 2011-11-02 13:15:33 UTC 
ghostscript-9.04-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ghostscript-9.04-5.fc15
Comment 7 Fedora Update System 2011-11-02 17:55:20 UTC 
Package ghostscript-9.04-5.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-5.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-15279
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2011-11-16 00:31:29 UTC 
ghostscript-9.04-7.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-05-13 01:52:31 UTC 
ghostscript-9.04-7.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.