Version-Release number of selected component: ghostscript-9.10-5.fc19 Additional info: reporter: libreport-2.2.0 backtrace_rating: 4 cmdline: /usr/bin/gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.3 -dAutoRotatePages=/None -dAutoFilterColorImages=false -dNOPLATFONTS -dPARANOIDSAFER -dNOINTERPOLATE -sstdout=%stderr -dColorImageFilter=/FlateEncode -dPDFSETTINGS=/printer -dUseCIEColor -dColorConversionStrategy=/LeaveColorUnchanged -dDoNumCopies -r600 -dDEVICEWIDTHPOINTS=595 -dDEVICEHEIGHTPOINTS=842 -sOutputFile=- -c .setpdfwrite -f - crash_function: i_free_object executable: /usr/bin/gs kernel: 3.13.7-100.fc19.i686 runlevel: N 5 type: CCpp uid: 4 Truncated backtrace: Thread no. 1 (10 frames) #0 i_free_object at base/gsalloc.c:874 #1 s_Bicubic_release at devices/vector/gdevpsds.c:863 #2 sclose at base/stream.c:434 #3 s_close_filters at base/stream.c:1223 #4 psdf_end_binary at devices/vector/gdevpsdu.c:453 #5 pdf_end_image_binary at devices/vector/gdevpdfj.c:449 #6 pdf_image_end_image_data at devices/vector/gdevpdfi.c:2312 #7 gx_image_end at base/gximage.c:211 #8 gs_image_cleanup at base/gsimage.c:660 #9 gs_image_cleanup_and_free_enum at base/gsimage.c:671
Created attachment 885151 [details] File: backtrace
Created attachment 885152 [details] File: cgroup
Created attachment 885153 [details] File: core_backtrace
Created attachment 885154 [details] File: dso_list
Created attachment 885155 [details] File: environ
Created attachment 885156 [details] File: exploitable
Created attachment 885157 [details] File: limits
Created attachment 885158 [details] File: maps
Created attachment 885159 [details] File: open_fds
Created attachment 885160 [details] File: proc_pid_status
Created attachment 885161 [details] File: var_log_messages
Are you able to attach the input file you were using so I can try to reproduce this crash?
(Please use this form to respond) The crash happened at this time: Apr 10 20:19:11 Could you please attach /var/log/cups/error_log, or perhaps an older date-stamped error_log-* file, whichever covers that time? Thanks.
Do you have "my_v2.ps - my_v2" still? Also, please respond using this bugzilla form rather than sending private email -- I will almost certainly lose it otherwise. :-)
Thanks. I can reproduce the problem. Investigating.
==14433== Invalid write of size 8 ==14433== at 0x4A0A555: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==14433== by 0x4EBB9B8: s_Bicubic_process (string3.h:51) ==14433== by 0x4DC2115: s_process_write_buf (stream.c:902) ==14433== by 0x4DC23A6: spputc (stream.c:488) ==14433== by 0x4DC24B7: sputs (stream.c:584) ==14433== by 0x4EE5104: pdf_image_plane_data_alt (gdevpdfi.c:2138) ==14433== by 0x4EE5220: pdf_image_plane_data (gdevpdfi.c:2168) ==14433== by 0x4FDC047: gs_image_next_planes (gsimage.c:605) ==14433== by 0x4DE9811: image_proc_continue (zimage.c:452) ==14433== by 0x4DB67C2: interp (interp.c:1185) ==14433== by 0x4DB7D58: gs_interpret (interp.c:510) ==14433== by 0x4DAC484: gs_main_run_string_end (imain.c:241) ==14433== Address 0x79f6510 is 352 bytes inside a block of size 59,472 free'd ==14433== at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==14433== by 0x4FC547E: alloc_free_chunk (gsalloc.c:1998) [...] ==14433== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y [...] #2 s_Bicubic_process (st=0x64176d0, pr=0x6418e10, pw=0x6417ef0, last=0) at devices/vector/gdevpsds.c:933 933 memcpy(ss->data + ss->d_len, pr->ptr + 1, copy); (gdb) p ((stream_Bicubic_state*)st)->data $10 = (byte *) 0x79f6418 "" (gdb) p ((stream_Bicubic_state*)st)->d_len $11 = 0 (gdb) p ((stream_Bicubic_state*)st)->d_size $12 = 59364 (gdb) p copy $13 = 256 Nothing seems obviously wrong. Next step is probably to look at allocation traces.
Reported upstream: http://bugs.ghostscript.com/show_bug.cgi?id=695270
Will be fixed by upgrading to 9.14.
ghostscript-9.14-3.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/ghostscript-9.14-3.fc20
ghostscript-9.14-3.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/ghostscript-9.14-3.fc19
Package ghostscript-9.14-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ghostscript-9.14-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-7139/ghostscript-9.14-3.fc20 then log in and leave karma (feedback).
ghostscript-9.14-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
ghostscript-9.14-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.