$ rpm -q ghostscript ghostscript-6.51-16.3 $ pdf2ps plop.pdf Segmentation fault (core dumped) And the backtrace: (gdb) bt #0 0x080d8d63 in igc_reloc_struct_ptr () #1 0x081da39b in basic_reloc_ptrs () #2 0x080d8d12 in gc_do_reloc () #3 0x080d7cf1 in gs_gc_reclaim () #4 0x080f455a in context_reclaim () #5 0x080bbea0 in gs_vmreclaim () #6 0x080bbd5b in ireclaim () #7 0x080b800e in interp_reclaim () #8 0x080ba0a1 in interp () #9 0x080b8178 in gs_call_interp () #10 0x080b807e in gs_interpret () #11 0x080b1dd7 in gs_main_run_string_end () #12 0x080b1c4e in gs_main_run_string () #13 0x080b3992 in run_string () #14 0x080b36f8 in argproc () #15 0x080b275c in gs_main_init_with_args () #16 0x0806e311 in main () Test file attached below.
Confirmed. #0 igc_reloc_struct_ptr (obj=0x913cea0, gcst=0xfee67220) at ./src/igc.c:1256 #1 0x081c581f in basic_reloc_ptrs (vptr=0x9212054, size=132, pstype=0x81fb700, gcst=0xfee67220) at ./src/gsmemory.c:311 #2 0x080d0445 in gc_do_reloc (cp=0xf3f6c0, mem=0xf3f6c0, pstate=0xfee67220) at ./src/igc.c:1209 #3 0x080d1929 in gs_gc_reclaim (pspaces=0xfee67220, global=0) at ./src/igc.c:432 #4 0x080eb1a6 in context_reclaim (pspaces=0x8f2f8f8, global=0) at ./src/zcontext.c:289 #5 0x080b72b7 in ireclaim (dmem=0x8f2f8f4, space=15988416) at ./src/ireclaim.c:155 #6 0x080b395f in interp_reclaim (pi_ctx_p=0x8376358, space=-1) at ./src/interp.c:420 #7 0x080b58de in gs_interpret (pi_ctx_p=0x8376358, pref=0xf3f6c0, user_errors=1, pexit_code=0xfee6799c, perror_object=0xfee679a0) at ./src/interp.c:1640 #8 0x080adbda in gs_main_run_string_end (minst=0x8376300, user_errors=1, pexit_code=0xfee6799c, perror_object=0xfee679a0) at ./src/imain.c:486 #9 0x080adc7d in gs_main_run_string (minst=0x8376300, str=0x8f52110 "<2f746d702f74696d2f706c6f702e706466>.runfile", user_errors=1, pexit_code=0xfee6799c, perror_object=0xfee679a0) at ./src/imain.c:426 #10 0x080ae179 in run_string (minst=0x8376300, str=0xf3f6c0 <Address 0xf3f6c0 out of bounds>, options=3) at ./src/imainarg.c:701 #11 0x080ae445 in argproc (minst=0x8376300, arg=0xfef34573 "/tmp/tim/plop.pdf") at ./src/imainarg.c:631 #12 0x080af91b in gs_main_init_with_args (minst=0x8376300, argc=12, argv=0xfee687b4) at ./src/imainarg.c:201 #13 0x0806e27b in main (argc=12, argv=0xfee687b4) at ./src/gs.c:45 (gdb) info locals pfree = (const obj_header_t *) 0xf3f6c0 chead = (const chunk_head_t *) 0xf3f6c0 back = 15988416 robj = (const void *) 0xf3f6c0 (gdb) p *pfree Cannot access memory at address 0xf3f6c0 (gdb) p *(const obj_header_t*) obj $8 = {d = {o = {f = {h = {alone = 0}, m = {_ = 0, smark = 68148096}, b = { _ = 0, back = 68148096}}, size = 134805104, t = {type = 0x808f6f0, reloc = 134805232}}, _pad = "\000�\037\bp�\b\b��\b\b"}}
None of the source files in the stack trace have any code changes between 6.51 and 6.53.
Compiling with -DDEBUG and setting gs_debug['6']=1 in main() reveals this message immediately before the segfault: GNU Ghostscript 6.51: ./src/igc.c(1248): Invalid back pointer 68250272 at 0x9689320!
Looks like the 7.3 package (rebuilt) handles this fine. It's 6.52-based. Investigating.
Created attachment 109071 [details] ghostscript-6.52-fixes.patch This appears to fix it.
Hang on a minute. This is a RHEL2.1 bug -- how is it on the RHEL3 U5 tracker?
Someone needs to let me know where this is supposed to be built.
RHBA-2005:063
The patch causes a regression on ia64, which is also seen in 6.52. A fix for this would be too invasive to include at this point (U7 onward).
Packages for x86 AS 2.1 uploaded as they actually fix this particular problem: http://people.redhat.com/bnocera/ghostscript-as2.1/