Bug 480775 - Ghostscript ps2pdf gives "buffer overflow detected"
Summary: Ghostscript ps2pdf gives "buffer overflow detected"
Keywords:
Status: CLOSED DUPLICATE of bug 495916
Alias: None
Product: Fedora
Classification: Fedora
Component: ghostscript
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2008-6679
TreeView+ depends on / blocked
 
Reported: 2009-01-20 14:03 UTC by Jeremy Sanders
Modified: 2009-04-15 16:09 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-15 16:09:15 UTC
Type: ---


Attachments (Terms of Use)
Postscript file to demonstrate crash (31.95 KB, application/x-compressed)
2009-01-20 14:03 UTC, Jeremy Sanders
no flags Details

Description Jeremy Sanders 2009-01-20 14:03:51 UTC
Created attachment 329463 [details]
Postscript file to demonstrate crash

Description of problem:

Converting some PS figures to PDF gives:

$ ps2pdf Comparing_revmap_kband_figure.eps                              
** buffer overflow detected ***: gs terminated                                   
======= Backtrace: =========                                                      
/lib64/libc.so.6(__fortify_fail+0x37)[0x340c0ff4c7]                               
/lib64/libc.so.6[0x340c0fd370]                                                    
/lib64/libc.so.6[0x340c0fc6f9]                                                    
/lib64/libc.so.6(_IO_default_xsputn+0x96)[0x340c076636]                           
/lib64/libc.so.6(_IO_vfprintf+0x1c1c)[0x340c04747c]                               
/lib64/libc.so.6(__vsprintf_chk+0x9d)[0x340c0fc79d]                               
/lib64/libc.so.6(__sprintf_chk+0x80)[0x340c0fc6e0]                                
/usr/lib64/libgs.so.8(pdf_base_font_alloc+0x318)[0x363427f9b8]                    
/usr/lib64/libgs.so.8(pdf_font_descriptor_alloc+0x53)[0x3634281e73]               
/usr/lib64/libgs.so.8[0x363428cec4]                                               
/usr/lib64/libgs.so.8[0x363428db26]                                               
/usr/lib64/libgs.so.8(pdf_obtain_font_resource+0xdc)[0x363428e38c]                
/usr/lib64/libgs.so.8[0x363428454c]                                               
/usr/lib64/libgs.so.8(process_composite_text+0x3ce)[0x3634281a4e]                 
/usr/lib64/libgs.so.8[0x363428f2b4]                                               
/usr/lib64/libgs.so.8(op_show_continue_pop+0x24)[0x3634158fd4]                    
/usr/lib64/libgs.so.8[0x36341592a8]                                               
/usr/lib64/libgs.so.8[0x3634138213]                                               
/usr/lib64/libgs.so.8(gs_interpret+0x1ab)[0x36341398eb]                           
/usr/lib64/libgs.so.8(gs_main_run_string_end+0x4a)[0x363412e32a]                  
/usr/lib64/libgs.so.8[0x363412f470]                                               
/usr/lib64/libgs.so.8[0x363412fc17]                                               
/usr/lib64/libgs.so.8(gs_main_init_with_args+0x403)[0x3634131613]                 
gs(main+0x9d)[0x400a3d]                                                           
/lib64/libc.so.6(__libc_start_main+0xe6)[0x340c01e576]                            
gs[0x4008d9]                                                                      


Version-Release number of selected component (if applicable):
ghostscript-8.63-4.fc10.x86_64

How reproducible:
Every time


Steps to Reproduce:
1. Run "ps2pdf Comparing_revmap_kband_figure.eps"
  
Actual results:
Crash

Expected results:
PDF file created


Additional info:

Comment 1 Jeremy Sanders 2009-01-20 14:09:30 UTC
Apologies, I've just found that ghostscript has this in their bug database and it appears as if it is patched:
* http://bugs.ghostscript.com/show_bug.cgi?id=690211
* http://svn.ghostscript.com/viewvc?view=rev&sortby=rev&revision=9304

Comment 2 Tim Waugh 2009-04-15 16:09:15 UTC

*** This bug has been marked as a duplicate of bug 495916 ***


Note You need to log in before you can comment on or make changes to this bug.