abrt 1.1.0 detected a crash. architecture: i686 Attached file: backtrace cmdline: gs -sDEVICE=png16m -sOutputFile=- -dSAFER -dPARANOIDSAFER -dNOPAUSE -dFirstPage=1 -dLastPage=1 -q - /home/fm/Ausgabe.pdf -c showpage -c quit comment: I can send the Ausgabe file mail if it is needed. component: ghostscript crash_function: __memcpy_ssse3 executable: /usr/bin/gs global_uuid: cad66e74a38f88d052889e8c7ace1b0db0f4090e kernel: 2.6.33.3-72.fc13.i686.PAE package: ghostscript-8.71-9.fc13 rating: 4 reason: Process /usr/bin/gs was killed by signal 11 (SIGSEGV) release: Fedora release 13 (Goddard) How to reproduce ----- 1. call gs -sDEVICE=png16m -sOutputFile=- -dSAFER -dPARANOIDSAFER -dNOPAUSE -dFirstPage=1 ~/Ausgabe.pdf
Created attachment 412005 [details] File: backtrace
(In reply to comment #0) > comment: I can send the Ausgabe file mail if it is needed. Yes please.
I have sent the pdf to Tim Waugh.
Tim can you reproduce it? It sill happens for me. The pdf was generated by Chrome as far as I remember. Nautilus successfully creates a preview.
Yes, happens for me too. Sorry, I haven't had a chance to take a proper look at this yet.
this can still be reproduced with current F14. ghostscript-8.71-10.fc14.i686
Changing version back to 13 (i.e. earliest affected version).
This is the traceback: $ gdb --args gs -sOutputFile=/dev/null -dSAFER -dPARANOIDSAFER -dNOPAUSE -sDEVICE=png16m Ausgabe.pdf ... Starting program: /usr/bin/gs -sOutputFile=/dev/null -dSAFER -dPARANOIDSAFER -dNOPAUSE -sDEVICE=png16m Ausgabe.pdf ... GPL Ghostscript 8.70 (2009-07-31) Copyright (C) 2009 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 1. Page 1 Program received signal SIGSEGV, Segmentation fault. memcpy () at ../sysdeps/x86_64/memcpy.S:161 161 movzbl (%rsi), %eax #0 memcpy () at ../sysdeps/x86_64/memcpy.S:161 #1 0x00000031f892cef5 in tile_rect_trans_simple (xmin=<value optimized out>, ymin=<value optimized out>, xmax=461, ymax=274, px=<value optimized out>, py=<value optimized out>, ptile=0x651478, fill_trans_buffer=0xef7dc0) from /usr/lib64/libgs.so.8 #2 0x00000031f892d539 in tile_by_steps_trans (xmin=0, ymin=0, xmax=461, ymax=274, ptile=0x651478, fill_trans_buffer=0xef7dc0, phase=<value optimized out>) at base/gxp1fill.c:551 #3 gx_trans_pattern_fill_rect (xmin=0, ymin=0, xmax=461, ymax=274, ptile=0x651478, fill_trans_buffer=0xef7dc0, phase=<value optimized out>) at base/gxp1fill.c:802 #4 0x00000031f89bdcfc in pdf14_tile_pattern_fill (dev=0x8339f8, pis=<value optimized out>, ppath=0x646ce0, params=0x7fffffffc750, pdcolor=0x80d2d0, pcpath=<value optimized out>) at base/gdevp14.c:1687 #5 pdf14_fill_path (dev=0x8339f8, pis=<value optimized out>, ppath=0x646ce0, params=0x7fffffffc750, pdcolor=0x80d2d0, pcpath=<value optimized out>) at base/gdevp14.c:1478 #6 0x00000031f8ba1076 in gx_fill_path (ppath=0x646ce0, pdevc=0x80d2d0, pgs=0x629828, rule=-1, adjust_x=76, adjust_y=<value optimized out>) at base/gxpaint.c:48 #7 0x00000031f8b6b051 in fill_with_rule (pgs=0x629828, rule=-1) at base/gspaint.c:310 #8 0x00000031f893b7ae in interp (pi_ctx_p=0x604368, pref=<value optimized out>, perror_object=0x7fffffffd660) at psi/interp.c:1275 #9 0x00000031f893c6cb in gs_call_interp (pi_ctx_p=0x604368, pref=<value optimized out>, user_errors=1, pexit_code=0x7fffffffd67c, perror_object=0x7fffffffd660) at psi/interp.c:496 #10 gs_interpret (pi_ctx_p=0x604368, pref=<value optimized out>, user_errors=1, pexit_code=0x7fffffffd67c, perror_object=0x7fffffffd660) at psi/interp.c:454 #11 0x00000031f89310d5 in gs_main_interpret (minst=<value optimized out>, user_errors=<value optimized out>, pexit_code=<value optimized out>, perror_object=<value optimized out>) at psi/imain.c:214 #12 gs_main_run_string_end (minst=<value optimized out>, user_errors=<value optimized out>, pexit_code=<value optimized out>, perror_object=<value optimized out>) at psi/imain.c:526 #13 0x00000031f89322ee in run_string (minst=0x6042d0, str=<value optimized out>, options=3) at psi/imainarg.c:797 #14 0x00000031f8932b0a in runarg (minst=0x6042d0, pre=0x31f8c044bd "", arg=<value optimized out>, post=0x31f8bcfe01 ".runfile", options=3) at psi/imainarg.c:788 #15 0x00000031f89344b4 in gs_main_init_with_args (minst=0x6042d0, argc=<value optimized out>, argv=<value optimized out>) at psi/imainarg.c:207 #16 0x0000000000400a34 in main (argc=7, argv=0x7fffffffe258) at psi/dxmainc.c:84
Created attachment 442654 [details] ghostscript-transbytes-null.patch The attached patch avoids the segfault but gives a stack trace: Error: /rangecheck in --run-- Operand stack: --dict:7/16(L)-- 18.0 774.0 140 1 12 6 12 0.0 Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1862 1 3 %oparray_pop 1861 1 3 %oparray_pop 1845 1 3 %oparray_pop --nostringval-- --nostringval-- 2 1 1 --nostringval-- %for_pos_int_continue --nostringval-- --nostringval-- false 1 %stopped_push --nostringval-- --nostringval-- Dictionary stack: --dict:1151/1684(ro)(G)-- --dict:1/20(G)-- --dict:75/200(L)-- --dict:75/200(L)-- --dict:106/127(ro)(G)-- --dict:285/300(ro)(G)-- --dict:22/25(L)-- --dict:4/6(L)-- --dict:21/40(L)-- --dict:1/1(ro)(G)-- --dict:5/5(L)-- --dict:6/15(L)-- --dict:1/1(ro)(G)-- Current allocation mode is local GPL Ghostscript 8.70: Unrecoverable error, exit code 1
Reported upstream. Is there any chance you could make this PDF public? Have you come across any other PDF that has also failed in the same way?
Created attachment 442682 [details] is this the same crash I have found another file which crashes gs. Is this the same crash?
This one doesn't crash for me. Which version-release of ghostscript crashes for you?
I will not have access to my machine until monday. It is running current F14 with update-testing. You may publish the private PDF I sent you when opening this report.
I can't reproduce the bug with ghostscript-9.00 so it's a candidate for bisecting to find the fix.
Oh, I tested the wrong file. I *can* still reproduce the problem in 9.00. Felix, could you please re-send the file if you still have it? I want to double-check I'm testing the right one. Thanks.
Never mind, I tracked down the original email, and I *was* testing the right one.
This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This bug is still present in F15. $ rpm -qf /usr/bin/gs ghostscript-9.02-1.fc15.i686
Apparently fixed upstream.
ghostscript-9.04-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/ghostscript-9.04-1.fc15
Package ghostscript-9.04-1.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-1.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/ghostscript-9.04-1.fc15 then log in and leave karma (feedback).
Package ghostscript-9.04-2.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-2.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/ghostscript-9.04-2.fc15 then log in and leave karma (feedback).
Package ghostscript-9.04-3.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-3.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/ghostscript-9.04-3.fc15 then log in and leave karma (feedback).
I can confirm the update fixing this issue. Thanks for your work Tim!
(Fixing status...)
ghostscript-9.04-3.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.