Bug 589569 - [abrt] crash in ghostscript-8.71-9.fc13: __memcpy_ssse3: Process /usr/bin/gs was killed by signal 11 (SIGSEGV)
[abrt] crash in ghostscript-8.71-9.fc13: __memcpy_ssse3: Process /usr/bin/gs ...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: ghostscript (Show other bugs)
15
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Tim Waugh
Fedora Extras Quality Assurance
abrt_hash:cad66e74a38f88d052889e8c7ac...
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-06 09:09 EDT by Felix Möller
Modified: 2011-09-26 19:28 EDT (History)
1 user (show)

See Also:
Fixed In Version: ghostscript-9.04-3.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-26 19:28:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (69.71 KB, text/plain)
2010-05-06 09:09 EDT, Felix Möller
no flags Details
ghostscript-transbytes-null.patch (733 bytes, patch)
2010-09-02 11:29 EDT, Tim Waugh
no flags Details | Diff
is this the same crash (71.28 KB, application/pdf)
2010-09-02 13:37 EDT, Felix Möller
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Ghostscript 691590 None None None Never

  None (edit)
Description Felix Möller 2010-05-06 09:09:01 EDT
abrt 1.1.0 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: gs -sDEVICE=png16m -sOutputFile=- -dSAFER -dPARANOIDSAFER -dNOPAUSE -dFirstPage=1 -dLastPage=1 -q - /home/fm/Ausgabe.pdf -c showpage -c quit
comment: I can send the Ausgabe file mail if it is needed.
component: ghostscript
crash_function: __memcpy_ssse3
executable: /usr/bin/gs
global_uuid: cad66e74a38f88d052889e8c7ace1b0db0f4090e
kernel: 2.6.33.3-72.fc13.i686.PAE
package: ghostscript-8.71-9.fc13
rating: 4
reason: Process /usr/bin/gs was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

How to reproduce
-----
1. call gs -sDEVICE=png16m -sOutputFile=- -dSAFER -dPARANOIDSAFER -dNOPAUSE -dFirstPage=1 ~/Ausgabe.pdf
Comment 1 Felix Möller 2010-05-06 09:09:04 EDT
Created attachment 412005 [details]
File: backtrace
Comment 2 Tim Waugh 2010-05-06 09:22:24 EDT
(In reply to comment #0)
> comment: I can send the Ausgabe file mail if it is needed.

Yes please.
Comment 3 Felix Möller 2010-05-06 09:38:33 EDT
I have sent the pdf to Tim Waugh.
Comment 4 Felix Möller 2010-05-18 08:53:05 EDT
Tim can you reproduce it? It sill happens for me. 

The pdf was generated by Chrome as far as I remember.

Nautilus successfully creates a preview.
Comment 5 Tim Waugh 2010-05-18 11:39:30 EDT
Yes, happens for me too.  Sorry, I haven't had a chance to take a proper look at this yet.
Comment 6 Felix Möller 2010-07-28 10:52:32 EDT
this can still be reproduced with current F14. 

ghostscript-8.71-10.fc14.i686
Comment 7 Tim Waugh 2010-08-02 11:17:28 EDT
Changing version back to 13 (i.e. earliest affected version).
Comment 8 Tim Waugh 2010-09-02 10:45:35 EDT
This is the traceback:

$ gdb --args gs -sOutputFile=/dev/null -dSAFER -dPARANOIDSAFER -dNOPAUSE -sDEVICE=png16m Ausgabe.pdf 
...
Starting program: /usr/bin/gs -sOutputFile=/dev/null -dSAFER -dPARANOIDSAFER -dNOPAUSE -sDEVICE=png16m Ausgabe.pdf
...
GPL Ghostscript 8.70 (2009-07-31)
Copyright (C) 2009 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Processing pages 1 through 1.
Page 1

Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/x86_64/memcpy.S:161
161		movzbl	(%rsi), %eax
#0  memcpy () at ../sysdeps/x86_64/memcpy.S:161
#1  0x00000031f892cef5 in tile_rect_trans_simple (xmin=<value optimized out>, 
    ymin=<value optimized out>, xmax=461, ymax=274, px=<value optimized out>, 
    py=<value optimized out>, ptile=0x651478, fill_trans_buffer=0xef7dc0)
   from /usr/lib64/libgs.so.8
#2  0x00000031f892d539 in tile_by_steps_trans (xmin=0, ymin=0, xmax=461, 
    ymax=274, ptile=0x651478, fill_trans_buffer=0xef7dc0, 
    phase=<value optimized out>) at base/gxp1fill.c:551
#3  gx_trans_pattern_fill_rect (xmin=0, ymin=0, xmax=461, ymax=274, 
    ptile=0x651478, fill_trans_buffer=0xef7dc0, phase=<value optimized out>)
    at base/gxp1fill.c:802
#4  0x00000031f89bdcfc in pdf14_tile_pattern_fill (dev=0x8339f8, 
    pis=<value optimized out>, ppath=0x646ce0, params=0x7fffffffc750, 
    pdcolor=0x80d2d0, pcpath=<value optimized out>) at base/gdevp14.c:1687
#5  pdf14_fill_path (dev=0x8339f8, pis=<value optimized out>, ppath=0x646ce0, 
    params=0x7fffffffc750, pdcolor=0x80d2d0, pcpath=<value optimized out>)
    at base/gdevp14.c:1478
#6  0x00000031f8ba1076 in gx_fill_path (ppath=0x646ce0, pdevc=0x80d2d0, 
    pgs=0x629828, rule=-1, adjust_x=76, adjust_y=<value optimized out>)
    at base/gxpaint.c:48
#7  0x00000031f8b6b051 in fill_with_rule (pgs=0x629828, rule=-1)
    at base/gspaint.c:310
#8  0x00000031f893b7ae in interp (pi_ctx_p=0x604368, 
    pref=<value optimized out>, perror_object=0x7fffffffd660)
    at psi/interp.c:1275
#9  0x00000031f893c6cb in gs_call_interp (pi_ctx_p=0x604368, 
    pref=<value optimized out>, user_errors=1, pexit_code=0x7fffffffd67c, 
    perror_object=0x7fffffffd660) at psi/interp.c:496
#10 gs_interpret (pi_ctx_p=0x604368, pref=<value optimized out>, 
    user_errors=1, pexit_code=0x7fffffffd67c, perror_object=0x7fffffffd660)
    at psi/interp.c:454
#11 0x00000031f89310d5 in gs_main_interpret (minst=<value optimized out>, 
    user_errors=<value optimized out>, pexit_code=<value optimized out>, 
    perror_object=<value optimized out>) at psi/imain.c:214
#12 gs_main_run_string_end (minst=<value optimized out>, 
    user_errors=<value optimized out>, pexit_code=<value optimized out>, 
    perror_object=<value optimized out>) at psi/imain.c:526
#13 0x00000031f89322ee in run_string (minst=0x6042d0, 
    str=<value optimized out>, options=3) at psi/imainarg.c:797
#14 0x00000031f8932b0a in runarg (minst=0x6042d0, pre=0x31f8c044bd "", 
    arg=<value optimized out>, post=0x31f8bcfe01 ".runfile", options=3)
    at psi/imainarg.c:788
#15 0x00000031f89344b4 in gs_main_init_with_args (minst=0x6042d0, 
    argc=<value optimized out>, argv=<value optimized out>)
    at psi/imainarg.c:207
#16 0x0000000000400a34 in main (argc=7, argv=0x7fffffffe258)
    at psi/dxmainc.c:84
Comment 9 Tim Waugh 2010-09-02 11:29:49 EDT
Created attachment 442654 [details]
ghostscript-transbytes-null.patch

The attached patch avoids the segfault but gives a stack trace:

Error: /rangecheck in --run--
Operand stack:
   --dict:7/16(L)--   18.0   774.0   140   1   12   6   12   0.0
Execution stack:
   %interp_exit   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --nostringval--   --nostringval--   false   1   %stopped_push   1862   1   3   %oparray_pop   1861   1   3   %oparray_pop   1845   1   3   %oparray_pop   --nostringval--   --nostringval--   2   1   1   --nostringval--   %for_pos_int_continue   --nostringval--   --nostringval--   false   1   %stopped_push   --nostringval--   --nostringval--
Dictionary stack:
   --dict:1151/1684(ro)(G)--   --dict:1/20(G)--   --dict:75/200(L)--   --dict:75/200(L)--   --dict:106/127(ro)(G)--   --dict:285/300(ro)(G)--   --dict:22/25(L)--   --dict:4/6(L)--   --dict:21/40(L)--   --dict:1/1(ro)(G)--   --dict:5/5(L)--   --dict:6/15(L)--   --dict:1/1(ro)(G)--
Current allocation mode is local
GPL Ghostscript 8.70: Unrecoverable error, exit code 1
Comment 10 Tim Waugh 2010-09-02 11:35:33 EDT
Reported upstream.

Is there any chance you could make this PDF public?  Have you come across any other PDF that has also failed in the same way?
Comment 11 Felix Möller 2010-09-02 13:37:19 EDT
Created attachment 442682 [details]
is this the same crash

I have found another file which crashes gs. Is this the same crash?
Comment 12 Tim Waugh 2010-09-03 04:35:04 EDT
This one doesn't crash for me.  Which version-release of ghostscript crashes for you?
Comment 13 Felix Möller 2010-09-03 09:09:29 EDT
I will not have access to my machine until monday. It is running current F14 with update-testing.

You may publish the private PDF I sent you when opening this report.
Comment 14 Tim Waugh 2010-09-24 11:57:33 EDT
I can't reproduce the bug with ghostscript-9.00 so it's a candidate for bisecting to find the fix.
Comment 15 Tim Waugh 2010-10-01 11:07:29 EDT
Oh, I tested the wrong file.  I *can* still reproduce the problem in 9.00.

Felix, could you please re-send the file if you still have it?  I want to double-check I'm testing the right one.  Thanks.
Comment 16 Tim Waugh 2010-10-21 09:40:48 EDT
Never mind, I tracked down the original email, and I *was* testing the right one.
Comment 17 Bug Zapper 2011-06-02 10:25:32 EDT
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 18 Felix Möller 2011-06-06 12:39:28 EDT
This bug is still present in F15. 

$ rpm -qf /usr/bin/gs
ghostscript-9.02-1.fc15.i686
Comment 19 Tim Waugh 2011-07-11 04:58:28 EDT
Apparently fixed upstream.
Comment 20 Fedora Update System 2011-08-11 12:25:11 EDT
ghostscript-9.04-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ghostscript-9.04-1.fc15
Comment 21 Fedora Update System 2011-08-12 06:58:52 EDT
Package ghostscript-9.04-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-1.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/ghostscript-9.04-1.fc15
then log in and leave karma (feedback).
Comment 22 Fedora Update System 2011-08-16 21:12:58 EDT
Package ghostscript-9.04-2.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-2.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/ghostscript-9.04-2.fc15
then log in and leave karma (feedback).
Comment 23 Fedora Update System 2011-08-23 00:25:21 EDT
Package ghostscript-9.04-3.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-3.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/ghostscript-9.04-3.fc15
then log in and leave karma (feedback).
Comment 24 Felix Möller 2011-09-10 09:49:24 EDT
I can confirm the update fixing this issue. Thanks for your work Tim!
Comment 25 Tim Waugh 2011-09-12 06:58:01 EDT
(Fixing status...)
Comment 26 Fedora Update System 2011-09-26 19:27:56 EDT
ghostscript-9.04-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.