590914 – evince crash trying open a dvi file with an eps image.

Bug 590914 - evince crash trying open a dvi file with an eps image.

Summary: evince crash trying open a dvi file with an eps image.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ghostscript
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-10 23:34 UTC by scumbag
Modified:	2011-01-14 17:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:	ghostscript-9.00-10.fc15
Clone Of:
Environment:
Last Closed:	2011-01-14 17:41:33 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
A simple DVI that cause the crash. (356 bytes, application/x-dvi) 2010-05-10 23:34 UTC, scumbag	no flags	Details
EPS image that cause the crash (11.91 KB, application/postscript) 2010-08-04 01:57 UTC, scumbag	no flags	Details
Postscript file which causes a fatal internal error (5.71 KB, application/x-gzip) 2010-09-10 04:50 UTC, Joachim Frieben	no flags	Details
Test case for evince-dvi. Tarball with latex source, EPS figure and generated DVI file (17.97 KB, application/x-gzip) 2011-01-10 05:30 UTC, Cong Ma	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Ghostscript	689698	0	None	None	None	Never

Description scumbag 2010-05-10 23:34:28 UTC

Created attachment 413002 [details]
A simple DVI that cause the crash.

Description of problem:
When you try to open a DVI file (created with latex [Texmaker Editor]) that have a linked EPS image, evince crash trying to load/show the image 

Version-Release number of selected component (if applicable):
$rpm -qa | grep evince
evince-libs-2.30.1-2.fc13.i686
evince-2.30.1-2.fc13.i686
evince-dvi-2.30.1-2.fc13.i686

Steps to Reproduce:
1. Install evince and the support for DVI files
$su -c "yum install evince evince-dvi"

2. Open the attached DVI file
$evince test.dvi
  
Actual results:
evince crash with this message:
fatal internal error -100Segmentation fault (core dumped)

and sometime with this:
fatal internal error -100
** (evince:2862): WARNING **: Error rendering PS document /home/scumbag/Documentos/test/img/barcode.eps: render error

Expected results:
Display the document.

Additional info:
The DVI is attached, if you need aditional info please ask for it.

$file img/barcode.eps 
img/barcode.eps: PostScript document text conforming DSC level 2.0, type EPS

Comment 1 Marek Kašík 2010-08-03 12:51:18 UTC

Hi scumbag,

I can not reproduce the problem with the dvi. Could you attach the EPS image too?

Regards

Marek

Comment 2 scumbag 2010-08-04 01:57:45 UTC

Created attachment 436414 [details]
EPS image that cause the crash

Comment 3 scumbag 2010-08-04 01:58:19 UTC

The problem is gone, i can't reproduce the problem anymore, by the way I also include the DVI.

Comment 4 Joachim Frieben 2010-09-10 04:50:49 UTC

Created attachment 446427 [details]
Postscript file which causes a fatal internal error

On a fully updated F14 system including evince-2.31.90-1.fc14, the attached PS file causes a "fatal internal error -100". This happens for -any- PS file that I have tried. The test file has been created by abiword; its PDF counterpart can be displayed without any issue.

Comment 5 Joachim Frieben 2010-09-10 04:57:02 UTC

In fact, the culprit seems to be ghostscript-8.71-15.fc14: 'ghostscript abiword.ps" also fails and returns:

 "GPL Ghostscript 8.71 (2010-02-10)
  Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
  This software comes with NO WARRANTY: see the file PUBLIC for details.
  Fontmap entry for Fontmap.local ends prematurely!  Giving up."

Comment 6 Joachim Frieben 2011-01-09 19:42:46 UTC

Issue is resolved for ghostscript-8.71-16.fc14 which is available for F13, too. Please verify for F13 and close the bug, thanks.

Comment 7 Cong Ma 2011-01-10 05:29:16 UTC

It appears to me that the problem has not been fixed.  I am testing ghostscript-8.71-22.fc14.x86_64 from Koji build system, and evince-dvi still crashes a lot on dvi files generated by latex.  The dvi viewer is evince-2.32.0-3.fc14.x86_64 with evince-dvi.


I created a test case so you can discover whether this causes trouble on your site.  To build the dvi file from the latex source you need REVTeX 4.1.


Although I'm still trying to successfully create a minimal test latex file that does not depend on REVTeX 4.1 (or any specific LaTeX class or package), I don't think that the problem lies with REVTeX alone.  The generated dvi file can be correctly rendered or processed by xdvi and dvips.  Only evince causes lots of crashes.


AFAIK, on my computer (F14 x86_64) there are five (!) results that could arise randomly from viewing the generated dvi file using evince:

1.  The process crashes with a backtrace like this:
fatal internal error -100*** glibc detected *** evince: munmap_chunk(): invalid pointer: 0x00007f3df07359b0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3029a76e26]
/usr/lib64/libgs.so.8(+0x3836a3)[0x7f3df72f56a3]
/usr/lib64/libgs.so.8(gsapi_delete_instance+0x4c)[0x7f3df70aa17c]
/usr/lib64/libspectre.so.1(spectre_gs_cleanup+0x4a)[0x7f3e000f316a]
/usr/lib64/libspectre.so.1(spectre_gs_free+0x13)[0x7f3e000f3183]
/usr/lib64/libspectre.so.1(spectre_device_render+0x36e)[0x7f3e000f3fee]
/usr/lib64/libspectre.so.1(spectre_page_render+0x7a)[0x7f3e000f462a]
/usr/lib64/libspectre.so.1(spectre_document_render_full+0xa9)[0x7f3e000f2c89]
/usr/lib64/evince/3/backends/libdvidocument.so(+0x88c1)[0x7f3e081728c1]
/usr/lib64/evince/3/backends/libdvidocument.so(+0x16ce1)[0x7f3e08180ce1]
/usr/lib64/evince/3/backends/libdvidocument.so(+0x16476)[0x7f3e08180476]
/usr/lib64/evince/3/backends/libdvidocument.so(+0xc421)[0x7f3e08176421]
/usr/lib64/evince/3/backends/libdvidocument.so(+0xefa4)[0x7f3e08178fa4]
/usr/lib64/evince/3/backends/libdvidocument.so(+0x8299)[0x7f3e08172299]
/usr/lib64/libevview.so.3[0x33da419fe8]
/usr/lib64/libevview.so.3[0x33da41aed0]
/lib64/libglib-2.0.so.0[0x302c669446]
/lib64/libpthread.so.0[0x302a606d5b]
/lib64/libc.so.6(clone+0x6d)[0x3029ae4a7d]
======= Memory map: ========
00400000-00460000 r-xp 00000000 fd:01 656287                             /usr/bin/evince
0065f000-0066a000 rw-p 0005f000 fd:01 656287                             /usr/bin/evince
021b6000-024fb000 rw-p 00000000 00:00 0                                  [heap]
3029600000-3029621000 r-xp 00000000 fd:01 524294                         /lib64/ld-2.12.90.so
3029820000-3029821000 r--p 00020000 fd:01 524294                         /lib64/ld-2.12.90.so
3029821000-3029822000 rw-p 00021000 fd:01 524294                         /lib64/ld-2.12.90.so
3029822000-3029823000 rw-p 00000000 00:00 0 
3029a00000-3029b9a000 r-xp 00000000 fd:01 524295                         /lib64/libc-2.12.90.so
3029b9a000-3029d99000 ---p 0019a000 fd:01 524295                         /lib64/libc-2.12.90.so
3029d99000-3029d9d000 r--p 00199000 fd:01 524295                         /lib64/libc-2.12.90.so
3029d9d000-3029d9e000 rw-p 0019d000 fd:01 524295                         /lib64/libc-2.12.90.so
3029d9e000-3029da4000 rw-p 00000000 00:00 0 
3029e00000-3029e84000 r-xp 00000000 fd:01 524535                         /lib64/libm-2.12.90.so
3029e84000-302a083000 ---p 00084000 fd:01 524535                         /lib64/libm-2.12.90.so
302a083000-302a084000 r--p 00083000 fd:01 524535                         /lib64/libm-2.12.90.so
302a084000-302a085000 rw-p 00084000 fd:01 524535                         /lib64/libm-2.12.90.so
302a200000-302a202000 r-xp 00000000 fd:01 524538                         /lib64/libdl-2.12.90.so
302a202000-302a402000 ---p 00002000 fd:01 524538                         /lib64/libdl-2.12.90.so
302a402000-302a403000 r--p 00002000 fd:01 524538                         /lib64/libdl-2.12.90.so
302a403000-302a404000 rw-p 00003000 fd:01 524538                         /lib64/libdl-2.12.90.so
302a600000-302a618000 r-xp 00000000 fd:01 524314                         /lib64/libpthread-2.12.90.so
302a618000-302a817000 ---p 00018000 fd:01 524314                         /lib64/libpthread-2.12.90.so
302a817000-302a818000 r--p 00017000 fd:01 524314                         /lib64/libpthread-2.12.90.so
302a818000-302a819000 rw-p 00018000 fd:01 524314                         /lib64/libpthread-2.12.90.so
302a819000-302a81d000 rw-p 00000000 00:00 0 
302aa00000-302aa15000 r-xp 00000000 fd:01 524536                         /lib64/libgcc_s-4.5.1-20100924.so.1
302aa15000-302ac14000 ---p 00015000 fd:01 524536                         /lib64/libgcc_s-4.5.1-20100924.so.1
302ac14000-302ac15000 rw-p 00014000 fd:01 524536                         /lib64/libgcc_s-4.5.1-20100924.so.1
302ae00000-302af39000 r-xp 00000000 fd:01 671349                         /usr/lib64/libX11.so.6.3.0
302af39000-302b139000 ---p 00139000 fd:01 671349                         /usr/lib64/libX11.so.6.3.0
302b139000-302b13f000 rw-p 00139000 fd:01 671349                         /usr/lib64/libX11.so.6.3.0
302b200000-302b202000 r-xp 00000000 fd:01 658278                         /usr/lib64/libXau.so.6.0.0
302b202000-302b402000 ---p 00002000 fd:01 658278                         /usr/lib64/libXau.so.6.0.0
302b402000-302b403000 rw-p 00002000 fd:01 658278                         /usr/lib64/libXau.so.6.0.0
302b600000-302b607000 r-xp 00000000 fd:01 524315                         /lib64/librt-2.12.90.so
302b607000-302b807000 ---p 00007000 fd:01 524315                         /lib64/librt-2.12.90.so
302b807000-302b808000 r--p 00007000 fd:01 524315                         /lib64/librt-2.12.90.so
302b808000-302b809000 rw-p 00008000 fd:01 524315                         /lib64/librt-2.12.90.so
302ba00000-302ba16000 r-xp 00000000 fd:01 524676                         /lib64/libz.so.1.2.5
302ba16000-302bc16000 ---p 00016000 fd:01 524676                         /lib64/libz.so.1.2.5
302bc16000-302bc17000 rw-p 00016000 fd:01 524676                         /lib64/libz.so.1.2.5
302be00000-302be1b000 r-xp 00000000 fd:01 671331                         /usr/lib64/libxcb.so.1.1.0
302be1b000-302c01a000 ---p 0001b000 fd:01 671331                         /usr/lib64/libxcb.so.1.1.0
302c01a000-302c01b000 rw-p 0001a000 fd:01 671331                         /usr/lib64/libxcb.so.1.1.0
302c200000-302c211000 r-xp 00000000 fd:01 671350                         /usr/lib64/libXext.so.6.4.0
302c211000-302c411000 ---p 00011000 fd:01 671350                         /usr/lib64/libXext.so.6.4.0
302c411000-302c412000 rw-p 00011000 fd:01 671350                         /usr/lib64/libXext.so.6.4.0
302c600000-302c706000 r-xp 00000000 fd:01 524310                         /lib64/libglib-2.0.so.0.2600.0
302c706000-302c905000 ---p 00106000 fd:01 524310                         /lib64/libglib-2.0.so.0.2600.0
302c905000-302c906000 rw-p 00105000 fd:01 524310                         /lib64/libglib-2.0.so.0.2600.0
302c906000-302c907000 rw-p 00000000 00:00 0 
302ca00000-302ca1c000 r-xp 00000000 fd:01 524679                         /lib64/libselinux.so.1
302ca1c000-302cc1c000 ---p 0001c000 fd:01 524679                         /lib64/libselinux.so.1
302cc1c000-302cc1d000 r--p 0001c000 fd:01 524679                         /lib64/libselinux.so.1
302cc1d000-302cc1e000 rw-p 0001d000 fd:01 524679                         /lib64/libselinux.so.1
302cc1e000-302cc1f000 rw-p 00000000 00:00 0 
302ce00000-302ce04000 r-xp 00000000 fd:01 524360                         /lib64/libgthread-2.0.so.0.2600.0
302ce04000-302d003000 ---p 00004000 fd:01 524360                         /lib64/libgthread-2.0.so.0.2600.0
302d003000-302d004000 rw-p 00003000 fd:01 524360                         /lib64/libgthread-2.0.so.0.2600.0
302d200000-302d217000 r-xp 00000000 fd:01 524716                         /lib64/libresolv-2.12.90.so
302d217000-302d417000 ---p 00017000 fd:01 524716                         /lib64/libresolv-2.12.90.so
302d417000-302d418000 r--p 00017000 fd:01 524716                         /lib64/libresolv-2.12.90.so
302d418000-302d419000 rw-p 00018000 fd:01 524716                         /lib64/libresolv-2.12.90.so
302d419000-302d41b000 rw-p 00000000 00:00 0 
302d600000-302d64c000 r-xp 00000000 fd:01 524385                         /lib64/libgobject-2.0.so.0.2600.0
302d64c000-302d84b000 ---p 0004c000 fd:01 524385                         /lib64/libgobject-2.0.so.0.2600.0
302d84b000-302d84d000 rw-p 0004b000 fd:01 524385                         /lib64/libgobject-2.0.so.0.2600.0
302d84d000-302d84e000 rw-p 00000000 00:00 0 
302da00000-302da03000 r-xp 00000000 fd:01 524387                         /lib64/libgmodule-2.0.so.0.2600.0
302da03000-302dc02000 ---p 00003000 fd:01 524387                         /lib64/libgmodule-2.0.so.0.2600.0
302dc02000-302dc03000 rw-p 00002000 fd:01 524387                         /lib64/libgmodule-2.0.so.0.2600.0
302de00000-302de04000 r-xp 00000000 fd:01 524710                         /lib64/libuuid.so.1.3.0
302de04000-302e003000 ---p 00004000 fd:01 524710                         /lib64/libuuid.so.1.3.0
302e003000-302e004000 rw-p 00003000 fd:01 524710                         /lib64/libuuid.so.1.3.0
302e200000-302e30b000 r-xp 00000000 fd:01 524717                         /lib64/libgio-2.0.so.0.2600.0
302e30b000-302e50a000 ---p 0010b000 fd:01 524717                         /lib64/libgio-2.0.so.0.2600.0
302e50a000-302e50f000 rw-p 0010a000 fd:01 524717                         /lib64/libgio-2.0.so.0.2600.0
302e50f000-302e510000 rw-p 00000000 00:00 0 
302e600000-302e626000 r-xp 00000000 fd:01 671355                         /usr/lib64/libpng12.so.0.44.0
302e626000-302e825000 ---p 00026000 fd:01 671355                         /usr/lib64/libpng12.so.0.44.0
302e825000-302e826000 rw-p 00025000 fd:01 671355                         /usr/lib64/libpng12.so.0.44.0
302ea00000-302ea90000 r-xp 00000000 fd:01 659516                         /usr/lib64/libfreetype.so.6.6.0
302ea90000-302ec8f000 ---p 00090000 fd:01 659516                         /usr/lib64/libfreetype.so.6.6.0
302ec8f000-302ec95000 rw-p 0008f000 fd:01 659516                         /usr/lib64/libfreetype.so.6.6.0
302ee00000-302ee09000 r-xp 00000000 fd:01 671351                         /usr/lib64/libXrender.so.1.3.0
302ee09000-302f009000 ---p 00009000 fd:01 671351                         /usr/lib64/libXrender.so.1.3.0
302f009000-302f00a000 rw-p 00009000 fd:01 671351                         /usr/lib64/libXrender.so.1.3.0
302f200000-302f226000 r-xp 00000000 fd:01 524691                         /lib64/libexpat.so.1.5.2
302f226000-302f425000 ---p 00026000 fd:01 524691                         /lib64/libexpat.so.1.5.2
302f425000-302f428000 rw-p 00025000 fd:01 524691                         /lib64/libexpat.so.1.5.2
302f600000-302f634000 r-xp 00000000 fd:01 671344                         /usr/lib64/libfontconfig.so.1.4.4
302f634000-302f834000 ---p 00034000 fd:01 671344                         /usr/lib64/libfontconfig.so.1.4.4
302f834000-302f836000 rw-p 00034000 fd:01 671344                         /usr/lib64/libfontconfig.so.1.4.4
302fa00000-302fa17000 r-xp 00000000 fd:01 671375                         /usr/lib64/libICE.so.6.3.0
302fa17000-302fc17000 ---p 00017000 fd:01 671375                         /usr/lib64/libICE.so.6.3.0
302fc17000-302fc18000 rw-p 00017000 fd:01 671375                         /usr/lib64/libICE.so.6.3.0
302fc18000-302fc1c000 rw-p 00000000 00:00 0 
302fe00000-302fe07000 r-xp 00000000 fd:01 671376                         /usr/lib64/libSM.so.6.0.0
302fe07000-3030007000 ---p 00007000 fd:01 671376                         /usr/lib64/libSM.so.6.0.0
3030007000-3030008000 rw-p 00007000 fd:01 671376                         /usr/lib64/libSM.so.6.0.0
3030200000-3030208000 r-xp 00000000 fd:01 671352                         /usr/lib64/libXrandr.so.2.2.0
3030208000-3030407000 ---p 00008000 fd:01 671352                         /usr/lib64/libXrandr.so.2.2.0
3030407000-3030408000 rw-p 00007000 fd:01 671352                         /usr/lib64/libXrandr.so.2.2.0
3030600000-3030620000 r-xp 00000000 fd:01 671366                         /usr/lib64/libgdk_pixbuf-2.0.so.0.2200.0
3030620000-3030820000 ---p 00020000 fd:01 671366                         /usr/lib64/libgdk_pixbuf-2.0.so.0.2200.0
3030820000-3030821000 rw-p 00020000 fd:01 671366                         /usr/lib64/libgdk_pixbuf-2.0.so.0.2200.0
3030a00000-3030a02000 r-xp 00000000 fd:01 671360                         /usr/lib64/libXinerama.so.1.0.0
3030a02000-3030c01000 ---p 00002000 fd:01 671360                         /usr/lib64/libXinerama.so.1.0.0
3030c01000-3030c02000 rw-p 00001000 fd:01 671360                         /usr/lib64/libXinerama.so.1.0.0
3030e00000-3030e0f000 r-xp 00000000 fd:01 671361                         /usr/lib64/libXi.so.6.1.0
3030e0f000-303100e000 ---p 0000f000 fd:01 671361                         /usr/lib64/libXi.so.6.1.0
303100e000-303100f000 rw-p 0000e000 fd:01 671361                         /usr/lib64/libXi.so.6.1.0
3031a00000-3031a1e000 r-xp 00000000 fd:01 671368                         /usr/lib64/libatk-1.0.so.0.3209.1
3031a1e000-3031c1e000 ---p 0001e000 fd:01 671368                         /usr/lib64/libatk-1.0.so.0.3209.1
3031c1e000-3031c21000 rw-p 0001e000 fd:01 671368                         /usr/lib64/libatk-1.0.so.0.3209.1
3031e00000-3031e2c000 r-xp 00000000 fd:01 671358                         /usr/lib64/libpangoft2-1.0.so.0.2800.1
3031e2c000-303202b000 ---p 0002c000 fd:01 671358                         /usr/lib64/libpangoft2-1.0.so.0.2800.1
303202b000-303202d000 rw-p 0002b000 fd:01 671358                         /usr/lib64/libpangoft2-1.0.so.0.2800.1
3032200000-303225d000 r-xp 00000000 fd:01 671354                         /usr/lib64/libpixman-1.so.0.18.4Aborted

2. The file can be opened, but the program hangs as the file is being scrolled down, and the warning message is:
fatal internal error -100
** (evince:7844): WARNING **: Error rendering PS document /home/cong/tmp/bomb/testdvi/out.eps: render error

3. The file can be opened, but the program crashes as the file is scrolled down, and the warning messaeg is:
fatal internal error -100Segmentation fault

4. The file can be opened, and the program crashes when closing the window.  A backtrace similar to the one found in Case 1 is seen.

5. The file can be opened, but the program hangs with the message:
fatal internal error -100
** (evince:8673): WARNING **: Error rendering PS document /home/cong/tmp/bomb/testdvi/out.eps: render error

*** glibc detected *** evince: corrupted double-linked list: 0x00007f9dfc73afb0 ***


In all cases 2~5, the figure out.eps linked to the dvi file cannot be displayed in the viewer.

Comment 8 Cong Ma 2011-01-10 05:30:32 UTC

Created attachment 472509 [details]
Test case for evince-dvi.  Tarball with latex source, EPS figure and generated DVI file

Comment 9 Joachim Frieben 2011-01-10 08:01:25 UTC

$ evince crash.dvi
fatal internal error -100
** (evince:13615): WARNING **: Error rendering PS document /home/fedora/out.eps: render error

fatal internal error -100
** (evince:13615): WARNING **: Error rendering PS document /home/fedora/out.eps: render error

Correct, I am seeing this, too!

Comment 10 Marek Kašík 2011-01-11 15:05:05 UTC

Hi,

the problem here is that ghostscript calls wrong scan_token() function in psi/imainarg.c:597. It should call its own scan_token() but it calls t1lib's scan_token().
I tried to rename scan_token() and all its calls to scan_gs_token() in ghostscript and it doesn't crash or show the error now (and renders the image correctly).
Maybe the bug http://bugs.ghostscript.com/show_bug.cgi?id=689698 should be reopened :).
I'm reassigning this to ghostscript.

Regards

Marek

Note You need to log in before you can comment on or make changes to this bug.