Bug 668436 - segfault in wts_draw
Summary: segfault in wts_draw
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: ghostscript
Version: 15
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-10 14:23 UTC by Rick Richardson
Modified: 2011-11-02 15:04 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-11-02 15:04:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Document-1.ps (149.78 KB, application/postscript)
2011-01-10 14:24 UTC, Rick Richardson 		no flags Details
icc.usecie.ps (457 bytes, application/postscript)
2011-01-10 14:25 UTC, Rick Richardson 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Ghostscript 692654 0 None None None Never

Description Rick Richardson 2011-01-10 14:23:03 UTC 
Segfault in wts_draw.

Command line:
gs -sPAPERSIZE=letter -g10200x6600 -r1200x600 -sDEVICE=bitcmyk \
    -dCOLORSCREEN -dMaxBitmap=500000000 -sOutputFile=xxx.bitcmyk \
    icc.usecie.ps Document-1.ps

$ gdb /usr/bin/gs
GNU gdb (GDB) Fedora (7.1-34.fc13)
(gdb) r -sPAPERSIZE=letter -g10200x6600 -r1200x600 -sDEVICE=bitcmyk \
    -dCOLORSCREEN -dMaxBitmap=500000000 -sOutputFile=xxx.bitcmyk \
    icc.usecie.ps Document-1.ps
Starting program: /usr/bin/gs -sPAPERSIZE=letter -g10200x6600 -r1200x600 -sDEVICE=bitcmyk     -dCOLORSCREEN -dMaxBitmap=500000000 -sOutputFile=xxx.bitcmyk     icc.usecie.ps Document-1.ps
[Thread debugging using libthread_db enabled]
GPL Ghostscript 8.71 (2010-02-10)
Copyright (C) 2010 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.

Program received signal SIGSEGV, Segmentation fault.
0x03290f16 in wts_draw (ws=0x81713d8, shade=32760, data=0x80541e0 "\330CK", 
    data_raster=4, x=1440, y=-1, w=21, h=1) at base/gxwts.c:354
354                         b |= mask;
(gdb) bt
#0  0x03290f16 in wts_draw (ws=0x81713d8, shade=32760, 
    data=0x80541e0 "\330CK", data_raster=4, x=1440, y=-1, w=21, h=1)
    at base/gxwts.c:354
#1  0x03291348 in gx_dc_wts_fill_rectangle_4 (pdevc=0x81a8f28, x=1440, y=-1, 
    w=21, h=1, dev=0xbfffd350, lop=252, source=0x0) at base/gxwts.c:533
#2  gx_dc_wts_fill_rectangle (pdevc=0x81a8f28, x=1440, y=-1, w=21, h=1, 
    dev=0xbfffd350, lop=252, source=0x0) at base/gxwts.c:569
#3  0x032b0c56 in gx_fill_trapezoid_ns_nd (dev=0xbfffd350, left=0xbfffb5bc, 
    right=0xbfffb5ac, ybot=-128, ytop=-127, swap_axes=0, pdevc=0x81a8f28, 
    lop=252) from /usr/lib/libgs.so.8
#4  gx_default_fill_trapezoid (dev=0xbfffd350, left=0xbfffb5bc, 
    right=0xbfffb5ac, ybot=-128, ytop=-127, swap_axes=0, pdevc=0x81a8f28, 
    lop=252) at base/gdevddrw.c:439
#5  0x0328a926 in loop_fill_trap_np (ll=0xbfffb6a8, band_mask=-2147483648)
    at base/gxfill.c:1599
#6  slant_into_trapezoids__nd (ll=0xbfffb6a8, band_mask=-2147483648)
    at base/gxfillts.h:81
#7  spot_into_trapezoids__aj_nd (ll=0xbfffb6a8, band_mask=-2147483648)
    at base/gxfilltr.h:220
#8  spot_into_trapezoids (ll=0xbfffb6a8, band_mask=-2147483648)
    at base/gxfill.c:2061
#9  0x0327f0b0 in gx_general_fill_path (pdev=0x809cccc, pis=0x806664c, 
    ppath=0x8077190, params=0xbfffd8bc, pdevc=0x81a8f28, pcpath=0x81a8e18)
    at base/gxfill.c:489
#10 gx_default_fill_path (pdev=0x809cccc, pis=0x806664c, ppath=0x8077190, 
    params=0xbfffd8bc, pdevc=0x81a8f28, pcpath=0x81a8e18) at base/gxfill.c:645
#11 0x0329d552 in gx_fill_path (ppath=0x8077190, pdevc=0x81a8f28, 
    pgs=0x806664c, rule=-1, adjust_x=128, adjust_y=128) at base/gxpaint.c:48
#12 0x0325f49c in fill_with_rule (pgs=0x806664c, rule=-1) at base/gspaint.c:310
#13 0x0302a5f0 in zfill (i_ctx_p=0x8076d24) at psi/zpaint.c:25
#14 0x02ff3683 in interp (pi_ctx_p=0x804c1c4, pref=<value optimized out>, 
    perror_object=0xbfffe714) at psi/interp.c:1162
#15 0x02ff58f0 in gs_call_interp (pi_ctx_p=0x804c1c4, pref=0xbfffe658, 
    user_errors=1, pexit_code=0xbfffe71c, perror_object=0xbfffe714)
    at psi/interp.c:496
#16 gs_interpret (pi_ctx_p=0x804c1c4, pref=0xbfffe658, user_errors=1, 
---Type <return> to continue, or q <return> to quit---
    pexit_code=0xbfffe71c, perror_object=0xbfffe714) at psi/interp.c:454
#17 0x02fe8919 in gs_main_interpret (minst=0x804c170, user_errors=1, 
    pexit_code=0xbfffe71c, perror_object=0xbfffe714) at psi/imain.c:214
#18 gs_main_run_string_end (minst=0x804c170, user_errors=1, 
    pexit_code=0xbfffe71c, perror_object=0xbfffe714) at psi/imain.c:526
#19 0x02fe8d9a in gs_main_run_string_with_length (minst=0x804c170, 
    str=0x80e6b40 "<446f63756d656e742d312e7073>.runfile", length=36, 
    user_errors=1, pexit_code=0xbfffe71c, perror_object=0xbfffe714)
    at psi/imain.c:484
#20 0x02fe8dfb in gs_main_run_string (minst=0x804c170, 
    str=0x80e6b40 "<446f63756d656e742d312e7073>.runfile", user_errors=1, 
    pexit_code=0xbfffe71c, perror_object=0xbfffe714) at psi/imain.c:466
#21 0x02fe9c11 in run_string (minst=0x804c170, str=<value optimized out>, 
    options=3) at psi/imainarg.c:814
#22 0x02fea4d8 in runarg (minst=0x804c170, pre=0x3306039 "", 
    arg=0x8053b30 "Document-1.ps", post=0x32d1e7a ".runfile", options=3)
    at psi/imainarg.c:805
#23 0x02fea78a in argproc (minst=0x804c170, arg=0xbffff466 "Document-1.ps")
    at psi/imainarg.c:738
#24 0x02fec1f2 in gs_main_init_with_args (minst=0x804c170, argc=10, 
    argv=0xbffff224) at psi/imainarg.c:215
#25 0x02fed45f in gsapi_init_with_args (lib=0x804c108, argc=10, 
    argv=0xbffff224) at psi/iapi.c:167
#26 0x080487f4 in main (argc=10, argv=0xbffff224) at psi/dxmainc.c:84
(gdb) 

But, it works on gs 9.01.

And also if you don't prefix it with icc.usecie.ps on gs 8.71.
But then we get poor screens (dithering) for pictures.
Comment 1 Rick Richardson 2011-01-10 14:24:22 UTC 
Created attachment 472599 [details]
Document-1.ps
Comment 2 Rick Richardson 2011-01-10 14:25:02 UTC 
Created attachment 472601 [details]
icc.usecie.ps
Comment 3 Rick Richardson 2011-01-10 15:50:39 UTC 
$ svn co http://svn.ghostscript.com/ghostscript/trunk/gs
...Build it...
$ gs ....

Success!  No segfault detected!
Comment 4 Bug Zapper 2011-05-30 12:02:11 UTC 
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '13'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 13's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 13 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Tim Waugh 2011-06-01 12:16:45 UTC 
Still occurs in Fedora 15 with ghostscript-9.02-1.fc15.x86_64.
Comment 6 Tim Waugh 2011-08-11 15:43:39 UTC 
Still occurs with ghostscript-9.04-1.fc15.  Perhaps one of the build options is different when you are building it from SVN?
Comment 7 Tim Waugh 2011-11-02 13:05:50 UTC 
Fails here with default configure options with git-e4a9ab0.
Comment 8 Tim Waugh 2011-11-02 15:04:20 UTC 
Reported upstream.
Note You need to log in before you can comment on or make changes to this bug.