Created attachment 525633 [details] Postscript file that triggers crash - landscape produced by IDL Description of problem: ghostscript 9.04 crashes on certain postscript files like the attached. gs 9.02 works fine. Version-Release number of selected component (if applicable): 9.04-3 How reproducible: everytime Steps to Reproduce: 1. gs idl.ps gdb run: Can't find (or can't open) font file /usr/share/ghostscript/9.04/Resource/Font/NimbusSanL-Regu. Can't find (or can't open) font file NimbusSanL-Regu. Can't find (or can't open) font file /usr/share/ghostscript/9.04/Resource/Font/NimbusSanL-Regu. Can't find (or can't open) font file NimbusSanL-Regu. Querying operating system for font files... Loading NimbusSanL-Regu font from /usr/share/fonts/default/Type1/n019003l.pfb... 2599620 1284189 3455088 1629536 3 done. Program received signal SIGSEGV, Segmentation fault. FT_Outline_Decompose (outline=0x14, func_interface=0x6e3ff4, user=0xbfffc8ac) at freetype/src/base/ftoutln.c:82 82 for ( n = 0; n < outline->n_contours; n++ ) Missing separate debuginfos, use: debuginfo-install avahi-libs-0.6.30-3.fc15.i686 glibc-2.14-5.i686 gnutls-2.10.5-1.fc15.i686 keyutils-libs-1.2-7.fc15.i686 libgcrypt-1.4.6-1.fc15.i686 libgpg-error-1.9-2.fc15.i686 libtasn1-2.7-2.fc15.i686 libuuid-2.19.1-1.4.fc15.i686 libxcb-1.7-2.fc15.i686 nss-softokn-freebl-3.12.10-4.fc15.i686 (gdb) bt #0 FT_Outline_Decompose (outline=0x14, func_interface=0x6e3ff4, user=0xbfffc8ac) at freetype/src/base/ftoutln.c:82 #1 0x0030648a in get_char_outline (a_server=0x8051900, a_path=0xbfffc8f0) at psi/fapi_ft.c:1373 #2 0x003041d9 in outline_char (i_ctx_p=0x80758a8, I=0x8051900, penum_s=0x820eed4, path=0x8075ea0, close_path=1, import_shift_v=-24) at psi/zfapi.c:1636 #3 0x0030447b in fapi_finish_render_aux (i_ctx_p=0x80758a8, pbfont=0x8103908, I=0x8051900) at psi/zfapi.c:1891 #4 0x00304f66 in fapi_finish_render (i_ctx_p=0x80758a8) at psi/zfapi.c:1983 #5 0x0030320b in FAPI_do_char (i_ctx_p=0x80758a8, pbfont=0x8103908, dev=0x80a877c, font_file_path=0x0, bBuildGlyph=0, charstring=0x0) at psi/zfapi.c:2766 #6 0x00303e0b in FAPI_char (i_ctx_p=0x80758a8, bBuildGlyph=0, charstring=0x0) at psi/zfapi.c:2790 #7 0x00222674 in interp (pi_ctx_p=0x804a22c, pref=<optimized out>, perror_object=0xbfffdb64) at psi/interp.c:1276 #8 0x0022380f in gs_call_interp (perror_object=0xbfffdb64, pexit_code=0xbfffdb6c, user_errors=1, pref=0xbfffdab8, pi_ctx_p=0x804a22c) at psi/interp.c:490 #9 gs_interpret (pi_ctx_p=0x804a22c, pref=0xbfffdab8, user_errors=1, pexit_code=0xbfffdb6c, perror_object=0xbfffdb64) at psi/interp.c:448 #10 0x0021775e in gs_main_interpret (perror_object=0xbfffdb64, pexit_code=0xbfffdb6c, user_errors=1, pref=0xbfffdab8, minst=0x804a1d8) at psi/imain.c:239 #11 gs_main_run_string_end (minst=0x804a1d8, user_errors=1, pexit_code=0xbfffdb6c, perror_object=0xbfffdb64) at psi/imain.c:591 #12 0x00217818 in gs_main_run_string_with_length (minst=0x804a1d8, str=0x8253828 "<69646c2e7073>.runfile", length=22, user_errors=1, pexit_code=0xbfffdb6c, perror_object=0xbfffdb64) at psi/imain.c:549 #13 0x0021786f in gs_main_run_string (minst=0x804a1d8, str=0x8253828 "<69646c2e7073>.runfile", user_errors=1, pexit_code=0xbfffdb6c, perror_object=0xbfffdb64) at psi/imain.c:531 #14 0x00218dc4 in run_string (minst=0x804a1d8, str=<optimized out>, options=3) at psi/imainarg.c:822 #15 0x00218f36 in runarg (minst=0x804a1d8, pre=<optimized out>, arg=0x8051a90 "idl.ps", post=0x59ef1e ".runfile", options=3) at psi/imainarg.c:813 #16 0x00219186 in argproc (arg=0xbfffe8e9 "idl.ps", minst=0x804a1d8) at psi/imainarg.c:746 #17 argproc (minst=0x804a1d8, arg=0xbfffe8e9 "idl.ps") at psi/imainarg.c:731 #18 0x0021a7e4 in gs_main_init_with_args (minst=0x804a1d8, argc=2, argv=0xbfffe634) at psi/imainarg.c:221 #19 0x0021b89a in gsapi_init_with_args (lib=0x804a118, argc=2, argv=0xbfffe634) at psi/iapi.c:172 #20 0x08048715 in main (argc=2, argv=0xbfffe634) at psi/dxmainc.c:84 (gdb) print outline $1 = (FT_Outline *) 0x14 (gdb) print *outline Cannot access memory at address 0x14 (gdb) up #1 0x0030648a in get_char_outline (a_server=0x8051900, a_path=0xbfffc8f0) at psi/fapi_ft.c:1373 1373 ft_error = FT_Outline_Decompose(&s->outline_glyph->outline, &TheFtOutlineFuncs, &p); (gdb) print s->outline_glyph $2 = (FT_OutlineGlyph) 0x0 (gdb) print s $3 = (FF_server *) 0x8051900 (gdb) print *s $4 = {fapi_server = {ig = {d = 0x6e3fe8}, frac_shift = 16, face = {font_id = 799, ctm = { xx = 0, xy = 1.60126217e-06, yx = 1.60126217e-06, yy = 0, tx = 434, ty = 223}, log2_scale = {x = 0, y = 0}, align_to_pixels = 0, HWResolution = {96.0756531, 96.0756531}}, ff = {server_font_data = 0x0, need_decrypt = 0, memory = 0x0, font_file_path = 0x0, subfont = 0, is_type1 = 0, is_cid = 0, is_outline_font = 0, is_mtx_skipped = 0, is_vertical = 0, client_ctx_p = 0x0, client_font_data = 0x0, client_font_data2 = 0x0, char_data = 0x809dd02, char_data_len = 3, get_word = 0x2fd6c0 <FAPI_FF_get_word>, get_long = 0x305780 <FAPI_FF_get_long>, get_float = 0x2fcff0 <FAPI_FF_get_float>, get_name = 0x2fe1b0 <FAPI_FF_get_name>, get_proc = 0x2fd4f0 <FAPI_FF_get_proc>, get_gsubr = 0x2fdfe0 <FAPI_FF_get_gsubr>, get_subr = 0x2fdf00 <FAPI_FF_get_subr>, get_raw_subr = 0x2fe0c0 <FAPI_FF_get_raw_subr>, get_glyph = 0x2ff250 <FAPI_FF_get_glyph>, serialize_tt_font = 0x305700 <FAPI_FF_serialize_tt_font>, get_charstring = 0x2fe3c0 <FAPI_FF_get_charstring>, get_charstring_name = 0x2fe2e0 <FAPI_FF_get_charstring_name>}, max_bitmap = 0, skip_glyph = 1, use_outline = 1, initial_FontMatrix = {xx = 0.00100000005, xy = 0, yx = 0, yy = 0.00100000005, tx = 0, ty = 0}, ensure_open = 0x307b20 <ensure_open>, get_scaled_font = 0x306e70 <get_scaled_font>, get_decodingID = 0x305d70 <get_decodingID>, get_font_bbox = 0x305d90 <get_font_bbox>, get_font_proportional_feature = 0x305dc0 <get_font_proportional_feature>, can_retrieve_char_by_name = 0x306d60 <can_retrieve_char_by_name>, can_replace_metrics = 0x305dd0 <can_replace_metrics>, get_fontmatrix = 0x305de0 <get_fontmatrix>, get_char_width = 0x306c40 <get_char_width>, get_char_raster_metrics = 0x306bf0 <get_char_raster_metrics>, get_char_raster = 0x305e10 <get_char_raster>, get_char_outline_metrics = 0x306ba0 <get_char_outline_metrics>, get_char_outline = 0x306420 <get_char_outline>, release_char_data = 0x306360 <release_char_data>, release_typeface = 0x3062b0 <release_typeface>, check_cmap_for_GID = 0x306260 <check_cmap_for_GID>}, freetype_library = 0x81f5630, outline_glyph = 0x0, bitmap_glyph = 0x0, mem = 0x804a038, ftmemory = 0x8187658} (gdb) print a_server $5 = (FAPI_server *) 0x8051900 (gdb) print *a_server $6 = {ig = {d = 0x6e3fe8}, frac_shift = 16, face = {font_id = 799, ctm = {xx = 0, xy = 1.60126217e-06, yx = 1.60126217e-06, yy = 0, tx = 434, ty = 223}, log2_scale = { x = 0, y = 0}, align_to_pixels = 0, HWResolution = {96.0756531, 96.0756531}}, ff = { server_font_data = 0x0, need_decrypt = 0, memory = 0x0, font_file_path = 0x0, subfont = 0, is_type1 = 0, is_cid = 0, is_outline_font = 0, is_mtx_skipped = 0, is_vertical = 0, client_ctx_p = 0x0, client_font_data = 0x0, client_font_data2 = 0x0, char_data = 0x809dd02, char_data_len = 3, get_word = 0x2fd6c0 <FAPI_FF_get_word>, get_long = 0x305780 <FAPI_FF_get_long>, get_float = 0x2fcff0 <FAPI_FF_get_float>, get_name = 0x2fe1b0 <FAPI_FF_get_name>, get_proc = 0x2fd4f0 <FAPI_FF_get_proc>, get_gsubr = 0x2fdfe0 <FAPI_FF_get_gsubr>, get_subr = 0x2fdf00 <FAPI_FF_get_subr>, get_raw_subr = 0x2fe0c0 <FAPI_FF_get_raw_subr>, get_glyph = 0x2ff250 <FAPI_FF_get_glyph>, serialize_tt_font = 0x305700 <FAPI_FF_serialize_tt_font>, get_charstring = 0x2fe3c0 <FAPI_FF_get_charstring>, get_charstring_name = 0x2fe2e0 <FAPI_FF_get_charstring_name>}, max_bitmap = 0, skip_glyph = 1, use_outline = 1, initial_FontMatrix = {xx = 0.00100000005, xy = 0, yx = 0, yy = 0.00100000005, tx = 0, ty = 0}, ensure_open = 0x307b20 <ensure_open>, get_scaled_font = 0x306e70 <get_scaled_font>, get_decodingID = 0x305d70 <get_decodingID>, get_font_bbox = 0x305d90 <get_font_bbox>, get_font_proportional_feature = 0x305dc0 <get_font_proportional_feature>, can_retrieve_char_by_name = 0x306d60 <can_retrieve_char_by_name>, can_replace_metrics = 0x305dd0 <can_replace_metrics>, get_fontmatrix = 0x305de0 <get_fontmatrix>, get_char_width = 0x306c40 <get_char_width>, get_char_raster_metrics = 0x306bf0 <get_char_raster_metrics>, get_char_raster = 0x305e10 <get_char_raster>, get_char_outline_metrics = 0x306ba0 <get_char_outline_metrics>, get_char_outline = 0x306420 <get_char_outline>, release_char_data = 0x306360 <release_char_data>, release_typeface = 0x3062b0 <release_typeface>, check_cmap_for_GID = 0x306260 <check_cmap_for_GID>} (gdb) print *a_server->outline_glyph There is no member named outline_glyph.
Note that with 9.02 this line is different: Loading NimbusSanL-Regu font from /usr/share/fonts/default/Type1/n019003l.pfb... 2607364 1268057 3436356 1626469 3 done.
And there is: GPL Ghostscript 9.02: Warning: the Xfonts feature is deprecated and will be removed in a future release.
Assigning to freetype since it seems freetype related and perhaps the maintainer could shed some insight.
Upstream says they have a fix (see upstream bug for more) http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d8089a
ghostscript-9.04-5.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/ghostscript-9.04-5.fc16
ghostscript-9.04-5.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/ghostscript-9.04-5.fc15
Package ghostscript-9.04-5.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ghostscript-9.04-5.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-15279 then log in and leave karma (feedback).
ghostscript-9.04-7.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
ghostscript-9.04-7.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.