#469761 file crashes ps2pdf/epstool/ghostscript

Package:
ghostscript
Source:
ghostscript
Description:
interpreter for the PostScript language and for PDF
Submitter:
Ryo Furue
Date:
2024-02-25 05:03:08 UTC
Severity:
important
Tags:
#469761#5
Date:
2008-03-06 22:14:27 UTC
From:
To:
Epstool crashes as follows.  I'm attaching the PostScript file that
causes it.
$ epstool --copy --quiet --output - -b tmp.eps
ERROR: /typecheck in --aload--
Operand stack:
   --nostringval--
Execution stack:
   %interp_exit   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --nostringval--   --nostringval--   false   1   %stopped_push   1   3   %oparray_pop   1   3   %oparray_pop   1   3   %oparray_pop   1   3   %oparray_pop   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --nostringval--
Dictionary stack:
   --dict:1122/1686(ro)(G)--   --dict:0/20(G)--   --dict:126/200(L)--
Current allocation mode is local
Current file position is 291427
*** glibc detected *** epstool: double free or corruption (!prev): 0x08093158 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0x4009c915]
/lib/i686/cmov/libc.so.6(cfree+0x90)[0x400a0380]
/lib/i686/cmov/libc.so.6(fclose+0x134)[0x4008b274]
epstool[0x804a46a]
epstool[0x804b5a9]
epstool[0x804e5a8]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0x40047450]
epstool[0x8048db1]
======= Memory map: ========
08048000-08081000 r-xp 00000000 08:01 8372369    /usr/bin/epstool
08081000-08082000 rw-p 00039000 08:01 8372369    /usr/bin/epstool
08082000-080b3000 rw-p 08082000 00:00 0          [heap]
40000000-4001c000 r-xp 00000000 08:01 25247783   /lib/ld-2.7.so
4001c000-4001e000 rw-p 0001b000 08:01 25247783   /lib/ld-2.7.so
4001e000-40020000 rw-p 4001e000 00:00 0
40031000-40178000 r-xp 00000000 08:01 25265123   /lib/i686/cmov/libc-2.7.so
40178000-40179000 r--p 00147000 08:01 25265123   /lib/i686/cmov/libc-2.7.so
40179000-4017b000 rw-p 00148000 08:01 25265123   /lib/i686/cmov/libc-2.7.so
4017b000-4017f000 rw-p 4017b000 00:00 0
4017f000-4018b000 r-xp 00000000 08:01 25247751   /lib/libgcc_s.so.1
4018b000-4018c000 rw-p 0000b000 08:01 25247751   /lib/libgcc_s.so.1
40200000-40221000 rw-p 40200000 00:00 0
40221000-40300000 ---p 40221000 00:00 0
bff47000-bff5d000 rw-p bff47000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
Aborted
$
<<<<<<<<<<<<<<<<<<<

Hope this helps,
Ryo

#469761#10
Date:
2009-09-23 14:39:03 UTC
From:
To:
--- Please enter the report below this line. ---
I can reproduce the reported behaviour and I think it's the broken eps that causes
the crash. This should be reported to upstream so they can fix it.

Debian Release: squeeze/sid
  500 testing         security.debian.org
  500 testing         ftp.uni-kl.de
  500 testing         ftp.de.debian.org
  500 lenny-cran      ftp5.gwdg.de
--- Package information. ---
Depends          (Version) | Installed
==========================-+-===========
libc6             (>= 2.3) | 2.9-25
ghostscript                | 8.70~dfsg-2


Package's Recommends field is empty.

Package's Suggests field is empty.

#469761#19
Date:
2014-09-15 23:06:55 UTC
From:
To:
reassign 469761 ghostscript
retitle 469761 file crashes ps2pdf/epstool/ghostscript

thanks

Hi,

I think it's actually a bug in ghostscript as ps2pdf throws the same error as epstool.
Could you please forward it upstream?

Best,
Philip

#469761#30
Date:
2024-01-05 02:24:48 UTC
From:
To:
as epstool.

Tested with ghostscript 10.02.1 and the issue remains:

$ ps2pdf tmp.eps
Error: /typecheck in --aload--
Operand stack:   --nostringval--
Execution stack:   %interp_exit   .runexec2   --nostringval--   --
nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --
nostringval--   --nostringval--   false   1   %stopped_push   1944   1   3
%oparray_pop   1943   1   3   %oparray_pop   1942   1   3   %oparray_pop   --
nostringval--   1928   1   3   %oparray_pop   1801   1   3   %oparray_pop   --
nostringval--   %errorexec_pop   .runexec2   --nostringval--   --nostringval--
--nostringval--   2   %stopped_push   --nostringval--   --nostringval--
Dictionary stack:   --dict:748/1123(ro)(G)--   --dict:0/20(G)--   --dict:
111/200(L)--
Current allocation mode is local
Current file position is 291380
GPL Ghostscript 10.02.1: Unrecoverable error, exit code 1

#469761#37
Date:
2024-02-25 02:30:49 UTC
From:
To:
corruption").  That is gone.

When I tested earlier this year, I noted the diagnostic " Error: /typecheck in
--aload--" was the same so I left the bug open.
--
--
nostringval--


However, this diagnostic does seem to me a valid report indicating the eps file
is buggy.  I was able to track down the problem to a line containing "0 o",
which attempts to obtain index zero of array "ct", but element zero is never
set.  I was able to render the file by inserting the following at line 196:

ct 0 [0.000000 0.000000 0.000000] put

Regards,
-Steve