- Package:
- ghostscript
- Source:
- ghostscript
- Description:
- interpreter for the PostScript language and for PDF
- Submitter:
- Date:
- 2024-02-25 03:09:03 UTC
- Severity:
- normal
- Tags:
When quitting ghostscript, after some example CJK postscript files processed,
it segfault.
/usr/share/doc/ghostscript/examples/cjk:
all_ac1.ps.gz
all_ag1.ps.gz
all_aj1.ps.gz
all_aj2.ps.gz
all_ak1.ps.gz
article9.ps
gscjk_ac.ps
gscjk_ag.ps
gscjk_aj.ps
gscjk_ak.ps
iso2022.ps.gz
iso2022v.ps.gz
iso2022.ps.gz and iso2022.ps.gz make gs segfault when quit.
Others are OK.
% zcat /usr/share/doc/ghostscript/examples/cjk/iso2022.ps.gz > iso2022.ps
% gs iso2022.ps
GPL Ghostscript 8.71 (2010-02-10)
Copyright (C) 2010 Artifex Software, Inc. All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
------------------------------------------------------------------------
This is a script to test CJK fonts such as CID-keyed fonts.
If you have not done CID-keyed fonts installation and definitions at
/Resource/CMap and CIDFnmap or /Resource/CIDFont of ghostscript, then
this script can't work correctly.
For details, please see README at http://www.gyve.org/gs-cjk/supplement.
If you throw this script into a printer, it requires PostScript 3
printer and CID-keyed fonts specified in this script.
------------------------------------------------------------------------
Loading NimbusMonL-Regu font from /usr/share/fonts/type1/gsfonts/n022003l.pfb... 3909104 2177679 6773592 5444181 1 done.
Loading NimbusMonL-Bold font from /usr/share/fonts/type1/gsfonts/n022004l.pfb... 3952096 2314304 6773592 5460478 1 done.
Loading a TT font from /usr/share/fonts/truetype/ttf-japanese-mincho.ttf to emulate a CID font Japanese-Mincho-Regular ... Done.
Loading a TT font from /usr/share/fonts/truetype/arphic/uming.ttc to emulate a CID font BousungEG-Light-GB ... Done.
Loading a TT font from /usr/share/fonts/truetype/unfonts/UnBatang.ttf to emulate a CID font UnBatang-Regular ... Done.
Can't find (or can't open) font file /usr/share/ghostscript/8.71/Resource/Font/HeiseiMin-W3H-Hojo-H.
Can't find (or can't open) font file HeiseiMin-W3H-Hojo-H.
Querying operating system for font files...
Can't find (or can't open) font file /usr/share/ghostscript/8.71/Resource/Font/HeiseiMin-W3H-Hojo-H.
Can't find (or can't open) font file HeiseiMin-W3H-Hojo-H.
Didn't find this font on the system!
Substituting font Courier for HeiseiMin-W3H-Hojo-H.
Loading a TT font from /usr/share/fonts/truetype/arphic/uming.ttc to emulate a CID font ShanHeiSun-Light ... Done.
Loading a TT font from /usr/share/fonts/truetype/ttf-japanese-gothic.ttf to emulate a CID font Japanese-Gothic-Regular ... Done.
Loading a TT font from /usr/share/fonts/truetype/unfonts/UnDotum.ttf to emulate a CID font UnDotum-Regular ... Done.
Can't find (or can't open) font file /usr/share/ghostscript/8.71/Resource/Font/HeiseiKakuGo-W5H-Hojo-H.
Can't find (or can't open) font file HeiseiKakuGo-W5H-Hojo-H.
Didn't find this font on the system!
Substituting font Courier for HeiseiKakuGo-W5H-Hojo-H.
Loading a TT font from /usr/share/fonts/truetype/arphic/ukai.ttc to emulate a CID font ZenKai-Medium ... Done.
Loading NimbusSanL-Regu font from /usr/share/fonts/type1/gsfonts/n019003l.pfb... 18364328 16950211 7472224 5505865 1 done.
Loading NimbusSanL-Bold font from /usr/share/fonts/type1/gsfonts/n019004l.pfb... 18486056 17067725 8252544 6524718 1 done.
GS>quit
zsh: segmentation fault (core dumped) gs iso2022.ps
%
I want to get backtrace, so I run not stripped binary.
% LD_LIBRARY_PATH=./ghostscript-8.71\~dfsg2/sobin ./ghostscript-8.71\~dfsg2/bin/gs iso2022.ps
:
zsh: segmentation fault (core dumped) LD_LIBRARY_PATH=./ghostscript-8.71\~dfsg2/sobin iso2022.ps
%
% gdb ./ghostscript-8.71\~dfsg2/bin/gs core
:
Core was generated by `./ghostscript-8.71~dfsg2/bin/gs iso2022.ps'.
Program terminated with signal 11, Segmentation fault.
#0 0x00000000007064ed in i_free_object (mem=0x2a0c848, ptr=0x3132488,
cname=0x7a04c0 "subst_CID_on_WMode_finalize") at ./base/gsalloc.c:787
warning: Source file is more recent than executable.
787 gs_alloc_fill(ptr, gs_alloc_fill_free, size);
(gdb) bt
#0 0x00000000007064ed in i_free_object (mem=0x2a0c848, ptr=0x3132488,
cname=0x7a04c0 "subst_CID_on_WMode_finalize") at ./base/gsalloc.c:787
#1 0x000000000049f5e9 in subst_CID_on_WMode_finalize (data=0x3132470)
at ./base/gsfcid.c:112
#2 0x00000000007064f0 in i_free_object (mem=0x2a0c848, ptr=0x3132470,
cname=0x79c965 "release_subst_CID_on_WMode") at ./base/gsalloc.c:787
#3 0x0000000000463cf7 in release_subst_CID_on_WMode (data=0x30e9570,
event=<value optimized out>) at ./psi/zfcid1.c:294
#4 0x000000000072c048 in gs_notify_all (nlist=<value optimized out>,
event_data=0x0) at ./base/gsnotify.c:103
#5 0x00000000007199f2 in gs_font_finalize (vptr=<value optimized out>)
at ./base/gsfont.c:165
#6 0x0000000000522cf5 in restore_finalize (mem=<value optimized out>)
at ./psi/isave.c:950
#7 0x0000000000523e8b in alloc_restore_step_in (dmem=0x2a4ebf8, save=0x3101348)
at ./psi/isave.c:775
#8 0x0000000000523f7b in alloc_restore_all (dmem=0x2a4ebf8) at ./psi/isave.c:886
#9 0x00000000004d2035 in gs_main_finit (minst=0x2a0c2b0, exit_status=0,
code=-101) at ./psi/imain.c:796
#10 0x0000000000451975 in main (argc=2, argv=0x7fff99da0838) at ./psi/gs.c:119
(gdb)
Hi dai, Thanks for filing this bugreport! CJK support requires cjk font packages installed (as I understand it). Which cjk packages did you have installed on the system? Kind regards, - Jonas
Hi, At Mon, 24 May 2010 11:49:44 +0200, Jonas Smedegaard wrote: I confirmed this bug. I installed: otf-ipafont-mincho otf-ipafont-gothic ttf-unfonts-core ttf-arphic-uming ttf-arphic-ukai gs-cjk-resource cmap-adobe-japan1 cmap-adobe-japan2 cmap-adobe-korea1 cmap-adobe-cns1 cmap-adobe-gb1 of Sid and got same error. I'll investigate details. Thanks,
Great that you will work on this! - Jonas
Hi, I installed below fonts. gsfonts gsfonts-other gsfonts-wadalab-common gsfonts-wadalab-gothic gsfonts-wadalab-mincho gsfonts-x11 gs-cjk-resource cmap-adobe-cns1 cmap-adobe-gb1 cmap-adobe-japan1 cmap-adobe-japan2 cmap-adobe-korea1 ttf-arphic-ukai ttf-arphic-uming ttf-bitstream-vera ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-freefont ttf-kiloji ttf-lyx ttf-opensymbol ttf-sazanami-gothic ttf-sazanami-mincho ttf-unfonts-core ttf-vlgothic xfonts-100dpi xfonts-base xfonts-encodings xfonts-mathml xfonts-scalable xfonts-utils
Hi,
I found out where ghostscript crashed.
So, I modify random shot and it does not crash.
But I do not know what original and modified line means.
Here is debug built ghostscript's execution log.
dai@qemu-i386:~$ ./src/ghostscript-8.71~dfsg2/debugobj/gs -Z^ -dSAFER -dBATCH -dNOPAUSE iso2022.ps > log 2>&1
セグメンテーション違反です (core dumped)
dai@qemu-i386:~$ grep gs_subst_CID_on_WMode log
Loading a TT font from /usr/share/fonts/truetype/ttf-japanese-mincho.ttf to emulate a CID font Japanese-Mincho-Regular ... Done.[^]gs_subst_CID_on_WMode 0xa1bae80 init = 1
[^]gs_subst_CID_on_WMode 0xa1bae80 ++ => 2
[^]gs_subst_CID_on_WMode 0xa1326a4 init = 1
[^]gs_subst_CID_on_WMode 0xa1326a4 ++ => 2
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 3
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 4
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 5
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 6
Loading a TT [^]gs_subst_CID_on_WMode 0xa132538 ++ => 7
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 8
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 9
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 10
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 8
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 6
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 4
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 2
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 0
[^]gs_subst_CID_on_WMode 0xa132538 => free (release_subst_CID_on_WMode)
dai@qemu-i386:~$
I suspect that -2 is over subtraction, but no reason.
So, I modify release_subst_CID_on_WMode in ghostscript-8.71~dfsg/psi/zfcid1.c.
diff -urNp ghostscript-8.71~dfsg2/psi/zfcid1.c.orig ghostscript-8.71~dfsg2/psi/zfcid1.c
--- ghostscript-8.71~dfsg2/psi/zfcid1.c.orig 2009-12-06 04:21:42.000000000 +0900
+++ ghostscript-8.71~dfsg2/psi/zfcid1.c 2010-05-28 18:03:53.000000000 +0900
@@ -291,7 +291,7 @@ release_subst_CID_on_WMode(void *data, v
gs_font_notify_unregister((gs_font *)pfcid, release_subst_CID_on_WMode, data);
pfcid->subst_CID_on_WMode = NULL;
- rc_adjust(subst, -2, "release_subst_CID_on_WMode");
+ rc_adjust(subst, -1, "release_subst_CID_on_WMode");
return 0;
}
Then, Here is modify ghostscript's execution log.
dai@qemu-i386:~$ ./src/ghostscript-8.71~dfsg2/debugobj/gs -Z^ -dSAFER -dBATCH -dNOPAUSE iso2022.ps > log 2>&1
dai@qemu-i386:~$ grep gs_subst_CID_on_WMode log
Loading a TT font from /usr/share/fonts/truetype/ttf-japanese-mincho.ttf to emulate a CID font Japanese-Mincho-Regular ... Done.[^]gs_subst_CID_on_WMode 0x8ff7e80 init = 1
[^]gs_subst_CID_on_WMode 0x8ff7e80 ++ => 2
[^]gs_subst_CID_on_WMode 0x8f6f6a4 init = 1
[^]gs_subst_CID_on_WMode 0x8f6f6a4 ++ => 2
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 3
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 4
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 5
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 6
Loading a TT [^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 7
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 8
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 9
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 10
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 9
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 8
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 7
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 6
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 5
[^]gs_subst_CID_on_WMode 0x8ff7e80 -1 => 1
dai@qemu-i386:~$
It does not crash.
But I do not know whether it is correct and
why original code is not -1 but -2.
This code was introduced about 1.5 years ago.
http://bugs.ghostscript.com/show_bug.cgi?id=689304
http://ghostscript.com/pipermail/gs-cvs/2008-November/008789.html
Should I ask this bug to upstream?
tags 582846 +moreinfo thanks Dear VDR dai, Could you try to reproduce this bug with the newer ghostscript. I could not reproduce with 9.05~dfsg-6 thanks
submitter 582846 ! thanks I think it depends installed fonts. % ghostscript iso2022.ps GPL Ghostscript 9.05 (2012-02-08) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. ------------------------------------------------------------------------ This is a script to test CJK fonts such as CID-keyed fonts. If you have not done CID-keyed fonts installation and definitions at /Resource/CMap and CIDFnmap or /Resource/CIDFont of ghostscript, then this script can't work correctly. For details, please see README at http://www.gyve.org/gs-cjk/supplement. If you throw this script into a printer, it requires PostScript 3 printer and CID-keyed fonts specified in this script. ------------------------------------------------------------------------ Loading NimbusMonL-Regu font from /usr/share/fonts/type1/gsfonts/n022003l.pfb... 3732144 2230667 4600464 3242359 1 done. Loading NimbusMonL-Bold font from /usr/share/fonts/type1/gsfonts/n022004l.pfb... 3775136 2365854 4600464 3262388 1 done. Loading a TT font from /usr/share/fonts/truetype/fonts-japanese-mincho.ttf to emulate a CID font Japanese-Mincho-Regular ... Done. Loading a TT font from /usr/share/fonts/truetype/arphic/uming.ttc to emulate a CID font BousungEG-Light-GB ... Done. Loading a TT font from /usr/share/fonts/truetype/unfonts-core/UnBatang.ttf to emulate a CID font UnBatang-Regular ... Done. Can't find (or can't open) font file /usr/share/ghostscript/9.05/Resource/Font/HeiseiMin-W3H-Hojo-H. Can't find (or can't open) font file HeiseiMin-W3H-Hojo-H. Querying operating system for font files... Can't find (or can't open) font file /usr/share/ghostscript/9.05/Resource/Font/HeiseiMin-W3H-Hojo-H. Can't find (or can't open) font file HeiseiMin-W3H-Hojo-H. Didn't find this font on the system! Substituting font Courier for HeiseiMin-W3H-Hojo-H. Loading a TT font from /usr/share/fonts/truetype/arphic/uming.ttc to emulate a CID font ShanHeiSun-Light ... Done. Loading a TT font from /usr/share/fonts/truetype/fonts-japanese-gothic.ttf to emulate a CID font Japanese-Gothic-Regular ... Done. Loading a TT font from /usr/share/fonts/truetype/unfonts-core/UnDotum.ttf to emulate a CID font UnDotum-Regular ... Done. Can't find (or can't open) font file /usr/share/ghostscript/9.05/Resource/Font/HeiseiKakuGo-W5H-Hojo-H. Can't find (or can't open) font file HeiseiKakuGo-W5H-Hojo-H. Didn't find this font on the system! Substituting font Courier for HeiseiKakuGo-W5H-Hojo-H. Loading a TT font from /usr/share/fonts/truetype/arphic/ukai.ttc to emulate a CID font ZenKai-Medium ... Done. Loading NimbusSanL-Regu font from /usr/share/fonts/type1/gsfonts/n019003l.pfb... 17815720 16348056 5326264 3286463 1 done. Loading NimbusSanL-Bold font from /usr/share/fonts/type1/gsfonts/n019004l.pfb... 17876896 16453460 6106584 4278370 1 done. GS>quit zsh: segmentation fault (core dumped) ghostscript iso2022.ps % % dpkg --get-selections | grep poppler libpoppler-glib8:amd64 install libpoppler19:amd64 install poppler-data install poppler-utils install ruby-poppler install % % dpkg --get-selections | grep ^cmap % % dpkg --get-selections | grep ^gsfonts gsfonts install gsfonts-other install gsfonts-x11 install % % dpkg --get-selections | grep ^fonts fonts-arphic-ukai install fonts-arphic-uming install fonts-freefont-ttf install fonts-ipaexfont-gothic install fonts-ipaexfont-mincho install fonts-ipafont-gothic install fonts-ipafont-mincho install fonts-liberation install fonts-lyx install fonts-opensymbol install fonts-unfonts-core install fonts-vlgothic install % % dpkg --get-selections | grep ^ttf ttf-bitstream-vera install ttf-dejavu-core install ttf-dejavu-extra install ttf-marvosym install % % dpkg --get-selections | grep ^xfonts xfonts-100dpi install xfonts-base install xfonts-encodings install xfonts-mathml install xfonts-scalable install xfonts-utils install %
tags 582846 - moreinfo tags 582846 + confirmed thanks Dear dai, Could you retry under gdb and get a backtrace (with ghostscript-dbg installed). Thanks Bastien
Hi,
Here is backtrace.
GS>quit
Program received signal SIGSEGV, Segmentation fault.
i_free_object (mem=<optimized out>, ptr=0x8606c8, cname=<optimized out>)
at ./base/gsalloc.c:846
846 ./base/gsalloc.c: No such file or directory.
(gdb) bt
#0 i_free_object (mem=<optimized out>, ptr=0x8606c8, cname=<optimized out>)
at ./base/gsalloc.c:846
#1 0x00002aaaaae1f849 in subst_CID_on_WMode_finalize (cmem=<optimized out>,
data=0x8606b0) at ./base/gsfcid.c:113
#2 0x00002aaaab02ccc8 in i_free_object (mem=0x6028d8, ptr=0x8606b0,
cname=<optimized out>) at ./base/gsalloc.c:846
#3 0x00002aaaaade5e69 in release_subst_CID_on_WMode (data=<optimized out>,
event=<optimized out>) at ./psi/zfcid1.c:292
#4 0x00002aaaab0482e8 in gs_notify_all (nlist=<optimized out>, event_data=0x0)
at ./base/gsnotify.c:103
#5 0x00002aaaab03b9f0 in gs_font_finalize (cmem=<optimized out>,
vptr=<optimized out>) at ./base/gsfont.c:164
#6 0x00002aaaaae80d79 in restore_finalize (mem=0x603e68) at ./psi/isave.c:933
#7 0x00002aaaaae82133 in alloc_restore_step_in (dmem=0x644fb0, save=0x82dcc8)
at ./psi/isave.c:758
#8 0x00002aaaaae82239 in alloc_restore_all (dmem=0x644fb0)
at ./psi/isave.c:869
#9 0x00002aaaaae40f51 in gs_main_finit (minst=0x602340, exit_status=0, code=0)
at ./psi/imain.c:880
#10 0x00002aaaaae442d3 in gsapi_exit (lib=<optimized out>) at ./psi/iapi.c:263
#11 0x00000000004009e4 in main (argc=<optimized out>, argv=0x7fffffffe908)
at ./psi/dxmainc.c:88
(gdb)
Till could you try to reproduce this bug on the ubuntu side and forward upstream? Thanks Bastien
I have tested ghostscript 10.02.1 on these two files and encountered no segfault.