https://bugzilla.novell.com/show_bug.cgi?id=782737 https://bugzilla.novell.com/show_bug.cgi?id=782737#c0 Summary: ghostscript crash due to NULL dereference Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Printing AssignedTo: jsmeix@suse.com ReportedBy: jengelh@inai.de QAContact: jsmeix@suse.com Found By: Beta-Customer Blocker: --- Created an attachment (id=507661) --> (http://bugzilla.novell.com/attachment.cgi?id=507661) test file I have here a (yummy) testfile that makes gs-9.05 crash. $ gs -dBATCH -dNOPAUSE -sDEVICE=ppm -r300 -sOutputFile=/tmp/pdx gts.pdf GPL Ghostscript 9.05 (2012-02-08) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Processing pages 1 through 2. Page 1 Page 2 Segmentation fault When switching to -r200, the crash does not occur. The crash also occurs with other types of DEVICEs like pgm and hpijs, when using -r300. Program received signal SIGSEGV, Segmentation fault. gx_pattern_size_estimate (pinst=pinst@entry=0x0, has_tags=has_tags@entry=0) at base/gxpcmap.c:216 216 int depth = (pinst->templat.PaintType == 2 ? 1 : tdev->color_info.depth); (gdb) bt #0 gx_pattern_size_estimate (pinst=pinst@entry=0x0, has_tags=has_tags@entry=0) at base/gxpcmap.c:216 #1 0x00000000004eef59 in gx_pattern_load (pdc=pdc@entry=0x7fffffff84b0, pis=pis@entry=0x7fffffff6e70, dev=dev@entry=0x2511538, select=select@entry=gs_color_select_texture) at base/gxpcmap.c:1278 #2 0x00000000004e93a0 in gx_dc_pattern_load (pdevc=0x7fffffff84b0, pis=0x7fffffff6e70, dev=0x2511538, select=gs_color_select_texture) at base/gsptype1.c:1219 #3 0x000000000066dc12 in clist_playback_band ( playback_action=playback_action@entry=playback_action_render, cdev=cdev@entry=0x1117898, s=s@entry=0x7fffffff9860, target=0x2511538, target@entry=0x127ee88, x0=x0@entry=0, y0=y0@entry=0, mem=mem@entry=0x109b5a8) at base/gxclrast.c:1710 #4 0x000000000066f05f in clist_playback_file_bands ( action=action@entry=playback_action_render, crdev=crdev@entry=0x1117898, page_info=<optimized out>, target=target@entry=0x127ee88, band_first=band_first@entry=0, band_last=band_last@entry=0, x0=0, y0=0) at base/gxclread.c:852 #5 0x000000000066f26e in clist_render_rectangle (cldev=cldev@entry=0x1117898, prect=prect@entry=0x7fffffffbcc0, bdev=0x127ee88, render_plane=render_plane@entry=0x7fffffffbd60, clear=clear@entry=1) at base/gxclread.c:781 #6 0x000000000066f46a in clist_rasterize_lines (dev=dev@entry=0x1117898, y=y@entry=0, line_count=<optimized out>, bdev=<optimized out>, ---Type <return> to continue, or q <return> to quit--- render_plane=render_plane@entry=0x7fffffffbd60, pmy=pmy@entry=0x7fffffffbd54) at base/gxclread.c:693 #7 0x000000000066f7d9 in clist_get_bits_rectangle (dev=dev@entry=0x1117898, prect=prect@entry=0x7fffffffc160, params=params@entry=0x7fffffffc170, unread=unread@entry=0x0) at base/gxclread.c:584 #8 0x00000000006827d3 in clist_get_bits_rect_mt (dev=0x1117898, prect=<optimized out>, params=<optimized out>, unread=0x0) at base/gxclthrd.c:547 #9 0x0000000000842291 in gx_default_get_bits (dev=0x1117898, y=<optimized out>, data=<optimized out>, actual_data=0x7fffffffc308) at base/gdevdgbr.c:52 #10 0x0000000000661947 in gdev_prn_get_bits (pdev=pdev@entry=0x1117898, y=y@entry=0, str=str@entry=0x14c58b8 "\032", actual_data=actual_data@entry=0x7fffffffc308) at base/gdevprn.c:1230 #11 0x00000000006c6da7 in pbm_print_page_loop (pdev=0x1117898, magic=51 '3', pstream=0x142b5b0, row_proc=0x6c78c0 <ppm_print_row>) at base/gdevpbm.c:720 #12 0x0000000000661d73 in gdev_prn_output_page (pdev=pdev@entry=0x1117898, num_copies=1, flush=flush@entry=1) at base/gdevprn.c:773 #13 0x00000000006c6b98 in ppm_output_page (pdev=0x1117898, num_copies=<optimized out>, flush=1) at base/gdevpbm.c:276 #14 0x0000000000844b06 in gx_forward_output_page (dev=0x1824608, num_copies=<optimized out>, flush=<optimized out>) at base/gdevnfwd.c:176 #15 0x00000000005288f0 in zoutputpage (i_ctx_p=0x10dbbc8) at psi/zdevice.c:355 #16 0x00000000004fa5bf in interp (pi_ctx_p=pi_ctx_p@entry=0x1099ad8, ---Type <return> to continue, or q <return> to quit--- pref=<optimized out>, perror_object=perror_object@entry=0x7fffffffd220) at psi/interp.c:1163 #17 0x00000000004fbadb in gs_call_interp (perror_object=0x7fffffffd220, pexit_code=0x7fffffffd21c, user_errors=1, pref=<optimized out>, pi_ctx_p=0x1099ad8) at psi/interp.c:490 #18 gs_interpret (pi_ctx_p=pi_ctx_p@entry=0x1099ad8, pref=pref@entry=0x7fffffffd1f0, user_errors=1, pexit_code=pexit_code@entry=0x7fffffffd21c, perror_object=perror_object@entry=0x7fffffffd220) at psi/interp.c:448 #19 0x00000000004eff0e in gs_main_interpret (minst=minst@entry=0x1099a40, pref=pref@entry=0x7fffffffd1f0, user_errors=<optimized out>, pexit_code=pexit_code@entry=0x7fffffffd21c, perror_object=perror_object@entry=0x7fffffffd220) at psi/imain.c:239 #20 0x00000000004f0c0a in gs_main_run_string_end (minst=minst@entry=0x1099a40, user_errors=<optimized out>, pexit_code=pexit_code@entry=0x7fffffffd21c, perror_object=perror_object@entry=0x7fffffffd220) at psi/imain.c:605 #21 0x00000000004f0cca in gs_main_run_string_with_length ( minst=minst@entry=0x1099a40, str=str@entry=0x1119740 "<6774732e706466>.runfile", length=<optimized out>, user_errors=<optimized out>, pexit_code=pexit_code@entry=0x7fffffffd21c, perror_object=perror_object@entry=0x7fffffffd220) at psi/imain.c:563 #22 0x00000000004f0d36 in gs_main_run_string (minst=minst@entry=0x1099a40, str=str@entry=0x1119740 "<6774732e706466>.runfile", ---Type <return> to continue, or q <return> to quit--- user_errors=<optimized out>, pexit_code=pexit_code@entry=0x7fffffffd21c, perror_object=perror_object@entry=0x7fffffffd220) at psi/imain.c:545 #23 0x00000000004f212f in run_string (minst=minst@entry=0x1099a40, str=str@entry=0x1119740 "<6774732e706466>.runfile", options=options@entry=3) at psi/imainarg.c:833 #24 0x00000000004f22b1 in runarg (minst=0x1099a40, pre=0x92557d "", arg=<optimized out>, post=0x8655bf ".runfile", options=3) at psi/imainarg.c:824 #25 0x00000000004f38ef in gs_main_init_with_args (minst=minst@entry=0x1099a40, argc=argc@entry=7, argv=argv@entry=0x7fffffffddc8) at psi/imainarg.c:224 #26 0x000000000046afc4 in main (argc=7, argv=0x7fffffffddc8) at psi/gs.c:94 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.