ghostscript SIGSEGV in _mm_xor_si128
Tested on Alpine 3.5/edge (ghostscript-9.20/9.21)
Certain PDFs make gs to segfault:
/usr/bin/gs -q -sDEVICE=tiffg4 -dNOPAUSE -dSAFER=true -sPAPERSIZE=letter -dFIXMEDIA -dMaxStripSize=0 -dBATCH -r203.29x196 -sOutputFile=no.out OCRPDF.pdf
GNU gdb (GDB) 7.12
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/gs...Reading symbols from /usr/lib/debug//usr/bin/gs.debug...done.
done.
[New LWP 4023]
warning: Can't read pathname for load map: No error information.
Core was generated by `/usr/bin/gs -q -sDEVICE=tiffg4 -dNOPAUSE -dSAFER=true -sPAPERSIZE=letter -dFIXM'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 _mm_xor_si128 (__B=..., __A=...) at /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/include/emmintrin.h:1288
1288 return (__m128i) ((__v2du)__A ^ (__v2du)__B);
(gdb) bt
#0 _mm_xor_si128 (__B=..., __A=...) at /usr/lib/gcc/x86_64-alpine-linux-musl/6.3.0/include/emmintrin.h:1288
#1 threshold_16_SSE (
contone_ptr=contone_ptr@entry=0x7f44037eef38 '\377' <repeats 64 times>, "\352:u\021\036\221\357\213\300\344\006\250\255\001",
thresh_ptr=thresh_ptr@entry=0x1ada7e6f770 "=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032\336s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020WΟ1%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%eJ=\a\032"..., ht_data=ht_data@entry=0x1ada7e91808 "") at ./base/gxht_thresh.c:141
#2 0x000001ada64f33cb in gx_ht_threshold_landscape (contone_align=<optimized out>, thresh_align=<optimized out>,
ht_landscape=<optimized out>, halftone=<optimized out>, data_length=<optimized out>) at ./base/gxht_thresh.c:560
#3 0x000001ada64f3f02 in gxht_thresh_planes (penum=penum@entry=0x1ada7e47548, xrun=xrun@entry=551936,
dest_width=dest_width@entry=1728, dest_height=dest_height@entry=2156,
thresh_align=0x1ada7e6f770 "=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032J=\a\032\336s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020W\316\357\201s\020WΟ1%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%e\220\257\237\061%eJ=\a\032"...,
dev=dev@entry=0x1ada7e95c88, offset_contone=0x7f44037ef178, contone_stride=2176) at ./base/gxht_thresh.c:1065
#4 0x000001ada6320c7c in image_render_color_thresh (penum_orig=0x1ada7e47548, buffer=<optimized out>, data_x=<optimized out>,
w=6600, h=<optimized out>, dev=0x1ada7e95c88) at ./base/gxicolor.c:854
#5 0x000001ada64f4eb7 in gx_image1_plane_data (info=0x1ada7e47548, planes=0x1ada7e96ef8, height=<optimized out>,
rows_used=0x7f44037efa64) at ./base/gxidata.c:211
#6 0x000001ada64c6e37 in gs_image_next_planes (penum=penum@entry=0x1ada7e96418, plane_data=plane_data@entry=0x7f44037efbe0,
used=used@entry=0x7f44037efadc) at ./base/gsimage.c:611
#7 0x000001ada6574122 in image_file_continue (i_ctx_p=0x1ada7af2610) at ./psi/zimage.c:572
#8 0x000001ada654bb26 in interp (pi_ctx_p=pi_ctx_p@entry=0x1ada7aa3350, pref=<optimized out>,
perror_object=perror_object@entry=0x7f44037f0938) at ./psi/interp.c:1201
#9 0x000001ada654cb79 in gs_call_interp (perror_object=0x7f44037f0938, pexit_code=0x7f44037f0934, user_errors=1,
pref=0x7f44037f08d8, pi_ctx_p=0x1ada7aa3350) at ./psi/interp.c:511
#10 gs_interpret (pi_ctx_p=0x1ada7aa3350, pref=pref@entry=0x7f44037f0908, user_errors=1, pexit_code=0x7f44037f0934,
perror_object=<optimized out>) at ./psi/interp.c:468
#11 0x000001ada6542f5f in gs_main_interpret (perror_object=<optimized out>, pexit_code=<optimized out>, user_errors=<optimized out>,
pref=0x7f44037f0908, minst=<optimized out>) at ./psi/imain.c:243
#12 gs_main_run_string_end (minst=<optimized out>, user_errors=<optimized out>, pexit_code=<optimized out>,
perror_object=<optimized out>) at ./psi/imain.c:661
#13 0x000001ada65446cc in run_string (minst=minst@entry=0x1ada7aa32b0, str=str@entry=0x1ada7b7aef0 "<4f43525044462e706466>.runfile",
options=options@entry=3) at ./psi/imainarg.c:979
#14 0x000001ada6544888 in runarg (minst=0x1ada7aa32b0, pre=0x1ada661f03d "", arg=<optimized out>, post=0x1ada663bae3 ".runfile",
options=3) at ./psi/imainarg.c:969
#15 0x000001ada6545c89 in gs_main_init_with_args (minst=0x1ada7aa32b0, argc=12, argv=0x7f44037f1478) at ./psi/imainarg.c:238
#16 0x000001ada62f95c7 in main (argc=12, argv=0x7f44037f1478) at ./psi/gs.c:96
(gdb) quit
Can’t replicate the issue on an Ubuntu system (Xenial) with ghostscript-9.18.
(from redmine: issue id 7138, created on 2017-04-13, closed on 2017-05-22)
- Changesets:
- Revision 6784f21b by Timo Teräs on 2017-04-13T10:46:31Z:
main/ghostscript: fix sse variable alignment
fixes #7138
- Revision cacfa77e by Timo Teräs on 2017-04-13T10:52:24Z:
main/ghostscript: fix sse variable alignment
fixes #7138
(cherry picked from commit 6784f21b55402e44a5da70ef16912bb19a28bd62)
- Revision 92dad35a by Timo Teräs on 2017-04-14T14:19:15Z:
main/ghostscript: fix sse variable alignment
fixes #7138
(cherry picked from commit 6784f21b55402e44a5da70ef16912bb19a28bd62)
- Revision 22d05538 by Timo Teräs on 2017-04-14T18:56:07Z:
main/ghostscript: fix sse variable alignment
fixes #7138
(cherry picked from commit 6784f21b55402e44a5da70ef16912bb19a28bd62)
- Revision 65e89ddb by Timo Teräs on 2017-04-14T19:21:42Z:
main/ghostscript: fix sse variable alignment
fixes #7138
(cherry picked from commit 6784f21b55402e44a5da70ef16912bb19a28bd62)