From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2096.outbound.protection.outlook.com [40.107.236.96]) by sourceware.org (Postfix) with ESMTPS id AFFEC38708D8 for ; Tue, 23 Jun 2020 20:56:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AFFEC38708D8 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iG2a2AWveI6Z58X46UCNBJ2xa49G65S3tv7paI4uONxy5hcKAK23OxDbU1j7Np+C/n+quwhplTwizopAf/bfJzNm1+NKeBFPuKu0aOSRjRbT0o+PrE81gU/8lHbX6Vyqcj2Ui28KjjW+ZpKRLdnMl8wNNxLO2TjRyfaYMARsv4K9OK9V0zC3WMDEK2GEnZV5NhYAq2DVjTRNNu3+7aJiKuDupSZTw4hnQegwgA6HhszG7sht10+yv9c1xEBlMMWTqIMxaon99BH24Dv7LhYI86U6Z9ky1EpZUWQ85HIXBdPedL/uTG6g8gbepPTBW+QjBYJ9o2pxPUgzTbHdoMB9JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2cLBP5B+V08VlXSJ2xz0fyBXB4dcwggeqUJ5199n+kc=; b=N1s+fvSqFPT9PpVqPb3Xot0LY32lc0klYtQRmpQnxQUm/aSXobVHoe3Kavb66GfngskJnaHSn6Oy22XAIyq5rLE1Ij17byjT0Etbe4/4uWTuiL2L7aBtas8EntcwxiUQVJJU7YVEtHvahW4Siji2nuajLH5GBcjLVgeEYtCvFLB0QywqJ0R5Xa8CPR6LU3FIBKn5WjEf6i/Lp8UPYUc9tOpQvh290/VC+/89EKbxr60+5q/IKKdJyK2VsXSUKZk3NMW7BO0EJxJOnb/52ttBpgiK33XcW9zhxfhbxE50bLHoMrr2ugfTijwT4JpFUBxwE8roKqjtNNX5RoWOEOVg/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cornell.edu; dmarc=pass action=none header.from=cornell.edu; dkim=pass header.d=cornell.edu; arc=none Received: from BN8PR04MB6163.namprd04.prod.outlook.com (2603:10b6:408:5c::27) by BN8PR04MB5476.namprd04.prod.outlook.com (2603:10b6:408:58::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Tue, 23 Jun 2020 20:56:25 +0000 Received: from BN8PR04MB6163.namprd04.prod.outlook.com ([fe80::5146:e726:8398:9ca7]) by BN8PR04MB6163.namprd04.prod.outlook.com ([fe80::5146:e726:8398:9ca7%3]) with mapi id 15.20.3109.027; Tue, 23 Jun 2020 20:56:25 +0000 Subject: Re: ImageMagick maybe broken by libgs9 upgrade To: cygwin@cygwin.com References: <241354771.1752406.1592876221936.ref@mail.yahoo.com> <241354771.1752406.1592876221936@mail.yahoo.com> <92b51d45-55b5-33e1-c1c7-883094b6b09b@cornell.edu> <134f371b-8989-4ed7-2209-acc486960d65@cornell.edu> <0dd00cea6dd675142ca617d2caf5d818@mhoenicka.de> <3d65999c-c82c-0b75-925b-d799a7e8f98c@gmail.com> <18a9c001-03cc-1538-99aa-7ea87630abe5@cornell.edu> Cc: Emily From: Ken Brown Message-ID: Date: Tue, 23 Jun 2020 16:56:23 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 In-Reply-To: <18a9c001-03cc-1538-99aa-7ea87630abe5@cornell.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-ClientProxiedBy: MN2PR19CA0023.namprd19.prod.outlook.com (2603:10b6:208:178::36) To BN8PR04MB6163.namprd04.prod.outlook.com (2603:10b6:408:5c::27) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [192.168.0.17] (68.175.129.7) by MN2PR19CA0023.namprd19.prod.outlook.com (2603:10b6:208:178::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Tue, 23 Jun 2020 20:56:24 +0000 X-Originating-IP: [68.175.129.7] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8280fae5-896d-416c-aeff-08d817b7e456 X-MS-TrafficTypeDiagnostic: BN8PR04MB5476: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-Forefront-PRVS: 04433051BF X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Lcmi6NIgEjGGHTfb4G5CIvQN/rELqtUAe/wuBrnwqFN4y6dUhlKccAmDmDKQfaqJsoYyw62hdLBAy3YKFQzDbwsSifo6cMGX8Kla54KPd2ytwC4lFr9nTZffAwit8pIAgQ01lm3fjtWztwkdTCBLE2Jls5SYTjbii5WRGeOIP5WPK53benljxdZPTp0ogqb1kiTp2XPNuQELBoyO29VpRS7IAmEd0fJfkevvPRc4rl6k+NNiw3VzRkoF/FAdE1mD3KtH1a9YeTvC9Z7tcv6c9tCnjz8sL6AS73Ea8fQv2P/HgTZyLyr9DGeGJ5m7rlzh9hOzsa06jO2fIImmDQa/4JN2NVhWbSAFAoAeL20F5oyE6F/y/7N+Hd49uKs5jphV X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR04MB6163.namprd04.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(366004)(376002)(396003)(136003)(346002)(53546011)(26005)(31686004)(83380400001)(75432002)(66556008)(478600001)(66476007)(52116002)(19627235002)(16576012)(66946007)(2616005)(316002)(956004)(786003)(4326008)(2906002)(16526019)(186003)(8936002)(8676002)(6486002)(86362001)(36756003)(31696002)(6916009)(5660300002)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: oyWTiH4hgrTBirnut0ss7vJP87zqmmaa3458Uw8X1qBAwFTBu3MkBsahI0+2ti4NFF9NlIt+82PQ7yqY1egjlEVZ6VvvJAnl5/en6941zFpo+UL4JePX/4UMeilVyHnJQK2SoeC3vP/5CaUZQop+s/8obDVMcuKcSad2lX/FOYCPwYmDrWQaSeyKDUKuI6VR8klQea5biqsG2E1ADddpG3moDyITocXBSdYt9x9pPAHOhVYNcEbaTJp8HQqvrqlWDzFfGm1ySe327KhggwQ9M2zVncUd+rOitobMG7S7INWr/LDyojqVKhFC8eI1DPk+YmkEv2ZGTbe+8EIBstKboz91wv+b9PFw/h7YIL+6GmCks/gtpkl7G1DPWb9QgADhRqr7ouj9px8sdmaKHaLdn0IwhjYs1NFjB+wacBCAOdliFXZ2jfmhTt43DHuhvTScmbkLBr4GFbzZah4dZeMvwsvEB0pU79uqVQCmqgAZwW0= X-OriginatorOrg: cornell.edu X-MS-Exchange-CrossTenant-Network-Message-Id: 8280fae5-896d-416c-aeff-08d817b7e456 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jun 2020 20:56:25.3533 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 5d7e4366-1b9b-45cf-8e79-b14b27df46e1 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dbMNtLI6kxPcWrkiIU2UZG6N6kDt4ln1HveCHGwbRQqlU9wRob3XepS+YA36B5A7X7mzRE3KdCR6eBJiAp+ZkQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR04MB5476 X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_00, BODY_8BITS, DKIM_INVALID, DKIM_SIGNED, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2020 20:56:29 -0000 On 6/23/2020 2:18 PM, Ken Brown via Cygwin wrote: > On 6/23/2020 12:56 PM, Marco Atzeri via Cygwin wrote: >> On 23.06.2020 15:03, Markus Hoenicka wrote: >>> On 2020-06-23 14:15, Ken Brown via Cygwin was heard to say: >>>> On 6/23/2020 7:27 AM, Ken Brown via Cygwin wrote: >>>>> On 6/22/2020 9:37 PM, Emily via Cygwin wrote: >> >>>>>> >>>>>> But in case other ImageMagick functionality is also broken, this isn't a >>>>>> permanent solution.  I tried to downgrade libgs9, but 9.27 is no longer an >>>>>> option in setup, even after I added another mirror. >>>>> >>>>> Please provide a sample label.pdf for which you're seeing this behavior. >>>> >>>> You could also try adding the '-verbose' option to your command line >>>> to see if that gives a clue. >>>> >>>> Ken >>> >>> Hi, >>> >>> I don't know whether this helps to track down the problem, but here goes >>> anyway: I see the same crash with .ps and .eps files (unsurprisingly, as >>> these and .pdf are processed by libgs). The same conversions work with "gm >>> convert" from the GraphicsMagick package. gm is not linked against libgs, but >>> seems to invoke the gs executable instead. This does not crash, although it >>> is linked against the very same libgs. >>> >>> regards, >>> Markus >>> >> >> >> without a sample case we don't know if we need to rebuild ImageMagick >> or GS > > I found a .eps file with which I could reproduce the crash (attached), using the > OP's command line with her .pdf file replaced by the attached .eps file.  Here's > the gdb backtrace after the crash: > > Thread 1 "convert" received signal SIGSEGV, Segmentation fault. > gs_lib_ctx_init (ctx=ctx@entry=0xfffeed30, mem=mem@entry=0x8000987b0) >     at /usr/src/debug/ghostscript-9.52-2/base/gslibctx.c:269 > 269             gx_monitor_enter((gx_monitor_t *)(pio->core->monitor)); > (gdb) bt > #0  gs_lib_ctx_init (ctx=ctx@entry=0xfffeed30, mem=mem@entry=0x8000987b0) >     at /usr/src/debug/ghostscript-9.52-2/base/gslibctx.c:269 > #1  0x00000003ca37e0a3 in gs_malloc_init_with_context (ctx=0xfffeed30) >     at /usr/src/debug/ghostscript-9.52-2/base/gsmalloc.c:595 > #2  0x00000003ca439da6 in psapi_new_instance (pinstance=0xfffee938, >     caller_handle=0xfffee930) >     at /usr/src/debug/ghostscript-9.52-2/psi/psapi.c:92 > #3  0x00000003ca49e995 in gsapi_new_instance (pinstance=, >     caller_handle=) >     at /usr/src/debug/ghostscript-9.52-2/psi/iapi.c:64 > #4  0x00000003fd2f53dc in InvokePostscriptDelegate (verbose=MagickFalse, >     command=command@entry=0xfffeed30 "'gs' -sstdout=%stderr -dQUIET -dSAFER -dBAT > CH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 '-s > DEVICE=pngalpha' -dTextAlphaBits=4 -dGraphicsAlphaBits=4 '-r300x300' -g196x2"..., >  message=message@entry=0xffff3d30 "", exception=exception@entry=0x8000664a0) >     at /usr/src/debug/ImageMagick-6.9.10.11-2/coders/ps.c:237 > #5  0x00000003fd2f6234 in ReadPSImage (image_info=0x800076170, >     exception=0x8000664a0) >     at /usr/src/debug/ImageMagick-6.9.10.11-2/coders/ps.c:846 > > The crash occurs because of an attempt to access ridiculously high memory: > > (gdb) p pio->core > $8 = (gs_lib_ctx_core_t *) 0x73253d74756f6474 > > I'm looking into it. I think I've found the problem, although it will take patching and rebuilding ImageMagick (which I haven't done) to confirm that I'm right. In the ImageMagick source file coders/ps.c:237, there's a call to ghost_info->new_instance, a.k.a. gsapi_new_instance (see line 214). The documentation of the latter in the ghostscript sources (psi/iapi.c:57) says that the first argument pinstance should satisfy *pinstance == NULL in the first call to that function. But *pinstance in this call is the variable 'interpreter', defined without initialization in ps.c:191. As a result, **pinstance contains garbage, and the program eventually crashes when it tries to dereference a garbage pointer. The fix, if I'm right, is to initialize interpreter to NULL in ps.c:191. Ken