michaelrsweet
commented
20 years ago CUPS.org User: mike
Added Till and Werner to the notification list...
Closed michaelrsweet closed 20 years ago
michaelrsweet
commented
20 years ago CUPS.org User: mike
Added Till and Werner to the notification list...
michaelrsweet
commented
20 years ago CUPS.org User: mike
Please try the attached patch (commited to CVS for the next release candidate...) and let me know if you still have problems.
michaelrsweet
commented
20 years ago CUPS.org User: werner.suse
chroot:/# gs -dNOPAUSE -sDEVICE=cups -sOutputFile=/tmp/cups.prn \
/usr/share/doc/packages/ghostscript/examples/colorcir.ps quit.ps ESP Ghostscript 7.07 (2003-07-12) Copyright 2003 artofcode LLC and Easy Software Products, all rights reserved. This software comes with NO WARRANTY: see the file COPYING for details. DEBUG2: lut_rgb_color[0] = 0 DEBUG2: lut_rgb_color[32768] = 1 DEBUG: num_components = 1, depth = 1 DEBUG: cupsColorSpace = 3, cupsColorOrder = 0 DEBUG: cupsBitsPerPixel = 1, cupsBitsPerColor = 1 DEBUG: max_gray = 1, dither_grays = 2 DEBUG: max_color = 0, dither_colors = 0 DEBUG: Updating PageSize to [595 842]... DEBUG: old_depth = 1, depth = 1, size_set = 1 DEBUG: Reallocating memory, [595 842] = 826x1169 pixels... Segmentation fault
michaelrsweet
commented
20 years ago CUPS.org User: mike
Well, it doesn't crash for me with RedHat GCC 2.96; trying with SuSE on another system in the lab...
michaelrsweet
commented
20 years ago CUPS.org User: mike
Also doesn't crash when compiled with GCC 3.1...
michaelrsweet
commented
20 years ago CUPS.org User: werner.suse
Please give gcc 3.2 and 3.3 a try. gs definitly crashs here with default paper size A4 (the international default paper size) and colorcir.ps as example.
michaelrsweet
commented
20 years ago CUPS.org User: till.kamppeter
I am on Mandrake's Cooker (the future Mandrake 9.2) with gcc 3.3.1. I do not get a segfault when I stay with the default paper size Letter, but I get one when I specify "-sPAPERSIZE=a4":
[root@majax g]# gcc --version gcc (GCC) 3.3.1 (Mandrake Linux 9.2 3.3.1-1mdk) Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
[root@majax g]# gs -dNOPAUSE -sDEVICE=cups -sOutputFile=/tmp/cups.prn /usr/share/ghostscript/7.07/examples/colorcir.ps quit.ps ESP Ghostscript 7.07 (2003-07-12) Copyright 2003 artofcode LLC and Easy Software Products, all rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. DEBUG2: lut_rgb_color[0] = 0 DEBUG2: lut_rgb_color[32768] = 1 DEBUG: num_components = 1, depth = 1 DEBUG: cupsColorSpace = 3, cupsColorOrder = 0 DEBUG: cupsBitsPerPixel = 1, cupsBitsPerColor = 1 DEBUG: max_gray = 1, dither_grays = 2 DEBUG: max_color = 0, dither_colors = 0 DEBUG: old_depth = 1, depth = 1, size_set = 0 INFO: Processing page 1... DEBUG: cache_size = 8388608 DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 1 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 1 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 1 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 1 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 1 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 1 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] Loading NimbusRomNo9L-Regu font from /usr/share/fonts/default/Type1/n021003l.pfb... 2142768 781622 1642520 344285 1 done. DEBUG: cups_print_chunked - flip = 0, height = 1100 INFO: Processing page 2... DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 2 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ] DEBUG: cups->header.Duplex = 0 DEBUG: cups->page = 2 DEBUG: width = 850, height = 1100 DEBUG: PageSize = [ 612 792 ], HWResolution = [ 100 100 ] DEBUG: HWMargins = [ 0.000 0.000 0.000 0.000 ] DEBUG: matrix = [ 1.389 0.000 0.000 -1.389 -0.000 1100.000 ]
[root@majax g]# ll /tmp/cups.prn -rw-r--r-- 1 root root 118124 Aug 27 19:01 /tmp/cups.prn
[root@majax g]# gs -dNOPAUSE -sDEVICE=cups -sPAPERSIZE=a4 -sOutputFile=/tmp/cups.prn /usr/share/ghostscript/7.07/examples/colorcir.ps quit.ps ESP Ghostscript 7.07 (2003-07-12) Copyright 2003 artofcode LLC and Easy Software Products, all rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. DEBUG2: lut_rgb_color[0] = 0 DEBUG2: lut_rgb_color[32768] = 1 DEBUG: num_components = 1, depth = 1 DEBUG: cupsColorSpace = 3, cupsColorOrder = 0 DEBUG: cupsBitsPerPixel = 1, cupsBitsPerColor = 1 DEBUG: max_gray = 1, dither_grays = 2 DEBUG: max_color = 0, dither_colors = 0 DEBUG: Updating PageSize to [595 842]... DEBUG: old_depth = 1, depth = 1, size_set = 1 DEBUG: Reallocating memory, [595 842] = 826x1169 pixels... Segmentation fault
michaelrsweet
commented
20 years ago CUPS.org User: mike
I am able to get a segfault on all systems with -sPAPERSIZE=a4; there was a previous STR about this (will look into it) and the problem was not in the CUPS driver but elsewhere in Ghostscript's internals. Might be that the update to 7.07 has reverted that fix...
michaelrsweet
commented
20 years ago CUPS.org User: werner.suse
I'm using this patch since 2002/08/30 (ESP Ghostscript 7.05.3)
michaelrsweet
commented
20 years ago CUPS.org User: mike
I understand, however the patch is incorrect and will result in incorrect output and possible crashing because the color depth will likely be wrong for anything but the CUPS sample drivers.
michaelrsweet
commented
20 years ago CUPS.org User: mike
[Added Jeff Licquia to the notification list - Jeff, this is the same problem you were having a while back - fixed, I hope!]
OK, I believe I have found the problem - the gdev_prn_reallocate_memory() function doesn't do the "is_open" check that the "maybe" function does.
I've attached an updated patch against 7.07.1rc1 that fixes the problem and so setting the initial PAGESIZE or DEVICE(WIDTH|HEIGHT) values will not crash Ghostscript when using the CUPS driver.
Please let me know how you make out...
michaelrsweet
commented
20 years ago CUPS.org User: till.kamppeter
I have downloaded the current CVS and rebuilt the Mandrake RPM of GhostScript with it. I tried again with the new GhostScript and there is no segfault any more. So at least for Mandrake's Cooker the bug seems to be fixed.
michaelrsweet
commented
20 years ago CUPS.org User: werner.suse
Last patch results in working gs. No crash anymore :-)
michaelrsweet
commented
20 years ago CUPS.org User: mike
OK, I'll close this out and release 7.07.1rc2 today. Thanks for letting me know the results of your testing!
michaelrsweet
commented
20 years ago "str246.patch":
RCS file: /cvsroot/espgs/espgs/pstoraster/gdevcups.c,v retrieving revision 1.13 diff -u -r1.13 gdevcups.c --- gdevcups.c 20 Aug 2003 15:14:38 -0000 1.13 +++ gdevcups.c 26 Aug 2003 21:16:54 -0000 @@ -1935,6 +1935,8 @@ int olddepth; /* Old color depth / int sizeset; / Was the size set? _/ gdev_prn_spaceparams sp; / Space parameter data */
height; /* New height of page */@@ -2228,26 +2230,25 @@
if (cups->landscape) {
pdev->HWResolution[1] / 72.0f + 0.499f;}
fprintf(stderr, "DEBUG: Reallocating memory, [%.0f %.0f] = %dx%d pixels...\n",
pdev->MediaSize[0], pdev->MediaSize[1], width, height);sp = ((gx_device_printer *)pdev)->space_params;
michaelrsweet
commented
20 years ago "str246v2.patch":
RCS file: /cvsroot/espgs/espgs/pstoraster/gdevcups.c,v retrieving revision 1.11 diff -u -r1.11 gdevcups.c --- gdevcups.c 13 Jul 2003 13:03:59 -0000 1.11 +++ gdevcups.c 27 Aug 2003 17:52:00 -0000 @@ -1935,6 +1935,8 @@ int olddepth; /* Old color depth / int sizeset; / Was the size set? _/ gdev_prn_spaceparams sp; / Space parameter data */
height; /* New height of page */@@ -2228,27 +2230,49 @@
if (cups->landscape) {
pdev->HWResolution[1] / 72.0f + 0.499f;}
*/ pdev->MediaSize[0], pdev->MediaSize[1], width, height);} }
Version: 7.07.1rc1 CUPS.org User: mike
The CUPS driver calls gdev_prn_reallocate_memory() after changing the width and height in the device; this can cause the function to free more storage than was originally allocated, crashing the program.
Werner from SuSE supplied a patch that used gdev_prn_maybe_reallocate_memory(), however that function does not take the color depth into account and is therefore unusable.