Hi,
I found out where ghostscript crashed.
So, I modify random shot and it does not crash.
But I do not know what original and modified line means.
Here is debug built ghostscript's execution log.
d...@qemu-i386:~$ ./src/ghostscript-8.71~dfsg2/debugobj/gs -Z^ -dSAFER -dBATCH
-dNOPAUSE iso2022.ps > log 2>&1
セグメンテーション違反です (core dumped)
d...@qemu-i386:~$ grep gs_subst_CID_on_WMode log
Loading a TT font from /usr/share/fonts/truetype/ttf-japanese-mincho.ttf to
emulate a CID font Japanese-Mincho-Regular ... Done.[^]gs_subst_CID_on_WMode
0xa1bae80 init = 1
[^]gs_subst_CID_on_WMode 0xa1bae80 ++ => 2
[^]gs_subst_CID_on_WMode 0xa1326a4 init = 1
[^]gs_subst_CID_on_WMode 0xa1326a4 ++ => 2
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 3
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 4
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 5
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 6
Loading a TT [^]gs_subst_CID_on_WMode 0xa132538 ++ => 7
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 8
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 9
[^]gs_subst_CID_on_WMode 0xa132538 ++ => 10
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 8
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 6
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 4
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 2
[^]gs_subst_CID_on_WMode 0xa132538 -2 => 0
[^]gs_subst_CID_on_WMode 0xa132538 => free (release_subst_CID_on_WMode)
d...@qemu-i386:~$
I suspect that -2 is over subtraction, but no reason.
So, I modify release_subst_CID_on_WMode in ghostscript-8.71~dfsg/psi/zfcid1.c.
diff -urNp ghostscript-8.71~dfsg2/psi/zfcid1.c.orig
ghostscript-8.71~dfsg2/psi/zfcid1.c
--- ghostscript-8.71~dfsg2/psi/zfcid1.c.orig 2009-12-06 04:21:42.000000000
+0900
+++ ghostscript-8.71~dfsg2/psi/zfcid1.c 2010-05-28 18:03:53.000000000 +0900
@@ -291,7 +291,7 @@ release_subst_CID_on_WMode(void *data, v
gs_font_notify_unregister((gs_font *)pfcid, release_subst_CID_on_WMode,
data);
pfcid->subst_CID_on_WMode = NULL;
- rc_adjust(subst, -2, "release_subst_CID_on_WMode");
+ rc_adjust(subst, -1, "release_subst_CID_on_WMode");
return 0;
}
Then, Here is modify ghostscript's execution log.
d...@qemu-i386:~$ ./src/ghostscript-8.71~dfsg2/debugobj/gs -Z^ -dSAFER -dBATCH
-dNOPAUSE iso2022.ps > log 2>&1
d...@qemu-i386:~$ grep gs_subst_CID_on_WMode log
Loading a TT font from /usr/share/fonts/truetype/ttf-japanese-mincho.ttf to
emulate a CID font Japanese-Mincho-Regular ... Done.[^]gs_subst_CID_on_WMode
0x8ff7e80 init = 1
[^]gs_subst_CID_on_WMode 0x8ff7e80 ++ => 2
[^]gs_subst_CID_on_WMode 0x8f6f6a4 init = 1
[^]gs_subst_CID_on_WMode 0x8f6f6a4 ++ => 2
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 3
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 4
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 5
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 6
Loading a TT [^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 7
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 8
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 9
[^]gs_subst_CID_on_WMode 0x8f6f538 ++ => 10
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 9
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 8
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 7
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 6
[^]gs_subst_CID_on_WMode 0x8f6f538 -1 => 5
[^]gs_subst_CID_on_WMode 0x8ff7e80 -1 => 1
d...@qemu-i386:~$
It does not crash.
But I do not know whether it is correct and
why original code is not -1 but -2.
This code was introduced about 1.5 years ago.
http://bugs.ghostscript.com/show_bug.cgi?id=689304
http://ghostscript.com/pipermail/gs-cvs/2008-November/008789.html
Should I ask this bug to upstream?
--
Regards,
dai
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
