pdftoraster crashed with SIGSEGV in convert8to16()

Bug #1845286 reported by Andreas Pokorny
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cups-filters (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Tried to print a pdf via an auto configured cups printer - pdftoraster crashed nothing was printed.

ProblemType: Crash
DistroRelease: Ubuntu 19.10
Package: cups-filters-core-drivers 1.25.6-0ubuntu1
ProcVersionSignature: Ubuntu 5.3.0-10.11-generic 5.3.0-rc8
Uname: Linux 5.3.0-10-generic x86_64
ApportVersion: 2.20.11-0ubuntu7
Architecture: amd64
Date: Wed Sep 25 06:49:10 2019
ExecutablePath: /usr/lib/cups/filter/pdftoraster
InstallationDate: Installed on 2018-09-06 (383 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
Lpstat:
 device for Brother_HL_L2300D_series_MacBook_de_Yasser: ///dev/null
 device for cespu_geral_MacBook_Air_de_Jo_o: ///dev/null
 device for Deskjet_3050A_J611_series_MacBook_Air: ///dev/null
 device for HP-Officejet-Pro-8620: dnssd://HP%20Officejet%20Pro%208620%20%5B794B2D%5D._ipp._tcp.local/?uuid=1c852a4d-b800-1f08-abcd-3863bb794b2d
 device for HP_Officejet_Pro_8620_794B2D_: implicitclass://HP_Officejet_Pro_8620_794B2D_/
Lsusb:
 Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
 Bus 001 Device 003: ID 04ca:7054 Lite-On Technology Corp. HP HD Camera
 Bus 001 Device 002: ID 8087:0a2b Intel Corp.
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: HP HP EliteBook 840 G3
Papersize: a4
PpdFiles:
 HP-Officejet-Pro-8620: HP Officejet Pro 8620, driverless, cups-filters 1.25.4
 HP_Officejet_Pro_8620_794B2D_: HP Officejet Pro 8620, driverless, cups-filters 1.25.6
ProcCmdline: implicitclass://HP_Officejet_Pro_8620_794B2D_/ 109 z003te9p Lauf\ gegen\ Krebs\ 2019.pdf 1 print-content-optimize=auto\ print-rendering-intent=auto\ ColorModel=DeviceGray\ Duplex=DuplexNoTumble\ MediaType=Stationery\ number-up=1\ PageSize=A4\ print-scaling=auto\ noCollate\ cupsPrintQuality=4\ job-uuid=urn:uuid:1166fa02-95cc-3560-7cd2-f256658917ad\ cups-browsed\ job-originating-host-name=localhost\ date-time-at-creation=\ date-time-at-processing=\ time-at-creation=1569386949\ time-at-processing=1569386949\ print-quality=4\ output-format=apple-raster\ Resolution=300dpi\ media-class=pwg\ page-logging=on
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.3.0-10-generic root=UUID=a8dfd19d-7ac8-43b7-bb4d-41c72407226f ro quiet splash vt.handoff=7
SegvAnalysis:
 Segfault happened at: 0x55e344d74b9b: movzbl (%rdx),%r9d
 PC (0x55e344d74b9b) ok
 source "(%rdx)" (0x55e346c168af) not located in a known VMA region (needed readable region)!
 destination "%r9d" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: cups-filters
StacktraceTop:
 ?? ()
 ?? ()
 ?? ()
 __libc_start_main (main=0x55e344d71b90, argc=6, argv=0x7ffcb779bdc8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcb779bdb8) at ../csu/libc-start.c:308
 ?? ()
Title: pdftoraster crashed with SIGSEGV in __libc_start_main()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

dmi.bios.date: 11/01/2016
dmi.bios.vendor: HP
dmi.bios.version: N75 Ver. 01.13
dmi.board.name: 8079
dmi.board.vendor: HP
dmi.board.version: KBC Version 85.74
dmi.chassis.asset.tag: 5CG7060XN6
dmi.chassis.type: 10
dmi.chassis.vendor: HP
dmi.modalias: dmi:bvnHP:bvrN75Ver.01.13:bd11/01/2016:svnHP:pnHPEliteBook840G3:pvr:rvnHP:rn8079:rvrKBCVersion85.74:cvnHP:ct10:cvr:
dmi.product.family: 103C_5336AN G=N L=BUS B=HP S=ELI
dmi.product.name: HP EliteBook 840 G3
dmi.product.sku: W0Q03EC#ABD
dmi.sys.vendor: HP
separator:

Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceSource:
 #0 0x000055e344d74b9b in convert8to16(unsigned char*, unsigned char*, unsigned int, unsigned int) ()
 #1 0x000055e344d74eb9 in convertLineChunkedSwap(unsigned char*, unsigned char*, unsigned int, unsigned int, unsigned int, unsigned int) ()
 #2 0x000055e344d73757 in main ()
StacktraceTop:
 convert8to16(unsigned char*, unsigned char*, unsigned int, unsigned int) ()
 convertLineChunkedSwap(unsigned char*, unsigned char*, unsigned int, unsigned int, unsigned int, unsigned int) ()
 main ()

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in cups-filters (Ubuntu):
importance: Undecided → Medium
summary: - pdftoraster crashed with SIGSEGV in __libc_start_main()
+ pdftoraster crashed with SIGSEGV in convert8to16()
tags: removed: need-amd64-retrace
information type: Private → Public
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Could you please attach the file which you wanted to print and also follow the instructions of the section "CUPS error_log" on https://wiki.ubuntu.com/DebuggingPrintingProblems. Reprint the job and as soon as you get the crash again, attach the error_log. Thanks.

Do all the file attachments one by one, do not compress the files and do not package them together.

Changed in cups-filters (Ubuntu):
status: New → Incomplete
Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :

cups error log while printing the file via evince

Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :

I am printing with Defaults everything but "Color Mode" = "Device Gray".
I now discovered that using "Color Mode" Color does not trigger the error.

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Your error_log did not catch any job.

Do the following:

- Make sure that CUPS is in debug logging mode.

- Print a job which causes the crash

- Wait the crash actually happen (crash report pop-up)

- Wait more 2 or 3 minutes

- Attach the error_log which you have then.

In addition, please attach the PPD file of your print queue (from /etc/cups/ppd/).

Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :

One more detail. I have two printer queues configured:

 HP-Officejet-Pro-8620: HP Officejet Pro 8620, driverless, cups-filters 1.25.4
 HP_Officejet_Pro_8620_794B2D_: HP Officejet Pro 8620, driverless, cups-filters 1.25.6

The crashes only happen with the second printer. Everything worked fine when using the queue without the _794B2D_ suffix.

Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :

I recreated the backend

Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

I succeeded to reproduce the crash on the command line. For the tests shown here I am in the source directory of the current cups-filters, having run "autogen.sh", "./configure", and "make" already.

After downloading the attached PPD file (comment #11) and the attached PDF file (comment #7) I have passed the input PDF file through pdftopdf first, with the following command line:

cat Lauf\ gegen\ Krebs\ 2019.pdf | FINAL_CONTENT_TYPE=application/pdf PPD=hp_officejet_pro_8620_794b2d_.ppd DEVICE_URI=implicitclass://hp_officejet_pro_8620_794b2d_/ PRINTER=hp_officejet_pro_8620_794b2d_ ./pdftopdf 1 1 1 1 "print-content-optimize=auto print-rendering-intent=auto ColorModel=DeviceGray Duplex=DuplexNoTumble MediaType=Stationery number-up=1 PageSize=A4 print-scaling=auto noCollate cupsPrintQuality=4 job-uuid=urn:uuid:239f990b-2e91-324e-43dc-529fedd50b88 cups-browsed job-originating-host-name=localhost date-time-at-creation= date-time-at-processing= time-at-creation=1569426096 time-at-processing=1569426096 print-quality=4 output-format=apple-raster Resolution=300dpi media-class=pwg page-logging=on" > out.pdf

I am attaching out.pdf. Note that the duplex setting makes pdftopdf add a blank page to the beginning of the file.

Now I allow core files to be written with

ulimit -c unlimited

and feed out.pdf through pdftoraster using the following command line:

cat out.pdf | FINAL_CONTENT_TYPE=application/pdf PPD=hp_officejet_pro_8620_794b2d_.ppd DEVICE_URI=implicitclass://hp_officejet_pro_8620_794b2d_/ PRINTER=hp_officejet_pro_8620_794b2d_ ./pdftoraster 1 1 1 1 "print-content-optimize=auto print-rendering-intent=auto ColorModel=DeviceGray Duplex=DuplexNoTumble MediaType=Stationery number-up=1 PageSize=A4 print-scaling=auto noCollate cupsPrintQuality=4 job-uuid=urn:uuid:239f990b-2e91-324e-43dc-529fedd50b88 cups-browsed job-originating-host-name=localhost date-time-at-creation= date-time-at-processing= time-at-creation=1569426096 time-at-processing=1569426096 print-quality=4 output-format=apple-raster Resolution=300dpi media-class=pwg page-logging=on" > out.ras

I open the resulting core file with gdb:

gdb -c core .libs/pdftoraster

Running the "bt" command within gdb gives the following backtrace:

#0 0x00005585f7910b9b in convert8to16 (
    src=0x7f7bb17aba85 <error: Cannot access memory at address 0x7f7bb17aba85>, dst=0x7ffc890ea660 "", x=<optimized out>, y=<optimized out>)
    at filter/pdftoraster.cxx:1012
#1 0x00005585f7910eb9 in convertLineChunkedSwap (
    src=src@entry=0x7f7bb17aa7c1 <error: Cannot access memory at address 0x7f7bb17aa7c1>, dst=dst@entry=0x5585f955a520 '\377' <repeats 200 times>...,
    row=row@entry=6859, plane=plane@entry=0, pixels=4805, size=<optimized out>)
    at filter/pdftoraster.cxx:1170
#2 0x00005585f790f757 in writePageImage (pageNo=2, doc=0x5585f954df10,
    raster=0x5585f954dff0) at filter/pdftoraster.cxx:1626
#3 outPage (raster=<optimized out>, pageNo=<optimized out>,
    doc=<optimized out>) at filter/pdftoraster.cxx:1884
#4 main (argc=<optimized out>, argv=<optimized out>)
    at filter/pdftoraster.cxx:2121

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

When one uses gstoraster instead of pdftoraster (is used automatically when Ghostscript is installed) then there does not occur any crash.

Changed in cups-filters (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

I have fixed the pdftoraster crash upstream. Note also that there is still a bug in the implicitclass backend which is currently worked on.

Changed in cups-filters (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

I have uploaded the pdftoraster fix plus a possible fix for implicitclass to my PPA now:

https://launchpad.net/~till-kamppeter/+archive/ubuntu/ppa/+packages

cups-filters_1.25.6+git20191002-0ubuntu1~ppa1

Anyone who suffers this problem, please test and give us feedback.

Revision history for this message
Andreas Pokorny (andreas-pokorny) wrote :

Yes upgrading with that PPA fixes the issue for me.

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Thank you very much for the feedback, the fixed cups-filters version (1.25.7) is on its way to Eoan now.

Changed in cups-filters (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-filters - 1.25.7-0ubuntu1

---------------
cups-filters (1.25.7-0ubuntu1) eoan; urgency=medium

  * New upstream bug fix release
    - Several bug fixes in pdftoraster (crash, monochrome jobs, ...,
      LP: #1845286)
    - Fixes on printing intp queues generated by cups-browsed, especially
      also Apple Raster output (LP: #1845286)
    - Crash in implicitclass backend (LP: #1845548, upstream issue #162).
    - Added 1 new symbol to libcupsfilters1

 -- Till Kamppeter <email address hidden> Mon, 07 Oct 2019 16:38:58 +0200

Changed in cups-filters (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.