Submit #34855: When PCL is converted to PDF in Ghostscript, improper release of objects causes hanginginfo

TitleWhen PCL is converted to PDF in Ghostscript, improper release of objects causes hanging
DescriptionProject vendor:https://www.ghostscript.com/releases/index.html OS:ubuntu 21.10 Software Version: 9.55.0 POC Link:https://bugs.ghostscript.com/attachment.cgi?id=22323 Command: ./gpcl6 -q -o out.pdf "-sDEVICE=pdfwrite" example.pcl In gsmchunk.c, the chunk_free_object function was suspended due to improper object release ==2125075==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x000000b35e68 bp 0x6310005e5118 sp 0x7fffffffd260 T0) ==2125075==The signal is caused by a READ memory access. ==2125075==Hint: address points to the zero page. #0 0xb35e68 in CMP_SIZE /home/user/ghostpdl-9.55.0/./base/gsmchunk.c:423:12 #1 0xb35e68 in remove_free_size /home/user/ghostpdl-9.55.0/./base/gsmchunk.c:696:13 #2 0xb35e68 in chunk_free_object /home/user/ghostpdl-9.55.0/./base/gsmchunk.c:1244:13 #3 0x2adfedd in free_pjl_environment /home/user/ghostpdl-9.55.0/./pcl/pl/pjparse.c:1733:9 #4 0x2adfedd in pjl_set_init_from_defaults /home/user/ghostpdl-9.55.0/./pcl/pl/pjparse.c:1189:16 #5 0x2be7e9b in revert_to_pjli /home/user/ghostpdl-9.55.0/./pcl/pl/plmain.c:391:12 #6 0x2be7e9b in pl_main_run_file_utf8 /home/user/ghostpdl-9.55.0/./pcl/pl/plmain.c:1026:13 #7 0x2be2f28 in pl_main_process_options /home/user/ghostpdl-9.55.0/./pcl/pl/plmain.c:2875:24 #8 0x2be2f28 in pl_main_init_with_args /home/user/ghostpdl-9.55.0/./pcl/pl/plmain.c:327:12 #9 0x2bdee93 in main /home/user/ghostpdl-9.55.0/./pcl/pl/realmain.c:35:12 #10 0x7ffff798ffcf in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #11 0x7ffff799007c in __libc_start_main csu/../csu/libc-start.c:409:3 #12 0x51b994 in _start (/home/user/ghostpdl/bin/gpcl6+0x51b994) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/user/ghostpdl-9.55.0/./base/gsmchunk.c:423:12 in CMP_SIZE ==2125075==ABORTING Private report link : https://bugs.ghostscript.com/show_bug.cgi?id=705156 Status: RESOLVED FIXED https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e1134d375e2c https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2dbc87e52c59
Source⚠️ https://bugs.ghostscript.com/show_bug.cgi?id=705156
User
 patchkey (UID 25647)
Submission04/14/2022 04:40 (4 years ago)
Moderation04/14/2022 07:18 (3 hours later)
StatusAccepted
VulDB entry197290 [GhostPCL 9.55.0 gsmchunk.c chunk_free_object memory corruption]
Points17

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!