[dvipdfmx] xdvipdfmx crashes with SIGSEGV for some Chinese documents

Tue May 21 05:47:02 CEST 2019

Hi Chih-Hsuan,

Thank you for reporting and providing detailed information.

I haven’t looked into very well but there seems to be some problem in
handling erroneous data in dvipdfmx.

I will inspect it further later.

Thanks,
Shunsaku Hirata

2019-05-21 4:25 GMT+09:00, Chih-Hsuan Yen <yan12125 at gmail.com>:
> Hi,
>
> I got an SIGSEGV issue around xdvipdfmx after upgrading texlive to
> 2019.2 on Arch Linux. Specifically, the following document cannot be
> compiled with command `xelatex chinese.tex`:
>
> \documentclass{article}
> \usepackage{fontspec}
> \usepackage{xeCJK}
> \setCJKmainfont{AR PL UMing TW}
> \begin{document}
> 中文內容
> \end{document}
>
> The error message is:
>
> Error 139 (driver return code) generating output;
>
> If I use "Noto Serif CJK TC" in \setCJKmainfont, the document compiles
> fine.
>
> I managed to get a backtrace by splitting the original command into two:
>
> $ xelatex -no-pdf chinese.tex
> $ xdvipdfmx -o chinese.pdf < chinese.xdv
>
> The gdb backtrace of the second command is:
>
> #0 0x00005555555d9bf0 in add_ligature1_inverse_map
> (cmap=cmap at entry=0x555555b70960,
> used_chars=used_chars at entry=0x555555b5e010 "",
> map_base=map_base at entry=0x555555ba7750,
> map_sub=map_sub at entry=0x555555bc1f30,
> num_glyphs=num_glyphs at entry=27123,
> GIDToCIDMap=GIDToCIDMap at entry=0x555555bdc710, gid_1=40, idx=1,
> data=0x555555b5dbf0) at ../../../texk/dvipdfm-x/tt_gsub.c:1891
> #1 0x00005555555db2c6 in add_ligature1_inverse_map
> (data=0x555555b5dbf0, idx=1, gid_1=<optimized out>,
> GIDToCIDMap=0x555555bdc710, num_glyphs=27123, map_sub=0x555555bc1f30,
> map_base=0x555555ba7750, used_chars=0x555555b5e010 "",
> cmap=0x555555b70960) at ../../../texk/dvipdfm-x/tt_gsub.c:1962
> #2 add_ToUnicode_ligature (GIDToCIDMap=0x555555bdc710,
> num_glyphs=27123, map_sub=0x555555bc1f30, map_base=0x555555ba7750,
> subtab=<optimized out>, used_chars=0x555555b5e010 "",
> cmap=0x555555b70960) at ../../../texk/dvipdfm-x/tt_gsub.c:1962
> #3 otl_gsub_add_ToUnicode (cmap=cmap at entry=0x555555b70960,
> used_chars=used_chars at entry=0x555555b5e010 "",
> map_base=map_base at entry=0x555555ba7750,
> map_sub=map_sub at entry=0x555555bc1f30,
> num_glyphs=num_glyphs at entry=27123,
> GIDToCIDMap=GIDToCIDMap at entry=0x555555bdc710, sfont=0x555555b597d0) at
> ../../../texk/dvipdfm-x/tt_gsub.c:2017
> #4 0x00005555555d42b6 in create_ToUnicode_cmap
> (ttcmap=ttcmap at entry=0x555555b71960,
> cmap_name=cmap_name at entry=0x555555b717f0 "FPXCHX+UMingTW-UTF16",
> cmap_add=cmap_add at entry=0x0,
> used_chars=used_chars at entry=0x555555b6ac30 "",
> sfont=sfont at entry=0x555555b597d0) at
> ../../../texk/dvipdfm-x/tt_cmap.c:992
> #5 0x00005555555d50e0 in otf_create_ToUnicode_stream
> (font_name=0x555555b646e0 "/usr/share/fonts/TTF/uming.ttc",
> ttc_index=ttc_index at entry=2, basefont=basefont at entry=0x555555b67120
> "FPXCHX+UMingTW", used_chars=used_chars at entry=0x555555b6ac30 "") at
> ../../../texk/dvipdfm-x/tt_cmap.c:1174
> #6 0x00005555555dd98c in Type0Font_attach_ToUnicode_stream
> (font=0x555555b68810) at ../../../texk/dvipdfm-x/type0.c:328
> #7 Type0Font_dofont (font=0x555555b68810) at
> ../../../texk/dvipdfm-x/type0.c:285
> #8 Type0Font_cache_close () at ../../../texk/dvipdfm-x/type0.c:562
> #9 0x00005555555a8529 in pdf_close_fonts () at
> ../../../texk/dvipdfm-x/pdffont.c:541
> #10 0x00005555555a02fb in pdf_close_document () at
> ../../../texk/dvipdfm-x/pdfdoc.c:2584
> #11 0x0000555555568e96 in main (argc=<optimized out>, argv=<optimized
> out>) at ../../../texk/dvipdfm-x/dvipdfmx.c:1236
>
> By the way, running the same command under valgrind gives a correct PDF
> file:
>
> $ valgrind xdvipdfmx -o chinese.pdf < chinese.xdv
> ==28334== Memcheck, a memory error detector
> ==28334== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> ==28334== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright
> info
> ==28334== Command: xdvipdfmx -o chinese.pdf
> ==28334==
> stdin -> stdout
> [1]==28334== Conditional jump or move depends on uninitialised value(s)
> ==28334== at 0x18DB9B: add_ligature1_inverse_map.part.7 (tt_gsub.c:1890)
> ==28334== by 0x18F2C5: add_ligature1_inverse_map (tt_gsub.c:1885)
> ==28334== by 0x18F2C5: add_ToUnicode_ligature (tt_gsub.c:1962)
> ==28334== by 0x18F2C5: otl_gsub_add_ToUnicode (tt_gsub.c:2017)
> ==28334== by 0x1882B5: create_ToUnicode_cmap (tt_cmap.c:992)
> ==28334== by 0x1890DF: otf_create_ToUnicode_stream (tt_cmap.c:1174)
> ==28334== by 0x19198B: Type0Font_attach_ToUnicode_stream (type0.c:232)
> ==28334== by 0x19198B: Type0Font_dofont (type0.c:285)
> ==28334== by 0x19198B: Type0Font_cache_close (type0.c:562)
> ==28334== by 0x15C528: pdf_close_fonts (pdffont.c:541)
> ==28334== by 0x1542FA: pdf_close_document (pdfdoc.c:2584)
> ==28334== by 0x11CE95: main (dvipdfmx.c:1236)
> ==28334==
> ==28334== Conditional jump or move depends on uninitialised value(s)
> ==28334== at 0x18DFE5: otl_gsub_release_ligature (tt_gsub.c:751)
> ==28334== by 0x18DFE5: otl_gsub_release.part.8 (tt_gsub.c:1443)
> ==28334== by 0x18F005: otl_gsub_release (tt_gsub.c:1420)
> ==28334== by 0x18F005: otl_gsub_add_ToUnicode (tt_gsub.c:2024)
> ==28334== by 0x1882B5: create_ToUnicode_cmap (tt_cmap.c:992)
> ==28334== by 0x1890DF: otf_create_ToUnicode_stream (tt_cmap.c:1174)
> ==28334== by 0x19198B: Type0Font_attach_ToUnicode_stream (type0.c:232)
> ==28334== by 0x19198B: Type0Font_dofont (type0.c:285)
> ==28334== by 0x19198B: Type0Font_cache_close (type0.c:562)
> ==28334== by 0x15C528: pdf_close_fonts (pdffont.c:541)
> ==28334== by 0x1542FA: pdf_close_document (pdfdoc.c:2584)
> ==28334== by 0x11CE95: main (dvipdfmx.c:1236)
> ==28334==
> ==28334== Conditional jump or move depends on uninitialised value(s)
> ==28334== at 0x4839961: free (vg_replace_malloc.c:530)
> ==28334== by 0x18E041: otl_gsub_release_ligature (tt_gsub.c:757)
> ==28334== by 0x18E041: otl_gsub_release.part.8 (tt_gsub.c:1443)
> ==28334== by 0x18F005: otl_gsub_release (tt_gsub.c:1420)
> ==28334== by 0x18F005: otl_gsub_add_ToUnicode (tt_gsub.c:2024)
> ==28334== by 0x1882B5: create_ToUnicode_cmap (tt_cmap.c:992)
> ==28334== by 0x1890DF: otf_create_ToUnicode_stream (tt_cmap.c:1174)
> ==28334== by 0x19198B: Type0Font_attach_ToUnicode_stream (type0.c:232)
> ==28334== by 0x19198B: Type0Font_dofont (type0.c:285)
> ==28334== by 0x19198B: Type0Font_cache_close (type0.c:562)
> ==28334== by 0x15C528: pdf_close_fonts (pdffont.c:541)
> ==28334== by 0x1542FA: pdf_close_document (pdfdoc.c:2584)
> ==28334== by 0x11CE95: main (dvipdfmx.c:1236)
> ==28334==
>
> 11877 bytes written
> ==28334==
> ==28334== HEAP SUMMARY:
> ==28334== in use at exit: 2,200,137 bytes in 82,764 blocks
> ==28334== total heap usage: 285,807 allocs, 203,043 frees, 16,483,280
> bytes allocated
> ==28334==
> ==28334== LEAK SUMMARY:
> ==28334== definitely lost: 19,572 bytes in 733 blocks
> ==28334== indirectly lost: 3,996 bytes in 260 blocks
> ==28334== possibly lost: 0 bytes in 0 blocks
> ==28334== still reachable: 2,176,569 bytes in 81,771 blocks
> ==28334== suppressed: 0 bytes in 0 blocks
> ==28334== Rerun with --leak-check=full to see details of leaked memory
> ==28334==
> ==28334== For counts of detected and suppressed errors, rerun with: -v
> ==28334== Use --track-origins=yes to see where uninitialised values come
> from
> ==28334== ERROR SUMMARY: 168 errors from 3 contexts (suppressed: 0 from 0)
>
> On Arch Linux, the xdvipdfmx command is provided by the package
> texlive-bin, which is built from
> https://github.com/TeX-Live/texlive-source/commit/74c2495978a4a84ffae10252c0fd244f1140228e.
> Complete build script can be found at
> https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/texlive-bin.
> The fonts "AR PL UMing TW" and "Noto Serif CJK TC" are from
> https://ftp.gnome.org/mirror/cdimage/snapshot/Debian/pool/main/t/ttf-arphic-uming/ttf-arphic-uming_0.2.20080216.1.orig.tar.gz
> and https://github.com/googlefonts/noto-cjk/releases/tag/NotoSansV2.001,
> respectively.
>
> Thanks for any inputs!
>
> Chih-Hsuan Yen
>
>