[dvipdfmx] xdvipdfmx crashes with SIGSEGV for some Chinese documents

Shunsaku Hirata shunsaku.hirata74 at gmail.com
Tue May 21 23:39:22 CEST 2019 

Hi Chih-Hsuan,

I have identified the problem. Will be fixed soon.

There was a problem that dvipdfmx was wrongly handling erroneous data.
This led to uninitialized values and then accessing them caused the problem.

Thank you for reporting and kindly providing detailed information.
It was quite helpful.

Thanks,
Sunsaku Hirata

2019年5月21日(火) 12:47 Shunsaku Hirata <shunsaku.hirata74 at gmail.com>:
>
> Hi Chih-Hsuan,
>
> Thank you for reporting and providing detailed information.
>
> I haven’t looked into very well but there seems to be some problem in
> handling erroneous data in dvipdfmx.
>
> I will inspect it further later.
>
> Thanks,
> Shunsaku Hirata
>
> 2019-05-21 4:25 GMT+09:00, Chih-Hsuan Yen <yan12125 at gmail.com>:
> > Hi,
> >
> > I got an SIGSEGV issue around xdvipdfmx after upgrading texlive to
> > 2019.2 on Arch Linux. Specifically, the following document cannot be
> > compiled with command `xelatex chinese.tex`:
> >
> > \documentclass{article}
> > \usepackage{fontspec}
> > \usepackage{xeCJK}
> > \setCJKmainfont{AR PL UMing TW}
> > \begin{document}
> > 中文內容
> > \end{document}
> >
> > The error message is:
> >
> > Error 139 (driver return code) generating output;
> >
> > If I use "Noto Serif CJK TC" in \setCJKmainfont, the document compiles
> > fine.
> >
> > I managed to get a backtrace by splitting the original command into two:
> >
> > $ xelatex -no-pdf chinese.tex
> > $ xdvipdfmx -o chinese.pdf < chinese.xdv
> >
> > The gdb backtrace of the second command is:
> >
> > #0 0x00005555555d9bf0 in add_ligature1_inverse_map
> > (cmap=cmap at entry=0x555555b70960,
> > used_chars=used_chars at entry=0x555555b5e010 "",
> > map_base=map_base at entry=0x555555ba7750,
> > map_sub=map_sub at entry=0x555555bc1f30,
> > num_glyphs=num_glyphs at entry=27123,
> > GIDToCIDMap=GIDToCIDMap at entry=0x555555bdc710, gid_1=40, idx=1,
> > data=0x555555b5dbf0) at ../../../texk/dvipdfm-x/tt_gsub.c:1891
> > #1 0x00005555555db2c6 in add_ligature1_inverse_map
> > (data=0x555555b5dbf0, idx=1, gid_1=<optimized out>,
> > GIDToCIDMap=0x555555bdc710, num_glyphs=27123, map_sub=0x555555bc1f30,
> > map_base=0x555555ba7750, used_chars=0x555555b5e010 "",
> > cmap=0x555555b70960) at ../../../texk/dvipdfm-x/tt_gsub.c:1962
> > #2 add_ToUnicode_ligature (GIDToCIDMap=0x555555bdc710,
> > num_glyphs=27123, map_sub=0x555555bc1f30, map_base=0x555555ba7750,
> > subtab=<optimized out>, used_chars=0x555555b5e010 "",
> > cmap=0x555555b70960) at ../../../texk/dvipdfm-x/tt_gsub.c:1962
> > #3 otl_gsub_add_ToUnicode (cmap=cmap at entry=0x555555b70960,
> > used_chars=used_chars at entry=0x555555b5e010 "",
> > map_base=map_base at entry=0x555555ba7750,
> > map_sub=map_sub at entry=0x555555bc1f30,
> > num_glyphs=num_glyphs at entry=27123,
> > GIDToCIDMap=GIDToCIDMap at entry=0x555555bdc710, sfont=0x555555b597d0) at
> > ../../../texk/dvipdfm-x/tt_gsub.c:2017
> > #4 0x00005555555d42b6 in create_ToUnicode_cmap
> > (ttcmap=ttcmap at entry=0x555555b71960,
> > cmap_name=cmap_name at entry=0x555555b717f0 "FPXCHX+UMingTW-UTF16",
> > cmap_add=cmap_add at entry=0x0,
> > used_chars=used_chars at entry=0x555555b6ac30 "",
> > sfont=sfont at entry=0x555555b597d0) at
> > ../../../texk/dvipdfm-x/tt_cmap.c:992
> > #5 0x00005555555d50e0 in otf_create_ToUnicode_stream
> > (font_name=0x555555b646e0 "/usr/share/fonts/TTF/uming.ttc",
> > ttc_index=ttc_index at entry=2, basefont=basefont at entry=0x555555b67120
> > "FPXCHX+UMingTW", used_chars=used_chars at entry=0x555555b6ac30 "") at
> > ../../../texk/dvipdfm-x/tt_cmap.c:1174
> > #6 0x00005555555dd98c in Type0Font_attach_ToUnicode_stream
> > (font=0x555555b68810) at ../../../texk/dvipdfm-x/type0.c:328
> > #7 Type0Font_dofont (font=0x555555b68810) at
> > ../../../texk/dvipdfm-x/type0.c:285
> > #8 Type0Font_cache_close () at ../../../texk/dvipdfm-x/type0.c:562
> > #9 0x00005555555a8529 in pdf_close_fonts () at
> > ../../../texk/dvipdfm-x/pdffont.c:541
> > #10 0x00005555555a02fb in pdf_close_document () at
> > ../../../texk/dvipdfm-x/pdfdoc.c:2584
> > #11 0x0000555555568e96 in main (argc=<optimized out>, argv=<optimized
> > out>) at ../../../texk/dvipdfm-x/dvipdfmx.c:1236
> >
> > By the way, running the same command under valgrind gives a correct PDF
> > file:
> >
> > $ valgrind xdvipdfmx -o chinese.pdf < chinese.xdv
> > ==28334== Memcheck, a memory error detector
> > ==28334== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> > ==28334== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright
> > info
> > ==28334== Command: xdvipdfmx -o chinese.pdf
> > ==28334==
> > stdin -> stdout
> > [1]==28334== Conditional jump or move depends on uninitialised value(s)
> > ==28334== at 0x18DB9B: add_ligature1_inverse_map.part.7 (tt_gsub.c:1890)
> > ==28334== by 0x18F2C5: add_ligature1_inverse_map (tt_gsub.c:1885)
> > ==28334== by 0x18F2C5: add_ToUnicode_ligature (tt_gsub.c:1962)
> > ==28334== by 0x18F2C5: otl_gsub_add_ToUnicode (tt_gsub.c:2017)
> > ==28334== by 0x1882B5: create_ToUnicode_cmap (tt_cmap.c:992)
> > ==28334== by 0x1890DF: otf_create_ToUnicode_stream (tt_cmap.c:1174)
> > ==28334== by 0x19198B: Type0Font_attach_ToUnicode_stream (type0.c:232)
> > ==28334== by 0x19198B: Type0Font_dofont (type0.c:285)
> > ==28334== by 0x19198B: Type0Font_cache_close (type0.c:562)
> > ==28334== by 0x15C528: pdf_close_fonts (pdffont.c:541)
> > ==28334== by 0x1542FA: pdf_close_document (pdfdoc.c:2584)
> > ==28334== by 0x11CE95: main (dvipdfmx.c:1236)
> > ==28334==
> > ==28334== Conditional jump or move depends on uninitialised value(s)
> > ==28334== at 0x18DFE5: otl_gsub_release_ligature (tt_gsub.c:751)
> > ==28334== by 0x18DFE5: otl_gsub_release.part.8 (tt_gsub.c:1443)
> > ==28334== by 0x18F005: otl_gsub_release (tt_gsub.c:1420)
> > ==28334== by 0x18F005: otl_gsub_add_ToUnicode (tt_gsub.c:2024)
> > ==28334== by 0x1882B5: create_ToUnicode_cmap (tt_cmap.c:992)
> > ==28334== by 0x1890DF: otf_create_ToUnicode_stream (tt_cmap.c:1174)
> > ==28334== by 0x19198B: Type0Font_attach_ToUnicode_stream (type0.c:232)
> > ==28334== by 0x19198B: Type0Font_dofont (type0.c:285)
> > ==28334== by 0x19198B: Type0Font_cache_close (type0.c:562)
> > ==28334== by 0x15C528: pdf_close_fonts (pdffont.c:541)
> > ==28334== by 0x1542FA: pdf_close_document (pdfdoc.c:2584)
> > ==28334== by 0x11CE95: main (dvipdfmx.c:1236)
> > ==28334==
> > ==28334== Conditional jump or move depends on uninitialised value(s)
> > ==28334== at 0x4839961: free (vg_replace_malloc.c:530)
> > ==28334== by 0x18E041: otl_gsub_release_ligature (tt_gsub.c:757)
> > ==28334== by 0x18E041: otl_gsub_release.part.8 (tt_gsub.c:1443)
> > ==28334== by 0x18F005: otl_gsub_release (tt_gsub.c:1420)
> > ==28334== by 0x18F005: otl_gsub_add_ToUnicode (tt_gsub.c:2024)
> > ==28334== by 0x1882B5: create_ToUnicode_cmap (tt_cmap.c:992)
> > ==28334== by 0x1890DF: otf_create_ToUnicode_stream (tt_cmap.c:1174)
> > ==28334== by 0x19198B: Type0Font_attach_ToUnicode_stream (type0.c:232)
> > ==28334== by 0x19198B: Type0Font_dofont (type0.c:285)
> > ==28334== by 0x19198B: Type0Font_cache_close (type0.c:562)
> > ==28334== by 0x15C528: pdf_close_fonts (pdffont.c:541)
> > ==28334== by 0x1542FA: pdf_close_document (pdfdoc.c:2584)
> > ==28334== by 0x11CE95: main (dvipdfmx.c:1236)
> > ==28334==
> >
> > 11877 bytes written
> > ==28334==
> > ==28334== HEAP SUMMARY:
> > ==28334== in use at exit: 2,200,137 bytes in 82,764 blocks
> > ==28334== total heap usage: 285,807 allocs, 203,043 frees, 16,483,280
> > bytes allocated
> > ==28334==
> > ==28334== LEAK SUMMARY:
> > ==28334== definitely lost: 19,572 bytes in 733 blocks
> > ==28334== indirectly lost: 3,996 bytes in 260 blocks
> > ==28334== possibly lost: 0 bytes in 0 blocks
> > ==28334== still reachable: 2,176,569 bytes in 81,771 blocks
> > ==28334== suppressed: 0 bytes in 0 blocks
> > ==28334== Rerun with --leak-check=full to see details of leaked memory
> > ==28334==
> > ==28334== For counts of detected and suppressed errors, rerun with: -v
> > ==28334== Use --track-origins=yes to see where uninitialised values come
> > from
> > ==28334== ERROR SUMMARY: 168 errors from 3 contexts (suppressed: 0 from 0)
> >
> > On Arch Linux, the xdvipdfmx command is provided by the package
> > texlive-bin, which is built from
> > https://github.com/TeX-Live/texlive-source/commit/74c2495978a4a84ffae10252c0fd244f1140228e.
> > Complete build script can be found at
> > https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/texlive-bin.
> > The fonts "AR PL UMing TW" and "Noto Serif CJK TC" are from
> > https://ftp.gnome.org/mirror/cdimage/snapshot/Debian/pool/main/t/ttf-arphic-uming/ttf-arphic-uming_0.2.20080216.1.orig.tar.gz
> > and https://github.com/googlefonts/noto-cjk/releases/tag/NotoSansV2.001,
> > respectively.
> >
> > Thanks for any inputs!
> >
> > Chih-Hsuan Yen
> >
> >

More information about the dvipdfmx mailing list