diff --git a/CHANGELOG.md b/CHANGELOG.md index 5303ba2b994c1f906665406f04c4624038ea0927..9ed978b7257983a07a78172c8953d6d6f037c869 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Segfault in dot #1783 - Incorrect 'Arrow type "s" unknown' error #1444 - segfault on reading 0x10 #1724 +- Null-dereference READ (144736912) #1676 ## [2.44.1] - 2020-06-29 diff --git a/lib/common/labels.c b/lib/common/labels.c index d2fab01762fe4b655d48421fb7ffcdb5e666e2b8..e46c3955c669b9c3b65b9e5676a2cce6b85aee91 100644 --- a/lib/common/labels.c +++ b/lib/common/labels.c @@ -365,7 +365,19 @@ static char *strdup_and_subst_obj0 (char *str, void *obj, int escBackslash) newlen += n_len; break; case 'E': - newlen += e_len; + if (isEdge) { + newlen += t_len; + if (tp_len) { + newlen++; + newlen += tp_len; + } + newlen += e_len; + newlen += h_len;; + if (hp_len) { + newlen++; + newlen += hp_len; + } + } break; case 'H': newlen += h_len; diff --git a/lib/dotgen/rank.c b/lib/dotgen/rank.c index 8c26d907bcd510dfd84d318159f0c60d169a02ba..e8b721d7d52ed822f52db4dcc50a4cbc5a6472ba 100644 --- a/lib/dotgen/rank.c +++ b/lib/dotgen/rank.c @@ -836,13 +836,17 @@ static void compile_samerank(graph_t * ug, graph_t * parent_clust) GD_has_sourcerank(clust) = TRUE; /* fall through */ case MINRANK: leader = union_all(ug); - GD_minrep(clust) = union_one(leader, GD_minrep(clust)); + if (clust != NULL) { + GD_minrep(clust) = union_one(leader, GD_minrep(clust)); + } break; case SINKRANK: GD_has_sinkrank(clust) = TRUE; /* fall through */ case MAXRANK: leader = union_all(ug); - GD_maxrep(clust) = union_one(leader, GD_maxrep(clust)); + if (clust != NULL) { + GD_maxrep(clust) = union_one(leader, GD_maxrep(clust)); + } break; case SAMERANK: leader = union_all(ug); diff --git a/rtest/1676.dot b/rtest/1676.dot new file mode 100644 index 0000000000000000000000000000000000000000..4a687dac1f3437860cffc49bdb9fa6ad53be7e8c --- /dev/null +++ b/rtest/1676.dot @@ -0,0 +1,10 @@ +digraph G{ +eoe =0nnodeÏĊ‘ + newrank= +RD; noArtG_dba->iĵq_b˙˙ + ,zWdic->‘,UTF-8qdic->n:i; noArtG_dba->iĵq_b˙˙ + ,zWdic->‘,w˙˙adqdic->n:ie1.024W +w,n nshaxxxw_…saŒ›wÍ##ÜÜÜÜÜÜÜÜÜÜÜܜÜÜÜÜÜÜÜÜ B->digraph G{ +eoe =0pack=88  _2˙Öċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċċ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙0 5rank=max}kw4ack=0rhph{PeÏĊ‘ + newrank4W +w,n‘,w˙˙adqic!- \ No newline at end of file diff --git a/rtest/test_regression.py b/rtest/test_regression.py index 9db10d22c02c69d7932fed0a5cdbe790c98da4d8..2ef4f434a468061925465e1cd7843bdea1968eb9 100644 --- a/rtest/test_regression.py +++ b/rtest/test_regression.py @@ -219,6 +219,21 @@ def test_1594(): assert 'line 3:' in stderr, \ 'GVPR did not identify correct line of syntax error' +def test_1676(): + ''' + https://gitlab.com/graphviz/graphviz/-/issues/1676 + ''' + + # locate our associated test case in this directory + input = os.path.join(os.path.dirname(__file__), '1676.dot') + assert os.path.exists(input), 'unexpectedly missing test case' + + # run Graphviz with this input + ret = subprocess.call(['dot', '-Tsvg', '-o', os.devnull, input]) + + # this malformed input should not have caused Graphviz to crash + assert ret != -signal.SIGSEGV, 'Graphviz segfaulted' + def test_1724(): ''' passing malformed node and newrank should not cause segfaults