fix: avoid looking for max/min representative on an invalid edge end

This avoids a segfault resulting from using a NULL pointer. Fixes #1724.

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ef996d9edff6941896581f3b10c59c412bf3d53..5303ba2b994c1f906665406f04c4624038ea0927 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - typo in cmd/gvpr/lib/clustg #1781
 - Segfault in dot #1783
 - Incorrect 'Arrow type "s" unknown' error #1444
+- segfault on reading 0x10 #1724
 
 ## [2.44.1] - 2020-06-29
 

diff --git a/lib/dotgen/rank.c b/lib/dotgen/rank.c
index 8c31e77bb872836472b4aa7203b9dbcb235af214..8c26d907bcd510dfd84d318159f0c60d169a02ba 100644 (file)
--- a/lib/dotgen/rank.c
+++ b/lib/dotgen/rank.c
@@ -990,9 +990,11 @@ static void compile_edges(graph_t * ug, graph_t * Xg)
            hc = ND_clust(aghead(e));
 
            if (is_internal_to_cluster(e)) {
+               graph_t *clust_tail = ND_clust(agtail(e));
+               graph_t *clust_head = ND_clust(aghead(e));
                /* determine if graph requires reversed edge */
-               if ((find(agtail(e)) == GD_maxrep(ND_clust(agtail(e))))
-                   || (find(aghead(e)) == GD_minrep(ND_clust(aghead(e))))) {
+               if ((clust_tail != NULL && find(agtail(e)) == GD_maxrep(clust_tail))
+                   || (clust_head != NULL && find(aghead(e)) == GD_minrep(clust_head))) {
                    node_t *temp = Xt;
                    Xt = Xh;
                    Xh = temp;

diff --git a/rtest/1724.dot b/rtest/1724.dot
new file mode 100644 (file)
index 0000000..1779159
--- /dev/null
+++ b/rtest/1724.dot
@@ -0,0 +1,5 @@
+digraph{
+newrank=
+D a->ÿ
+0pack=8}
+

diff --git a/rtest/test_regression.py b/rtest/test_regression.py
index 5de3d80a686dea30c4c02a59ac6eb59c65effdfa..9db10d22c02c69d7932fed0a5cdbe790c98da4d8 100644 (file)
--- a/rtest/test_regression.py
+++ b/rtest/test_regression.py
@@ -219,6 +219,21 @@ def test_1594():
     assert 'line 3:' in stderr, \
       'GVPR did not identify correct line of syntax error'
 
+def test_1724():
+    '''
+    passing malformed node and newrank should not cause segfaults
+    https://gitlab.com/graphviz/graphviz/-/issues/1724
+    '''
+
+    # locate our associated test case in this directory
+    input = os.path.join(os.path.dirname(__file__), '1724.dot')
+    assert os.path.exists(input), 'unexpectedly missing test case'
+
+    # run Graphviz with this input
+    ret = subprocess.call(['dot', '-Tsvg', '-o', os.devnull, input])
+
+    assert ret != -signal.SIGSEGV, 'Graphviz segfaulted'
+
 def test_1767():
     '''
     using the Pango plugin multiple times should produce consistent results