circogen: layout: fix heap-buffer-overflow by storing dimension in root graph

The layout allocates memory based on the dimension of the root graph,
but since the dimension was stored in the subgraph and the dimension
in the root graph defaulted to zero, too little memory was allocated.

An alternative solution would have been to use the dimension of the
subgraph, but this had other implications and the chosen solution is
the same as what the other two layout engines supporting the `dim`
attribute (neato and sfdp) use. Circo always uses two dimensions.

diff --git a/lib/circogen/circularinit.c b/lib/circogen/circularinit.c
index 7c6fd208af8eb21e38370f28052ebc5af281393d..ecc2d571cf60e7891bb18f6a93273b6063fd5744 100644 (file)
--- a/lib/circogen/circularinit.c
+++ b/lib/circogen/circularinit.c
@@ -64,7 +64,7 @@ void circo_init_graph(graph_t * g)
 {
     setEdgeType (g, EDGETYPE_LINE);
     /* GD_ndim(g) = late_int(g,agfindattr(g,"dim"),2,2); */
-    Ndim = GD_ndim(g) = 2;     /* The algorithm only makes sense in 2D */
+    Ndim = GD_ndim(agroot(g)) = 2;     /* The algorithm only makes sense in 2D */
     circular_init_node_edge(g);
 }