From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Sat, 28 Jan 2023 19:10:08 +0000 (-0800)
Subject: fix: exit when erroring during HTML lexing
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0dbe5d3b038854d5be735f3eb52234a4f93e2065;p=graphviz

fix: exit when erroring during HTML lexing

Labels can be either plain text or HTML-like labels (`<`, `>` delimited). When
parsing an HTML-like label, the lexer would return the same result for a warning
or an error. This meant the caller would attempt to fallback to a plain text
label in either case. But when the HTML lexer has errored, the input has been
determined unparseable. Falling back to parsing a plain text label is unlikely
to work, and even if it does it produces something that is certainly not what
the user intended. In most scenarios, this fallback behavior would go onto to
crash messily, now that labels were populated with garbage data.

This change simply teaches the calling code to notice the error and exit instead
of falling back. Exiting from within library code like this is not particularly
clean or desirable, but there is no easy elegant error path from this code.

Gitlab: fixes #1311
Reported-by: Google Autofuzz project
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a5db79d68..179b183bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   SVG. #799
 - Legacy man page references to `dotty` have been removed. `dotty` was removed
   in Graphviz 4.0.0.
+- Graphviz will now exit when encountering a syntactically invalid HTML label
+  instead of attempting to recover and continue. #1311
 
 ### Fixed
 
diff --git a/lib/common/htmllex.c b/lib/common/htmllex.c
index 5d5aacacc..15cdcffc6 100644
--- a/lib/common/htmllex.c
+++ b/lib/common/htmllex.c
@@ -791,7 +791,7 @@ int initHTMLlexer(char *src, agxbuf * xb, htmlenv_t *env)
 int clearHTMLlexer()
 {
 #ifdef HAVE_EXPAT
-    int rv = state.warn | state.error;
+    int rv = state.error ? 3 : state.warn;
     XML_ParserFree(state.parser);
     agxbfree (&state.lb);
     return rv;
diff --git a/lib/common/htmlparse.y b/lib/common/htmlparse.y
index 51394d20b..ca349369b 100644
--- a/lib/common/htmlparse.y
+++ b/lib/common/htmlparse.y
@@ -586,7 +586,8 @@ VR  : T_vr T_end_vr
 
 /* parseHTML:
  * Return parsed label or NULL if failure.
- * Set warn to 0 on success; 1 for warning message; 2 if no expat.
+ * Set warn to 0 on success; 1 for warning message; 2 if no expat; 3 for error
+ * message.
  */
 htmllabel_t*
 parseHTML (char* txt, int* warn, htmlenv_t *env)
diff --git a/lib/common/htmltable.c b/lib/common/htmltable.c
index 76e975098..46ed79475 100644
--- a/lib/common/htmltable.c
+++ b/lib/common/htmltable.c
@@ -36,6 +36,7 @@
 #include <common/intset.h>
 #include <cdt/cdt.h>
 #include <cgraph/alloc.h>
+#include <cgraph/exit.h>
 #include <cgraph/itos.h>
 #include <cgraph/strcasecmp.h>
 #include <stddef.h>
@@ -2010,6 +2011,10 @@ int make_html_label(void *obj, textlabel_t * lp)
     env.finfo.flags = 0;
     lbl = parseHTML(lp->text, &rv, &env);
     if (!lbl) {
+	if (rv == 3) {
+	    // fatal error
+	    graphviz_exit(EXIT_FAILURE);
+	}
 	/* Parse of label failed; revert to simple text label */
 	agxbuf xb;
 	char buf[SMALLBUF];