From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Sun, 9 Aug 2020 23:50:14 +0000 (-0700)
Subject: fix: avoid accessing min/max rep on a NULL cluster
X-Git-Tag: 2.46.0~20^2^2~121^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2151ea4bd12d68bc82ee48c3de0f092d62483ddc;p=graphviz

fix: avoid accessing min/max rep on a NULL cluster

When entering compile_samerank, the parent cluster could be NULL, which was then
incorrectly dereferenced in the two cases affected in this change. This issue
was found by Google Autofuzz project. Related to #1676.
---

diff --git a/lib/dotgen/rank.c b/lib/dotgen/rank.c
index 8c26d907b..e8b721d7d 100644
--- a/lib/dotgen/rank.c
+++ b/lib/dotgen/rank.c
@@ -836,13 +836,17 @@ static void compile_samerank(graph_t * ug, graph_t * parent_clust)
 	GD_has_sourcerank(clust) = TRUE;	/* fall through */
     case MINRANK:
 	leader = union_all(ug);
-	GD_minrep(clust) = union_one(leader, GD_minrep(clust));
+	if (clust != NULL) {
+	    GD_minrep(clust) = union_one(leader, GD_minrep(clust));
+	}
 	break;
     case SINKRANK:
 	GD_has_sinkrank(clust) = TRUE;	/* fall through */
     case MAXRANK:
 	leader = union_all(ug);
-	GD_maxrep(clust) = union_one(leader, GD_maxrep(clust));
+	if (clust != NULL) {
+	    GD_maxrep(clust) = union_one(leader, GD_maxrep(clust));
+	}
 	break;
     case SAMERANK:
 	leader = union_all(ug);