From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Fri, 25 Feb 2022 16:09:36 +0000 (-0800)
Subject: agwrite: fix: ignore out of range 'linelength'
X-Git-Tag: 4.0.0~205^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=29e9665d0de1d138ca213c0cf2d6dbd86987046b;p=graphviz

agwrite: fix: ignore out of range 'linelength'

This code was accepting large negative numbers and then converting them to
positive numbers that were applied as the line length limit. This seems clearly
unintended. This rephrasing now ignores any out of range value set for
`linelength`.
---

diff --git a/lib/cgraph/write.c b/lib/cgraph/write.c
index d7c46f9dd..438cd8c26 100644
--- a/lib/cgraph/write.c
+++ b/lib/cgraph/write.c
@@ -8,6 +8,7 @@
  * Contributors: Details at https://graphviz.org
  *************************************************************************/
 
+#include <limits.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdio.h>		/* need sprintf() */
@@ -655,13 +656,12 @@ static void set_attrwf(Agraph_t * g, bool toplevel, bool value)
 int agwrite(Agraph_t * g, void *ofile)
 {
     char* s;
-    int len;
     Level = 0;			/* re-initialize tab level */
     s = agget(g, "linelength");
     if (s != NULL && isdigit((int)*s)) {
-	len = (int)strtol(s, (char **)NULL, 10);
-	if (len == 0 || len >= MIN_OUTPUTLINE)
-	    Max_outputline = len;
+	unsigned long len = strtoul(s, NULL, 10);
+	if ((len == 0 || len >= MIN_OUTPUTLINE) && len <= (unsigned long)INT_MAX)
+	    Max_outputline = (int)len;
     }
     set_attrwf(g, true, false);
     CHKRV(write_hdr(g, ofile, TRUE));