From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Sun, 9 Aug 2020 19:51:50 +0000 (-0700)
Subject: fix: avoid looking for max/min representative on an invalid edge end
X-Git-Tag: 2.46.0~20^2^2~122^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8603dfd264ef90841dabe10597db3ba23a0164fb;p=graphviz

fix: avoid looking for max/min representative on an invalid edge end

This avoids a segfault resulting from using a NULL pointer. Fixes #1724.
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ef996d9e..5303ba2b9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - typo in cmd/gvpr/lib/clustg #1781
 - Segfault in dot #1783
 - Incorrect 'Arrow type "s" unknown' error #1444
+- segfault on reading 0x10 #1724
 
 ## [2.44.1] - 2020-06-29
 
diff --git a/lib/dotgen/rank.c b/lib/dotgen/rank.c
index 8c31e77bb..8c26d907b 100644
--- a/lib/dotgen/rank.c
+++ b/lib/dotgen/rank.c
@@ -990,9 +990,11 @@ static void compile_edges(graph_t * ug, graph_t * Xg)
 	    hc = ND_clust(aghead(e));
 
 	    if (is_internal_to_cluster(e)) {
+		graph_t *clust_tail = ND_clust(agtail(e));
+		graph_t *clust_head = ND_clust(aghead(e));
 		/* determine if graph requires reversed edge */
-		if ((find(agtail(e)) == GD_maxrep(ND_clust(agtail(e))))
-		    || (find(aghead(e)) == GD_minrep(ND_clust(aghead(e))))) {
+		if ((clust_tail != NULL && find(agtail(e)) == GD_maxrep(clust_tail))
+		    || (clust_head != NULL && find(aghead(e)) == GD_minrep(clust_head))) {
 		    node_t *temp = Xt;
 		    Xt = Xh;
 		    Xh = temp;
diff --git a/rtest/1724.dot b/rtest/1724.dot
new file mode 100644
index 000000000..1779159fa
--- /dev/null
+++ b/rtest/1724.dot
@@ -0,0 +1,5 @@
+digraph{
+newrank=
+D a->ÿ
+0pack=8}
+
diff --git a/rtest/test_regression.py b/rtest/test_regression.py
index 5de3d80a6..9db10d22c 100644
--- a/rtest/test_regression.py
+++ b/rtest/test_regression.py
@@ -219,6 +219,21 @@ def test_1594():
     assert 'line 3:' in stderr, \
       'GVPR did not identify correct line of syntax error'
 
+def test_1724():
+    '''
+    passing malformed node and newrank should not cause segfaults
+    https://gitlab.com/graphviz/graphviz/-/issues/1724
+    '''
+
+    # locate our associated test case in this directory
+    input = os.path.join(os.path.dirname(__file__), '1724.dot')
+    assert os.path.exists(input), 'unexpectedly missing test case'
+
+    # run Graphviz with this input
+    ret = subprocess.call(['dot', '-Tsvg', '-o', os.devnull, input])
+
+    assert ret != -signal.SIGSEGV, 'Graphviz segfaulted'
+
 def test_1767():
     '''
     using the Pango plugin multiple times should produce consistent results