From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Sat, 24 Oct 2020 17:11:36 +0000 (-0700)
Subject: fix buffer overflow in write_nodename()
X-Git-Tag: 2.46.0~20^2^2~4^2~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8d283783a35973558896b8cbc71cff7fc4fc4144;p=graphviz

fix buffer overflow in write_nodename()

This buffer was not large enough to print the string and uint64_t that gets
written into it. Related to !1620.
---

diff --git a/lib/cgraph/write.c b/lib/cgraph/write.c
index 153832ec8..caa12db3f 100644
--- a/lib/cgraph/write.c
+++ b/lib/cgraph/write.c
@@ -497,7 +497,7 @@ static int write_nondefault_attrs(void *obj, iochan_t * ofile,
 
 static int write_nodename(Agnode_t * n, iochan_t * ofile)
 {
-    char *name, buf[20];
+    char *name, buf[sizeof("__SUSPECT") + 20];
     Agraph_t *g;
 
     name = agnameof(n);