From 0d96d07af82abe6d6955513bc7ce17ff1f4b51a3 Mon Sep 17 00:00:00 2001 From: Matthew Fernandez Date: Sun, 25 Dec 2022 12:39:16 -0800 Subject: [PATCH] pathplan: fix integer overflow with > 46341 nodes MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit After this change, a ASan+UBSan build of Graphviz can process the #1999 example without crashing. Graphs with >46341 (⌈√INT_MAX⌉) nodes no longer cause an integer overflow. Gitlab: fixes #1999 Reported-by: Lockywolf --- CHANGELOG.md | 1 + lib/pathplan/visibility.c | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e7a67ad2..30479deec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - The Autotools build system no longer errors when attempting libANN discovery during cross-compilation. This was a regression in Graphviz 7.0.6. #2335 +- Graphs with more than 46341 (⌈√INT_MAX⌉) nodes no longer crash `twopi`. #1999 ## [7.0.6] – 2023-01-06 diff --git a/lib/pathplan/visibility.c b/lib/pathplan/visibility.c index 94abb67dd..52d21bf2d 100644 --- a/lib/pathplan/visibility.c +++ b/lib/pathplan/visibility.c @@ -8,7 +8,7 @@ * Contributors: Details at https://graphviz.org *************************************************************************/ - +#include #include #include #include @@ -33,8 +33,9 @@ static array2 allocArray(int V, int extra) array2 arr; COORD *p; + assert(V >= 0); arr = malloc((V + extra) * sizeof(COORD *)); - p = calloc(V * V, sizeof(COORD)); + p = calloc((size_t)V * (size_t)V, sizeof(COORD)); for (i = 0; i < V; i++) { arr[i] = p; p += V; -- 2.50.1