From 62f88c16e79ffdac6aaec150b9f5fdb6fd8c0db9 Mon Sep 17 00:00:00 2001 From: Magnus Jacobsson Date: Mon, 18 Jul 2022 14:17:04 +0200 Subject: [PATCH] fdpgen: layout: fix heap-buffer-overflow by storing dimension in root graph The layout allocates memory based on the dimension of the root graph, but since the dimension was stored in the subgraph and the dimension in the root graph defaulted to zero, too little memory was allocated. An alternative solution would have been to use the dimension of the subgraph, but this had other implications and the chosen solution is the same as what the other two layout engines supporting the `dim` attribute (neato and sfdp) use. --- lib/fdpgen/layout.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/fdpgen/layout.c b/lib/fdpgen/layout.c index ad440b78b..61a036424 100644 --- a/lib/fdpgen/layout.c +++ b/lib/fdpgen/layout.c @@ -433,7 +433,7 @@ static graph_t *deriveGraph(graph_t * g, layout_info * infop) #ifdef DEBUG GORIG(dg) = g; #endif - GD_ndim(dg) = GD_ndim(g); + GD_ndim(dg) = GD_ndim(agroot(g)); /* Copy attributes from g. */ @@ -1012,7 +1012,7 @@ mkClusters (graph_t * g, clist_t* pclist, graph_t* parent) if (!strncmp(agnameof(subg), "cluster", 7)) { agbindrec(subg, "Agraphinfo_t", sizeof(Agraphinfo_t), true); GD_alg(subg) = NEW(gdata); /* freed in cleanup_subgs */ - GD_ndim(subg) = GD_ndim(parent); + GD_ndim(subg) = GD_ndim(agroot(parent)); LEVEL(subg) = LEVEL(parent) + 1; GPARENT(subg) = parent; addCluster(clist, subg); @@ -1033,8 +1033,8 @@ static void fdp_init_graph(Agraph_t * g) { setEdgeType (g, EDGETYPE_LINE); GD_alg(g) = NEW(gdata); /* freed in cleanup_graph */ - GD_ndim(g) = late_int(g, agattr(g,AGRAPH, "dim", NULL), 2, 2); - Ndim = GD_ndim(g) = MIN(GD_ndim(g), MAXDIM); + GD_ndim(agroot(g)) = late_int(g, agattr(g,AGRAPH, "dim", NULL), 2, 2); + Ndim = GD_ndim(agroot(g)) = MIN(GD_ndim(agroot(g)), MAXDIM); mkClusters (g, NULL, g); fdp_initParams(g); -- 2.40.0