Package: graphviz Severity: normal
I did a little investigation into this which may or may not be helpful. The problem appears to be with the call to position in lib/circogen/circpos.c. position iterates over a linked list and conditionally saves values into an array called parents. parents has the size 'childCount', however, in the single place position is called the linked list has the size 'length'. If length>childCount and enough iterations add a value to the parents array, its bounds may be overrun. Changing the line 'posinfo_t* parents = N_NEW(childCount, posinfo_t);' to 'posinfo_t* parents = N_NEW(length, posinfo_t);' fixes the segfault, though it's not clear if this method's being called with an incorrect assumption about the values of childCount and length anyway. Francis -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
