severity 575255 important
thanks
Francis Russell wrote:
> Package: graphviz
> Severity: normal
>
>
> I did a little investigation into this which may or may not be helpful. The
> problem appears to be with the call to position in lib/circogen/circpos.c.
> position iterates over a linked list and conditionally saves values into an
> array called parents. parents has the size 'childCount', however, in the
> single
> place position is called the linked list has the size 'length'. If
> length>childCount and enough iterations add a value to the parents array,
> its bounds may be overrun. Changing the line 'posinfo_t* parents =
> N_NEW(childCount, posinfo_t);' to 'posinfo_t* parents = N_NEW(length,
> posinfo_t);' fixes the segfault, though it's not clear if this method's being
> called with an incorrect assumption about the values of childCount and length
> anyway.
>
> Francis
>
Many thanks for your help Francis!
I've passed the bug report upstream, along with your suggested fix which
I can confirm works here too ;-)
In the meantime I've downgraded the bug to Important since it now seems
clear it only affects circo.
Cheers,
David.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
