Number: 306
Title: dot seg faults with some graphs
Submitter: Sampo Kellomaki
Date: Tue Jun 17 10:27:01 2003
Subsys: Dot
Version: 1.9
System: *-*-
Severity: major
Problem:
Find below gdb session that illustrates the crash as well as test input that reproduces the crash every time.

$ uname -a
SunOS clearcase01 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
$ which gcc
/apps/gcc/2.95.3/bin/gcc
$ gcc -v
Reading specs from
/apps/gcc/2.95.3/lib/gcc-lib/sparc-sun-solaris2.6/2.95.3/specs
gcc version 2.95.3 20010315 (release)

(gdb) run -Tps /cvs/ds/dot-crash.dot -o /cvs/ds/foo.ps Starting program: /apps/src/graphviz-1.9/dotneato/.libs/dot -Tps /cvs/ds/dot-crash.dot -o /cvs/ds/foo.ps

Program received signal SIGSEGV, Segmentation fault. 0x2d63c in rebuild_vlists (g=0xd1cf8) at conc.c:192 (gdb) bt #0 0x2d63c in rebuild_vlists (g=0xd1cf8) at conc.c:192 #1 0x2d484 in dot_concentrate (g=0xc88d0) at conc.c:158 #2 0x1ea7c in dot_position (g=0xc88d0) at position.c:31 #3 0x1b420 in dot_layout (g=0xc88d0) at init.c:215 #4 0x1ab60 in main (argc=693248, argv=0xa9400) at dot.c:62 (gdb) p g $3 = (graph_t *) 0xd1cf8 (gdb) p *g $4 = {tag = 3, kind = 1, handle = 0, attr = 0xcbaa8, name = 0xd1734 "cluster_pdu_ldap_pdu_cc", univ = 0xc4000, nodes = 0xd1758, inedges = 0xd1788, outedges = 0xd2e30, root = 0xc88d0, meta_node = 0xd3008, proto = 0xd0e98, u = {drawing = 0x0, label = 0xe1480, bb = {LL = {x = 0, y = 0}, UR = {x = 0, y = 0}}, border = {{x = 0, y = 0}, {x = 0, y = 0}, {x = 128, y = 20}, {x = 0, y = 0}}, left_to_right = 0 '000', has_edge_labels = 0 '000', has_Latin1char = 0 '000', ht1 = 52, ht2 = 88, alg = 0x0, neato_nlist = 0x0, move = 0, dist = 0x0, spring = 0x0, sum_t = 0x0, t = 0x0, ndim = 0, n_cluster = 0, clust = 0x0, nlist = 0x0, rank = 0xf47f0, comp = {list = 0xf24a8, size = 1}, minset = 0x0, maxset = 0x0, n_nodes = 13, minrank = 0, maxrank = 6, has_flat_edges = 0 '000', showboxes = 0 '000', cluster_was_collapsed = 1 '001', nodesep = 0, ranksep = 0, ln = 0x0, rn = 0x0, leader = 0xd31b0, rankleader = 0xc5490, expanded = 1 '001', installed = 2 '002', set_type = 0 '000', exact_ranksep = 0 '000'}} (gdb) p g->root $5 = (Agraph_t *) 0xc88d0 (gdb) p r $6 = 3 (gdb) p lead $7 = (node_t *) 0x0 (gdb)


Here's the fragment of source from rebuild_vlists() conc.c:
190: for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
191:	lead = GD_rankleader(g)[r];
192:	if(ND_rank(g->root)[r].v[ND_order(lead)] != lead)
193:		abort();
194:	GD_rank(g)[r].v = ND_rank(g->root)[r].v + GD_rankleader(g)[r]->u.order;
195:	maxi = -1;

and here is the input. I am sorry I was not able to reduce the test case further. It started as 7000 line file, so I think I deserve a medal for even managing to reduce it this much :-)
Input file: b306.dot
Owner: *
Status: *