Graphviz Issue Tracker
Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001406graphvizDotpublic2008-09-19 06:222011-04-28 04:03
ReporterMarcus Granado 
Assigned Togviz 
PrioritynormalSeveritycriticalReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOS*-*-OS Version
Summary0001406: Segmentation fault with large number of nested brackets
Description



I was using graphviz dot 2.16-3ubuntu2 to parse huge graphs,
and one of them segfaulted dot.



The graph had a deep nested structure, and it seems that dot wasn't
able to cope with that. The attached example is the minimal dot file
that triggers the problem.
Steps To Reproduce

//usage: 'dot -Tsvg bracketbug-graphviz.dot'
//output: Segmentation fault

digraph "bracketbug_outputs_segmentationfault" {

node [label="a"] "b" -> {
//33 brackets are fine, but
//34 brackets trigger crash
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}

}
}

Additional Information

[ellson] I can reproduce this with:
<CD>
digraph "bracketbug_outputs_segmentationfault" {
node [label="a"]
"b" -> {
//33 brackets are fine, but
//34 brackets trigger crash
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{c}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
}
}
</CD>

-Tsvg isn't needded for the crash to occur.

It crashes with or without the 'c', although without crashes in a different place, on an agstrfree("")

<CD>
Program received signal SIGSEGV, Segmentation fault.
0x0000000000000013 in ?? ()
(gdb) where
#0 0x0000000000000013 in ?? ()
0000001 0x00007ffff7df7f95 in agstrdup (s=0x611aa0 "c") at refstr.c:83
0000002 0x00007ffff7df63b3 in aglex () at lexer.c:440
0000003 0x00007ffff7df7765 in agparse () at y.tab.c:1618
0000004 0x00007ffff7df56d5 in agread (fp=<value optimized out>) at graphio.c:71
TagsNo tags attached.
AUXILLARY-FILES
DATE-FIXED
FIX-COMMENT
FORMER-ID1442
INPUT-FILE
OUTPUT-FILE
STATUS-COMMENT*
VERSION     2.16
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2011-04-28 04:03 user1 New Issue
2011-04-28 04:03 user1 Assigned To => user1


MantisBT 1.2.5[^]
Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker