Graphviz Issue Tracker
Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002027graphvizFdppublic2011-01-19 12:192011-04-28 04:03
ReporterWilmer van der Gaast 
Assigned Tonorth 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSx86-Linux-VariousOS Version
Summary0002027: *Very* long line/label crashes graphviz
Description



It looks like I can make graphviz/fdp access uninitialized memory using
a gv file with very long labels (and possibly other statements, I haven't
tried that out yet), at least when generating svg's.



Valgrind says the following:
<CD>
==1475== Conditional jump or move depends on uninitialised value(s)
==1475== at 0x5320399: [email protected]@GLIBC_2.2.5 (fileops.c:880)
==1475== by 0x5322204: _IO_default_xsputn (genops.c:485)
==1475== by 0x531F9C1: [email protected]@GLIBC_2.2.5 (fileops.c:1380)
==1475== by 0x5315E5C: fwrite (iofwrite.c:45)
==1475== by 0x4E4B464: gvwrite (in /usr/lib/libgvc.so.5.0.0)
==1475== by 0x4E4B686: gvprintf (in /usr/lib/libgvc.so.5.0.0)
==1475== by 0x9E7C69B: ??? (in /usr/lib/graphviz/libgvplugin_core.so.6.0.0)
==1475== by 0x4E702E8: ??? (in /usr/lib/libgvc.so.5.0.0)
==1475== by 0x4E77454: ??? (in /usr/lib/libgvc.so.5.0.0)
==1475== by 0x4E7C286: emit_graph (in /usr/lib/libgvc.so.5.0.0)
==1475== by 0x4E7E0B3: gvRenderJobs (in /usr/lib/libgvc.so.5.0.0)
==1475== by 0x400F01: ??? (in /usr/bin/dot)
</CD>



And indeed in the output I see lots of non-ASCII stuff.
Steps To Reproduce

Not exactly an input file, but since it needs to be so huge I'm
"compressing" it a little bit using a shell oneliner:
<CD>
[email protected]:/tmp$ cat vis.gv
digraph vis {
  "foo" [
    tooltip = "%s"
    label = "baz"
  ]
}
[email protected]:/tmp$ printf "$(cat vis.gv)" $(for x in {1..8192}; do echo -n y; done) | valgrind fdp -T svg
</CD>
Additional Information

[north] Hi. I appreciated the concise test.

It appears this is something we must have fixed, as it does not show up in Linux
or Mac OS using the latest graphviz devel snapshot.

I was able to get different but similar valgrind messages with an older Graphviz on an fc11 machine.
TagsNo tags attached.
AUXILLARY-FILES
DATE-FIXED
FIX-COMMENT
FORMER-ID2112
INPUT-FILE
OUTPUT-FILE
STATUS-COMMENTFixed
VERSION     2.26.3 and others
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2011-04-28 04:03 user1 New Issue
2011-04-28 04:03 user1 Assigned To => Stephen North


MantisBT 1.2.5[^]
Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker