Graphviz Issue Tracker
Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002349graphvizBuild/Installpublic2013-09-04 05:322013-09-07 13:23
Reporterphisama 
Assigned Toerg 
PrioritynormalSeverityimportantReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSopenSUSEOS Version12.3
Summary0002349: Buffer overflow in lib/common/shapes.c(round_corners) (off-by-one)
DescriptionIn round_corners, C is defined as
pointf C[4];
yet in line 1367 you find
C[4] = C[0];
which overflows the array. Not knowing the code I've simply commented out that line for the openSUSE package of graphviz 2.32.0.
TagsNo tags attached.
AUXILLARY-FILES
DATE-FIXED
FIX-COMMENTarray size chnaged to 5
FORMER-ID
INPUT-FILE
OUTPUT-FILE
STATUS-COMMENT
VERSION2.32.0
Attached Files

- Relationships

-  Notes
User avatar (0000488)
erg (administrator)
2013-09-05 10:40

Just need pointf C[5];

- Issue History
Date Modified Username Field Change
2013-09-04 05:32 phisama New Issue
2013-09-05 10:40 erg Note Added: 0000488
2013-09-05 10:40 erg Assigned To => erg
2013-09-05 10:40 erg Status new => resolved
2013-09-05 10:40 erg Resolution open => fixed
2013-09-07 13:23 ellson FIX-COMMENT => array size chnaged to 5
2013-09-07 13:23 ellson Status resolved => closed


MantisBT 1.2.5[^]
Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker