Graphviz Issue Tracker
Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000566graphvizDotpublic2002-01-12 11:522011-04-28 04:02
ReporterMatthew Skala 
Assigned Tonorth 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSx86-Linux-2.4.5OS Version
Summary0000566: Complicated digraphs cause dot to segfault
Description



Some input files of moderate to high complexity cause dot to segfault.
I haven't been able to characterize exactly what triggers the bug. It
seems to be quite fragile - almost any change to the digraph will
cause the segfault to disappear. However, as my graph becomes more
and more complicated, it gets harder and harder (eventually,
impossible) to find a way of expressing the input that will contain
the information I want to represent without triggering the bug. The
bug does *not* seem to be affected by cosmetic changes like label text
and node shape; it *is* affected by anything related to layout, such
as edge weight, the concentrate= flag, etc. Note that the example
file I give has concentrate=true, but I'm not sure that that's
necessary to trigger the bug. Disabling concentrate= on this file
makes the segfault go away but I'm pretty sure I've seen other files
where it segfaulted even with concentrate= turned off.



Examination with gdb traced the segfault to line 374 of
dotneato/dotgen/cluster.c, in which the variable "e" is dereferenced
in the condition of a while() loop even if it's null. I modified the
loop condition to terminate the loop if e is null, before derefencencing
it, and then the same problem showed up in line 402. I made the same
change there and dot now produces apparently-correct output on the
sample file I attach below. I have not yet established whether this
fix really solves the problem for all similar files, whether it has
unintended consequences, etc. I don't understand the significance of
the variable e or the data structure it points into, so I don't know
that terminating the loop when e==NULL is really the right thing to
do. It does seem to work so far, however.
TagsNo tags attached.
AUXILLARY-FILES
DATE-FIXED
FIX-COMMENT 
This patch is to be applied to dotneato/dotgen/cluster.c. It's meant
for demonstration purposes only - it cleans up the problem I noted, but
may well create some other, worse, problem, because I don't really
understand what's going on in these loops.
FORMER-ID71
INPUT-FILEhttp://www.graphviz.org/bugs/b71.dot [^]
OUTPUT-FILE
STATUS-COMMENTFixed
VERSION     1.7.15
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2011-04-28 04:02 user1 New Issue
2011-04-28 04:02 user1 Assigned To => Stephen North


MantisBT 1.2.5[^]
Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker