Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
graphviz
graphviz-malformed_input.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File graphviz-malformed_input.patch of Package graphviz
diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c index f4798089e616b03bb6e612e92bb2a1577be4d0b9..b9fc9730c410c67160713d74f76e4e75bd33f486 100644 --- a/cmd/tools/graphml2gv.c +++ b/cmd/tools/graphml2gv.c @@ -468,8 +468,10 @@ startElementHandler(void *userData, const char *name, const char **atts) if (pos > 0) { const char *attrname; attrname = atts[pos]; - - bind_node(attrname); + if (G == 0) + fprintf(stderr,"node %s outside graph, ignored\n",attrname); + else + bind_node(attrname); pushString(&ud->elements, attrname); } @@ -495,21 +497,25 @@ startElementHandler(void *userData, const char *name, const char **atts) if (tname) head = tname; - bind_edge(tail, head); + if (G == 0) + fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head); + else { + bind_edge(tail, head); - t = AGTAIL(E); - tname = agnameof(t); + t = AGTAIL(E); + tname = agnameof(t); - if (strcmp(tname, tail) == 0) { - ud->edgeinverted = FALSE; - } else if (strcmp(tname, head) == 0) { - ud->edgeinverted = TRUE; - } + if (strcmp(tname, tail) == 0) { + ud->edgeinverted = FALSE; + } else if (strcmp(tname, head) == 0) { + ud->edgeinverted = TRUE; + } - pos = get_xml_attr("id", atts); - if (pos > 0) { - setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); - } + pos = get_xml_attr("id", atts); + if (pos > 0) { + setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); + } + } } else { /* must be some extension */ fprintf(stderr, @@ -530,7 +536,7 @@ static void endElementHandler(void *userData, const char *name) char *ele_name = topString(ud->elements); if (ud->closedElementType == TAG_GRAPH) { Agnode_t *node = agnode(root, ele_name, 0); - agdelete(root, node); + if (node) agdelete(root, node); } popString(&ud->elements); Current_class = TAG_GRAPH; diff --git a/lib/cgraph/grammar.y b/lib/cgraph/grammar.y index 90aa27387100330692861912636fe241b83809b7..127a7241a3a91586fc0f8e7f777d76856e37499e 100644 --- a/lib/cgraph/grammar.y +++ b/lib/cgraph/grammar.y @@ -22,6 +22,7 @@ extern void yyerror(char *); /* gets mapped to aagerror, see below */ #endif static char Key[] = "key"; +static int SubgraphDepth = 0; typedef union s { /* possible items in generic list */ Agnode_t *n; @@ -542,6 +543,7 @@ static void startgraph(char *name, int directed, int strict) static Agdesc_t req; /* get rid of warnings */ if (G == NILgraph) { + SubgraphDepth = 0; req.directed = directed; req.strict = strict; req.maingraph = TRUE; @@ -562,6 +564,11 @@ static void endgraph() static void opensubg(char *name) { + if (++SubgraphDepth >= YYMAXDEPTH/2) { + char buf[128]; + sprintf(buf,"subgraphs nested more than %d deep",YYMAXDEPTH); + agerr(AGERR,buf); + } S = push(S,agsubg(S->g,name,TRUE)); agstrfree(G,name); } @@ -569,6 +576,7 @@ static void opensubg(char *name) static void closesubg() { Agraph_t *subg = S->g; + --SubgraphDepth; S = pop(S); S->subg = subg; assert(subg); diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c index 7b1c8c1010d5ae31f7adf116be4d97a831f34bd8..709774e3db42e9069d17b90f855390b19ae8beb2 100644 --- a/lib/cgraph/obj.c +++ b/lib/cgraph/obj.c @@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack) Agraph_t *agroot(void* obj) { + // fixes CVE-2019-11023 by moving the problem to the caller :-) + if (obj == 0) return NILgraph; switch (AGTYPE(obj)) { case AGINEDGE: case AGOUTEDGE:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor