graphviz/graphviz-2.40.1-CVE-2020-18032.patch

18 lines
739 B
Diff
Raw Normal View History

diff --git a/lib/common/shapes.c b/lib/common/shapes.c
index 61e4fe1..8d18502 100644
--- a/lib/common/shapes.c
+++ b/lib/common/shapes.c
@@ -3545,9 +3545,10 @@ static void record_init(node_t * n)
reclblp = ND_label(n)->text;
len = strlen(reclblp);
/* For some forgotten reason, an empty label is parsed into a space, so
- * we need at least two bytes in textbuf.
+ * we need at least two bytes in textbuf, as well as accounting for the
+ * error path involving "\\N" below.
*/
- len = MAX(len, 1);
+ len = MAX(MAX(len, 1), (int)strlen("\\N"));
textbuf = N_NEW(len + 1, char);
if (!(info = parse_reclbl(n, flip, TRUE, textbuf))) {
agerr(AGERR, "bad label format %s\n", ND_label(n)->text);