File 192.patch of Package transfig.38710

commit dfa8b661b506a463a669754ed635b0a8eb67580e
Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>
Date:   Thu Apr 10 09:03:30 2025 +0200

    Detect nan in spline control values, ticket #192

---
 fig2dev/read.c        |   21 ++++++++++++++-------
 fig2dev/tests/read.at |   19 +++++++++++++++++++
 2 files changed, 33 insertions(+), 7 deletions(-)

--- fig2dev/read.c
+++ fig2dev/read.c	2025-05-16 13:25:18.989559001 +0000
@@ -22,6 +22,7 @@
 
 #include <ctype.h>
 #include <limits.h>
+#include <math.h>
 #include <stddef.h>	/* ptrdiff_t */
 #include <stdio.h>
 #include <stdlib.h>
@@ -1421,13 +1422,19 @@ read_splineobject(FILE *fp, char **restr
 		free_splinestorage(s);
 		return NULL;
 	    }
-	    if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN || ly > INT_MAX ||
-		rx < INT_MIN || rx > INT_MAX || ry < INT_MIN || ry > INT_MAX) {
-		    /* do not care to clean up, we exit anyway
-		       cp->next = NULL;
-		       free_splinestorage(s);	*/
-		    put_msg("Spline control points out of range at line %d.",
-				    *line_no);
+	    if (	    !isfinite(lx) || lx < INT_MIN || lx > INT_MAX ||
+			    !isfinite(ly) || ly < INT_MIN || ly > INT_MAX ||
+			    !isfinite(rx) || rx < INT_MIN || rx > INT_MAX ||
+			    !isfinite(ry) || ry < INT_MIN || ry > INT_MAX)
+	    {
+
+		    /* clean up, to pass test "reject huge spline controls
+		       values" when -fsanitize=address is enabled */
+		    cp->next = NULL;
+		    free_splinestorage(s);
+		    free(cq);
+		    put_msg("Spline control points out of range "
+				    "at line %d.", *line_no);
 		    exit(EXIT_FAILURE);
 	    }
 	    cq->lx = lx; cq->ly = ly;
--- fig2dev/tests/read.at
+++ fig2dev/tests/read.at	2025-05-16 13:24:53.198030490 +0000
@@ -560,6 +560,25 @@ EOF
 ])
 AT_CLEANUP
 
+AT_SETUP([reject nan in spline controls values, #192])
+AT_KEYWORDS([read.c])
+# Use an output language that does not natively support Bezier splines.
+# Otherwise, the huge values are simply copied to the output.
+AT_CHECK([fig2dev -L epic <<EOF
+#FIG 3.1
+Landscape
+Center
+Metric
+1200 2
+3 2 0 1 0 7 50 -1 -1 0.0 0 0 0 2
+	0 0 1200 0
+	600 600 600 nan
+	600 600 600 600
+EOF
+], 1, ignore, [Spline control points out of range at line 8.
+])
+AT_CLEANUP
+
 AT_BANNER([Dynamically allocate picture file name.])
 
 AT_SETUP([prepend fig file path to picture file name])