File 192.patch of Package transfig
commit dfa8b661b506a463a669754ed635b0a8eb67580e
Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>
Date: Thu Apr 10 09:03:30 2025 +0200
Detect nan in spline control values, ticket #192
---
fig2dev/read.c | 17 +++++++++++------
fig2dev/tests/read.at | 19 +++++++++++++++++++
2 files changed, 30 insertions(+), 6 deletions(-)
--- fig2dev/read.c
+++ fig2dev/read.c 2025-05-16 08:04:13.646999235 +0000
@@ -1581,12 +1581,17 @@ read_splineobject(FILE *fp, char **restr
free_splinestorage(s);
return NULL;
}
- if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN ||
- ly > INT_MAX || rx < INT_MIN || rx > INT_MAX ||
- ry < INT_MIN || ry > INT_MAX) {
- /* do not care to clean up, we exit anyway
- cp->next = NULL;
- free_splinestorage(s); */
+ if ( !isfinite(lx) || lx < INT_MIN || lx > INT_MAX ||
+ !isfinite(ly) || ly < INT_MIN || ly > INT_MAX ||
+ !isfinite(rx) || rx < INT_MIN || rx > INT_MAX ||
+ !isfinite(ry) || ry < INT_MIN || ry > INT_MAX)
+ {
+
+ /* clean up, to pass test "reject huge spline controls
+ values" when -fsanitize=address is enabled */
+ cp->next = NULL;
+ free_splinestorage(s);
+ free(cq);
put_msg("Spline control points out of range "
"at line %d.", *line_no);
exit(EXIT_FAILURE);
--- fig2dev/tests/read.at
+++ fig2dev/tests/read.at 2025-05-16 08:07:33.111333617 +0000
@@ -608,6 +608,25 @@ EOF
])
AT_CLEANUP
+AT_SETUP([reject nan in spline controls values, #192])
+AT_KEYWORDS([read.c])
+# Use an output language that does not natively support Bezier splines.
+# Otherwise, the huge values are simply copied to the output.
+AT_CHECK([fig2dev -L epic <<EOF
+#FIG 3.1
+Landscape
+Center
+Metric
+1200 2
+3 2 0 1 0 7 50 -1 -1 0.0 0 0 0 2
+ 0 0 1200 0
+ 600 600 600 nan
+ 600 600 600 600
+EOF
+], 1, ignore, [Spline control points out of range at line 8.
+])
+AT_CLEANUP
+
AT_BANNER([Dynamically allocate picture file name.])
AT_SETUP([prepend fig file path to picture file name])
