[Dot] dot seg faults with some graphs
Ported Issue from Mantis Original ID: 229 Reported By: Sampo Kellomaki
SEVERITY: MAJOR Submitted: 2003-06-17 15:27:01
OS: --
VERSION: 1.9
DESCRIPTION
Find below gdb session that illustrates the crash as well as
test input that reproduces the crash every time.
$ uname -a
SunOS clearcase01 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
$ which gcc
/apps/gcc/2.95.3/bin/gcc
$ gcc -v
Reading specs from
/apps/gcc/2.95.3/lib/gcc-lib/sparc-sun-solaris2.6/2.95.3/specs
gcc version 2.95.3 20010315 (release)
(gdb) run -Tps /cvs/ds/dot-crash.dot -o /cvs/ds/foo.ps
Starting program: /apps/src/graphviz-1.9/dotneato/.libs/dot -Tps
/cvs/ds/dot-crash.dot -o /cvs/ds/foo.ps
Program received signal SIGSEGV, Segmentation fault. 0x2d63c in rebuild_vlists (g=0xd1cf8) at conc.c:192 (gdb) bt #0 0x2d63c in rebuild_vlists (g=0xd1cf8) at conc.c:192 #1 (closed) 0x2d484 in dot_concentrate (g=0xc88d0) at conc.c:158 #2 0x1ea7c in dot_position (g=0xc88d0) at position.c:31 #3 (closed) 0x1b420 in dot_layout (g=0xc88d0) at init.c:215 #4 0x1ab60 in main (argc=693248, argv=0xa9400) at dot.c:62
(gdb) p g
$3 = (graph_t *) 0xd1cf8
(gdb) p *g
$4 = {tag = 3, kind = 1, handle = 0, attr = 0xcbaa8,
name = 0xd1734 "cluster_pdu_ldap_pdu_cc", univ = 0xc4000, nodes = 0xd1758,
inedges = 0xd1788, outedges = 0xd2e30, root = 0xc88d0, meta_node = 0xd3008,
proto = 0xd0e98, u = {drawing = 0x0, label = 0xe1480, bb = {LL = {x = 0,
y = 0}, UR = {x = 0, y = 0}}, border = {{x = 0, y = 0}, {x = 0,
y = 0}, {x = 128, y = 20}, {x = 0, y = 0}}, left_to_right = 0 '\000',
has_edge_labels = 0 '\000', has_Latin1char = 0 '\000', ht1 = 52, ht2 =
88,
alg = 0x0, neato_nlist = 0x0, move = 0, dist = 0x0, spring = 0x0,
sum_t = 0x0, t = 0x0, ndim = 0, n_cluster = 0, clust = 0x0, nlist = 0x0,
rank = 0xf47f0, comp = {list = 0xf24a8, size = 1}, minset = 0x0,
maxset = 0x0, n_nodes = 13, minrank = 0, maxrank = 6,
has_flat_edges = 0 '\000', showboxes = 0 '\000',
cluster_was_collapsed = 1 '\001', nodesep = 0, ranksep = 0, ln = 0x0,
rn = 0x0, leader = 0xd31b0, rankleader = 0xc5490, expanded = 1 '\001',
installed = 2 '\002', set_type = 0 '\000', exact_ranksep = 0 '\000'}}
(gdb) p g->root
$5 = (Agraph_t *) 0xc88d0
(gdb) p r
$6 = 3
(gdb) p lead
$7 = (node_t *) 0x0
(gdb)
and here is the input. I am sorry I was not able to reduce the test case further. It started as 7000 line file, so I think I deserve a medal for even managing to reduce it this much :-)