Skip to content

Segmentation fault when running test example neatopack.c

Steps to reproduce

  1. Compile dot.demo/neatopack.c to a.exe
  2. Run echo 'graph {a -- b}' | ./a.exe

Expected Behaviour

No error.

Actual Behaviour

  • Segmentation fault (core dumped) on Linux.
  • STATUS_ACCESS_VIOLATION on Windows.

OS Version

All supported OSs in our pipeline, but debug info below from Ubuntu 18.04.

Graphviz Version

Home-built based on commit 4999fb85.

dot - graphviz version 2.44.2~dev.20200820.1251 (20200820.1251)

Additional info

This might not be a bug in Graphviz. It might be a bug in neatopack.c or in the way I'm using it.

GDB gives this backtrace:


magjac@t440:~/graphviz$ gdb -c core --args a.exe g.dot
GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from a.exe...done.
[New LWP 18066]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./a.exe'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:174
174	../sysdeps/x86_64/multiarch/../strcmp.S: No such file or directory.
(gdb) bt
#0  0x00007ff744aa1fea in __strcmp_ssse3 () at ../sysdeps/x86_64/multiarch/../strcmp.S:174
#1  0x00007ff744735051 in dttree (dt=0x5592f7cd3860, obj=0x7ffdd3771140, type=4) at dttree.c:143
#2  0x00007ff74500ed18 in refsymbind (strdict=0x5592f7cd3860, s=0x7ffdd3773350 "_cc_0") at refstr.c:74
#3  0x00007ff74500ede9 in agstrdup (g=0x5592f7ccba90, s=0x7ffdd3773350 "_cc_0") at refstr.c:102
#4  0x00007ff74500b94f in aginternalmapinsert (g=0x5592f7ccba90, objtype=0, str=0x7ffdd3773350 "_cc_0", id=6) at imap.c:126
#5  0x00007ff74500b532 in agmapnametoid (g=0x5592f7ccba90, objtype=0, str=0x7ffdd3773350 "_cc_0", result=0x7ffdd3771288, createflag=0) at id.c:105
#6  0x00007ff7450126a4 in agsubg (g=0x5592f7ccba90, name=0x7ffdd3773350 "_cc_0", cflag=1) at subg.c:57
#7  0x00007ff744d58a2e in ccomps (g=0x5592f7ccba90, ncc=0x7ffdd3773408, pfx=0x0) at ccomps.c:326
#8  0x00005592f703cbcf in main (argc=1, argv=0x7ffdd3773528) at /home/magjac/graphviz/rtest/../dot.demo/neatopack.c:33
(gdb)

ASan gives this:

ASAN:DEADLYSIGNAL
=================================================================
==19175==ERROR: AddressSanitizer: SEGV on unknown address 0x362e6f732e6c (pc 0x7fef93c124db bp 0x7ffd890ded70 sp 0x7ffd890ded30 T0)
==19175==The signal is caused by a READ memory access.
    #0 0x7fef93c124da in aggetrec /home/magjac/graphviz/lib/cgraph/rec.c:42
    #1 0x7fef93c1268e in agbindrec /home/magjac/graphviz/lib/cgraph/rec.c:95
    #2 0x7fef8b54da6a in neato_init_node /home/magjac/graphviz/lib/neatogen/neatoinit.c:46
    #3 0x7fef8b54dfaf in neato_init_node_edge /home/magjac/graphviz/lib/neatogen/neatoinit.c:125
    #4 0x7fef8b54f843 in neato_init_graph /home/magjac/graphviz/lib/neatogen/neatoinit.c:620
    #5 0x7fef8b551e06 in neato_layout /home/magjac/graphviz/lib/neatogen/neatoinit.c:1438
    #6 0x7fef93950bfe in gvLayoutJobs /home/magjac/graphviz/lib/gvc/gvlayout.c:85
    #7 0x7fef9395b2e2 in gvLayout /home/magjac/graphviz/lib/gvc/gvc.c:65
    #8 0x55ec144a6114 in main /home/magjac/graphviz/rtest/../dot.demo/neatopack.c:38
    #9 0x7fef9355db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #10 0x55ec144a5e59 in _start (/home/magjac/graphviz/a.exe+0xe59)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/magjac/graphviz/lib/cgraph/rec.c:42 in aggetrec
==19175==ABORTING

The problem can be seen for all OSs in this pipeline

!1527 (merged) does not solve the problem as can be seen in [this pipeline].(https://gitlab.com/magjac/graphviz/-/pipelines/180166113).