Use of uninitialized vertex in poly_inside
Steps to reproduce
This is an MSAN bug reproduced by some internal users of graphviz, but I manually examined the source code to uncover an error.
Expected Behaviour
We define Q
and R
here: https://gitlab.com/graphviz/graphviz/-/blob/main/lib/common/shapes.c?blame=0#L2427
vertex
is only set this line https://gitlab.com/graphviz/graphviz/-/blob/main/lib/common/shapes.c?blame=0#L2357
which happens when n != lastn
. Then Q
and R
ends up reading some garbage values.
There are cases where we never set vertex
and later we try to access some garbage values (since vertex
is declared static
)
Also a related bug is static node_t *lastn
, lastn will hold the value of whatever happen to set lastn
, which seems unexpected.
Actual Behaviour
vertex
should be set to valid values.
OS Version
Debian 6.5.13
Graphviz Version
dot - graphviz version 2.43.0 (0)
Additional info
Fill in with anything else that might be important.