-
Matthew Fernandez authoredThis code assumed `xd->version` was in the range `[0, 17]`. However, there is no validation of this. The user can set an arbitrary version in the range `[0, USHRT_MAX]` by using the `xdotversion` graph attribute. Setting a version above 1.7 – or more specifically, that would be parsed as a value above 17 – would cause an out of bounds read in this code. Now any version above 1.7 is assumed to have no extensions; that is, equivalent to version 1.4. There are no known planned extensions to xdot, so the user should have no reason to set a version above 1.7. Gitlab: fixes #2390
eb5e482f
To find the state of this project's repository at the time of any of these versions, check out the tags.