#114 [Security] Null pointer of gensvg.c in function svg_arrows

[shanzhuli]

Hello Xfig Team
I found an crash error.

System info：
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0

fig2dev Version 3.2.8a

---

Verification steps：
1.Get the source code of fig2dev
2.Compile the fig2dev

$ cd fig2dev-3.2.8a
$ ./configure CC="clang -O2 -fno-omit-frame-pointer -g -fsanitize=address" CXX="clang++ -O2 -fno-omit-frame-pointer -g -fsanitize=address"
$ make 

3.run fig2dev
$ ./fig2dev -L svg fig2dev_crash

asan info:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Creator: fig2dev Version 3.2.8a -->
<!-- CreationDate: 2021-04-17 04:44:25 -->
<!-- Magnification: 1 -->
<svg    xmlns="http://www.w3.org/2000/svg"
    xmlns:xlink="http://www.w3.org/1999/xlink"
    width="73pt" height="113pt"
    viewBox="-76 -376 1202 1877">
<g fill="none">
<!-- Line -->
<rect x="-75" y="-375" width="1200" height="1875" fill="#bfbfbf"/>
<!-- Ellipse -->
<!-- 5 -->
<ellipse transform="translate(150,225) rotate(-45)" rx="150" ry="75"
    stroke="#000000" stroke-width="8px"/>
<!-- Ellipse -->
<!-- 6 -->
<ellipse transform="translate(454,190) rotate(-315)" rx="188" ry="38" fill="#000000"
    stroke="#ffffff" stroke-width="8px"/>
<!-- Ellipse -->
<!-- 7 -->
<ellipse transform="translate(674,187) rotate(-315)" rx="188" ry="38" fill="#4c4c4c"
    stroke="#ffffff" stroke-width="8px"/>
<!-- Circle -->
<!-- 8 -->
<defs>
<circle cx="937" cy="150" r="136" id="p0"/>
<pattern id="tile0" patternUnits="userSpaceOnUse"
    x="0" y="0" width="134" height="134">
<g stroke-width="7.5" stroke="#000000" fill="none">
<path d="M-4,63 71,138 M63,-4 138,71 M-4,71 71,-4 M63,138 138,63"/>
</g>
</pattern>
</defs>
<use xlink:href="#p0" fill="#ffffff"/>
<use xlink:href="#p0" fill="url(#tile0)"
    stroke="#000000" stroke-width="8px"/>
<!-- Line -->
<!-- 1 -->
<rect x="0" y="-300" width="300" height="300" rx="120"
    stroke="#000000" stroke-width="8px"/>
<!-- Line -->
<!-- 2 -->
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3255219==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000583a3d bp 0x7ffec0773610 sp 0x7ffec0773590 T0)
==3255219==The signal is caused by a READ memory access.
==3255219==Hint: address points to the zero page.
    #0 0x583a3d in svg_arrows /home/hh/Downloads/fig2dev-3.2.8a/fig2dev/dev/gensvg.c:1141:24
    #1 0x583a3d in gensvg_line /home/hh/Downloads/fig2dev-3.2.8a/fig2dev/dev/gensvg.c:743:17
    #2 0x4d0847 in gendev_objects /home/hh/Downloads/fig2dev-3.2.8a/fig2dev/fig2dev.c:1008:6
    #3 0x4d0847 in main /home/hh/Downloads/fig2dev-3.2.8a/fig2dev/fig2dev.c:485:11
    #4 0x7f5e0e4f50b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #5 0x41c71d in _start (/home/hh/Downloads/fig2dev-3.2.8a/fig2dev/fig2dev+0x41c71d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/hh/Downloads/fig2dev-3.2.8a/fig2dev/dev/gensvg.c:1141:24 in svg_arrows
==3255219==ABORTING

Thanks

[tkl]

Fixed with commit [43cfa6].