commit b456a3ef618f55a20b3071d336cb20514274f1d4
Author: Ethan A Merritt <merritt@u.washington.edu>
Date:   Tue Mar 11 12:31:54 2025 -0700

    guard against invalid read from plot->labels
    
    If a plot style uses points and the point chosen has PT_CHARACTER
    then the program looks for a possible font in plot->labels->font.
    These plot styles contain a flag bit HAS_POINT (gp_types.h).
    The program makes sure to initialize plot->labels for these styles.
    However a problem arises when a plot style that doesn't use points
    nevertheless triggers this same attempted font lookup by using a
    linetype that happens to use pointtype PT_CHARACTER.
    I think this is only possible with 'splot' but I added parallel
    checks for 'plot' as well.
    
    Bug 2776

diff --git src/boundary.c src/boundary.c
index e787de3f1..941635f7a 100644
--- src/boundary.c
+++ src/boundary.c
@@ -1468,7 +1468,7 @@ do_key_sample_point(
 	    (*t->pointsize)(pointsize);
 	if (on_page(xl + key_point_offset, yl)) {
 	    if (this_plot->lp_properties.p_type == PT_CHARACTER) {
-		if (this_plot->labels->textcolor.type != TC_DEFAULT)
+		if (this_plot->labels && this_plot->labels->textcolor.type != TC_DEFAULT)
 		    apply_pm3dcolor(&(this_plot->labels->textcolor));
 		(*t->put_text) (xl + key_point_offset, yl, 
 				this_plot->lp_properties.p_char);
diff --git src/graph3d.c src/graph3d.c
index bda614b7a..74ae8d558 100644
--- src/graph3d.c
+++ src/graph3d.c
@@ -2164,7 +2164,7 @@ plot3d_points(struct surface_points *plot)
     /* Set whatever we can that applies to every point in the loop */
     if (plot->lp_properties.p_type == PT_CHARACTER) {
 	ignore_enhanced(TRUE);
-	if (plot->labels->font && plot->labels->font[0])
+	if (plot->labels && plot->labels->font && plot->labels->font[0])
 	    (*t->set_font) (plot->labels->font);
 	(*t->justify_text) (CENTRE);
     }
@@ -2260,7 +2260,7 @@ plot3d_points(struct surface_points *plot)
 
     /* Return to initial state */
     if (plot->lp_properties.p_type == PT_CHARACTER) {
-	if (plot->labels->font && plot->labels->font[0])
+	if (plot->labels && plot->labels->font && plot->labels->font[0])
 	    (*t->set_font) ("");
 	ignore_enhanced(FALSE);
     }
diff --git src/graphics.c src/graphics.c
index 083cb61f4..f68ef7096 100644
--- src/graphics.c
+++ src/graphics.c
@@ -2649,7 +2649,7 @@ plot_points(struct curve_points *plot)
     /* Set whatever we can that applies to every point in the loop */
     if (plot->lp_properties.p_type == PT_CHARACTER) {
 	ignore_enhanced(TRUE);
-	if (plot->labels->font && plot->labels->font[0])
+	if (plot->labels && plot->labels->font && plot->labels->font[0])
 	    (*t->set_font) (plot->labels->font);
 	(*t->justify_text) (CENTRE);
     }
@@ -2781,7 +2781,7 @@ plot_points(struct curve_points *plot)
 
     /* Return to initial state */
     if (plot->lp_properties.p_type == PT_CHARACTER) {
-	if (plot->labels->font && plot->labels->font[0])
+	if (plot->labels && plot->labels->font && plot->labels->font[0])
 	    (*t->set_font) ("");
 	ignore_enhanced(FALSE);
     }