commit dfa8b661b506a463a669754ed635b0a8eb67580e
Author: Thomas Loimer <thomas.loimer@tuwien.ac.at>
Date:   Thu Apr 10 09:03:30 2025 +0200

    Detect nan in spline control values, ticket #192

---
 fig2dev/read.c        |   17 +++++++++++------
 fig2dev/tests/read.at |   19 +++++++++++++++++++
 2 files changed, 30 insertions(+), 6 deletions(-)

--- fig2dev/read.c
+++ fig2dev/read.c	2025-05-16 08:04:13.646999235 +0000
@@ -1581,12 +1581,17 @@ read_splineobject(FILE *fp, char **restr
 			free_splinestorage(s);
 			return NULL;
 		}
-		if (lx < INT_MIN || lx > INT_MAX || ly < INT_MIN ||
-				ly > INT_MAX || rx < INT_MIN || rx > INT_MAX ||
-				ry < INT_MIN || ry > INT_MAX) {
-			/* do not care to clean up, we exit anyway
-			   cp->next = NULL;
-			   free_splinestorage(s);	*/
+		if (		!isfinite(lx) || lx < INT_MIN || lx > INT_MAX ||
+				!isfinite(ly) || ly < INT_MIN || ly > INT_MAX ||
+				!isfinite(rx) || rx < INT_MIN || rx > INT_MAX ||
+				!isfinite(ry) || ry < INT_MIN || ry > INT_MAX)
+		{
+
+                    	/* clean up, to pass test "reject huge spline controls
+			   values" when -fsanitize=address is enabled */
+			cp->next = NULL;
+			free_splinestorage(s);
+			free(cq);
 			put_msg("Spline control points out of range "
 					"at line %d.", *line_no);
 			exit(EXIT_FAILURE);
--- fig2dev/tests/read.at
+++ fig2dev/tests/read.at	2025-05-16 08:07:33.111333617 +0000
@@ -608,6 +608,25 @@ EOF
 ])
 AT_CLEANUP
 
+AT_SETUP([reject nan in spline controls values, #192])
+AT_KEYWORDS([read.c])
+# Use an output language that does not natively support Bezier splines.
+# Otherwise, the huge values are simply copied to the output.
+AT_CHECK([fig2dev -L epic <<EOF
+#FIG 3.1
+Landscape
+Center
+Metric
+1200 2
+3 2 0 1 0 7 50 -1 -1 0.0 0 0 0 2
+	0 0 1200 0
+	600 600 600 nan
+	600 600 600 600
+EOF
+], 1, ignore, [Spline control points out of range at line 8.
+])
+AT_CLEANUP
+
 AT_BANNER([Dynamically allocate picture file name.])
 
 AT_SETUP([prepend fig file path to picture file name])