Fix CVE-2023-31194

Before adding an edge to the Boost graph, check it has not been added.
Apparently, this causes Boost graph adjacency list to misbehave.

Bug:#65

CHANGELOG

@@ -2,6 +2,8 @@
 
 ## Security:
 - See CVE-2023-27390. Check there are no "self" message.
+- See CVE-2023-31194. Do not add twice an edge in the graph. This caused Boost
+                      algorithms to misbehave.
 
 ## Build
 - Set MSVC_RUNTIME_LIBRARY to /MT for static builds

src/input_output_test.cpp

@@ -65,7 +65,7 @@ int main(int, const char**) {
       std::string output_computed = translator->Translate(input, options);
 
       if (output_computed == output) {
-        std::cout << "  [PASS] " << test.path() << std::endl;
+        // std::cout << "  [PASS] " << test.path() << std::endl;
       } else {
         std::cout << "  [FAIL] " << test.path() << std::endl;
         std::cout << "---[Output]------------------" << std::endl;

src/translator/graph_planar/GraphPlanar.cpp

@@ -307,8 +307,15 @@ void GraphPlanar::Write() {
 
   // Create a graph.
   Graph graph(num_vertices);
-  for (auto& it : vertex)
+  for (auto& it : vertex) {
+    // Check if the edge already exists. Apparently, boost graph do not support
+    // it.
+    if (boost::edge(it.from, it.to, graph).second) {
+      continue;
+    }
+
     add_edge(it.from, it.to, graph);
+  }
   InitializeEdgeIndex(graph);
 
   // Make it connected.

test/GraphPlanar/cve-2023-31194/input

@@ -0,0 +1 @@
+A--B--C--D--E--F--D--C

test/GraphPlanar/cve-2023-31194/output

@@ -0,0 +1,18 @@
+      ┌─┐ 
+      │A│ 
+      └┬┘ 
+      ┌┴┐ 
+      │B│ 
+      └┬┘ 
+┌─────┐│  
+│  D  ││  
+└┬─┬─┬┘│  
+ │ │┌┴┐│  
+ │ ││E││  
+ │ │└┬┘│  
+ │┌┴─┴┐│  
+ ││ F ││  
+ │└───┘│  
+┌┴─────┴─┐
+│   C    │
+└────────┘