El dijous, 25 de gener de 2024, a les 0:33:58 (CET), Albert Astals Cid va escriure: > El dimecres, 17 de gener de 2024, a les 13:45:03 (CET), Sune Stolborg > Vuorela > va escriure: > > Hi > > > > While doing changes for KF6, I also touched the plucker generator code a > > bit. And I'm not confident in the code. > > > > It's c-code originating in 2003. > > It seems to be trusting the input is good. > > I found potential crasher bugs in it by looking at it > > It has no tests > > It doesn't look like the code has met some fuzzy-tester > > > > If it requires a owner key, it needs to be provided in a configuration > > file > > somewhere on disk, and trying that ends up with out of bounds writes and > > crashes. The configuration file it tries to open is btw called: > > PLUCKER_CONFIG_DIRFILE_SEPARATOR_CHAR_SSYS_CONFIG_FILE_NAME > > (and stored in a char* malloc'ed to be 40 chars long). > > > > It has foo = realloc(foo,...); foo[n].bar = ...; Realloc returns null on > > failure. > > > > It's hard to find test data for it. Any data. > > The homepage of the format seems to have been repurposed many years ago to > > something else. > > > > I think we should either find someone to take ownership over this and > > promise to invest a significant amount of time into it. Or just remove it. > > CC'in Tobias (if that address still works) in case he has some input. > > I've never seen any plucker document myself.
No answer from anyone so this was actioned. https://invent.kde.org/graphics/okular/-/merge_requests/921 Cheers, Albert > > Cheers, > Albert > > > /Sune
