Removing plucker generator ?
Sune Stolborg Vuorela
sune at vuorela.dk
Wed Jan 17 12:45:03 GMT 2024
Hi
While doing changes for KF6, I also touched the plucker generator code a bit.
And I'm not confident in the code.
It's c-code originating in 2003.
It seems to be trusting the input is good.
I found potential crasher bugs in it by looking at it
It has no tests
It doesn't look like the code has met some fuzzy-tester
If it requires a owner key, it needs to be provided in a configuration file
somewhere on disk, and trying that ends up with out of bounds writes and
crashes. The configuration file it tries to open is btw called:
PLUCKER_CONFIG_DIRFILE_SEPARATOR_CHAR_SSYS_CONFIG_FILE_NAME
(and stored in a char* malloc'ed to be 40 chars long).
It has foo = realloc(foo,...); foo[n].bar = ...; Realloc returns null on
failure.
It's hard to find test data for it. Any data.
The homepage of the format seems to have been repurposed many years ago to
something else.
I think we should either find someone to take ownership over this and promise
to invest a significant amount of time into it. Or just remove it.
/Sune
--
I didn’t stop pretending when I became an adult, it’s just that when I was a
kid I was pretending that I fit into the rules and structures of this world.
And now that I’m an adult, I pretend that those rules and structures exist.
- zefrank
More information about the Okular-devel
mailing list