Removing plucker generator ?

Albert Astals Cid aacid at kde.org
Wed Jan 24 23:33:58 GMT 2024


El dimecres, 17 de gener de 2024, a les 13:45:03 (CET), Sune Stolborg Vuorela 
va escriure:
> Hi
> 
> While doing changes for KF6, I also touched the plucker generator code a
> bit. And I'm not confident in the code.
> 
> It's c-code originating in 2003.
> It seems to be trusting the input is good.
> I found potential crasher bugs in it by looking at it
> It has no tests
> It doesn't look like the code has met some fuzzy-tester
> 
> If it requires a owner key, it needs to be provided in a configuration file
> somewhere on disk, and trying that ends up with out of bounds writes and
> crashes. The configuration file it tries to open is btw called:
> PLUCKER_CONFIG_DIRFILE_SEPARATOR_CHAR_SSYS_CONFIG_FILE_NAME
> (and stored in a char* malloc'ed to be 40 chars long).
> 
> It has foo = realloc(foo,...); foo[n].bar = ...; Realloc returns null on
> failure.
> 
> It's hard to find test data for it. Any data.
> The homepage of the format seems to have been repurposed many years ago to
> something else.
> 
> I think we should either find someone to take ownership over this and
> promise to invest a significant amount of time into it. Or just remove it.

CC'in Tobias (if that address still works) in case he has some input.

I've never seen any plucker document myself.

Cheers,
  Albert

> 
> /Sune






More information about the Okular-devel mailing list