Re: Removing plucker generator ?
El dijous, 25 de gener de 2024, a les 0:33:58 (CET), Albert Astals Cid va escriure: > El dimecres, 17 de gener de 2024, a les 13:45:03 (CET), Sune Stolborg > Vuorela > va escriure: > > Hi > > > > While doing changes for KF6, I also touched the plucker generator code a > > bit. And I'm not confident in the code. > > > > It's c-code originating in 2003. > > It seems to be trusting the input is good. > > I found potential crasher bugs in it by looking at it > > It has no tests > > It doesn't look like the code has met some fuzzy-tester > > > > If it requires a owner key, it needs to be provided in a configuration > > file > > somewhere on disk, and trying that ends up with out of bounds writes and > > crashes. The configuration file it tries to open is btw called: > > PLUCKER_CONFIG_DIRFILE_SEPARATOR_CHAR_SSYS_CONFIG_FILE_NAME > > (and stored in a char* malloc'ed to be 40 chars long). > > > > It has foo = realloc(foo,...); foo[n].bar = ...; Realloc returns null on > > failure. > > > > It's hard to find test data for it. Any data. > > The homepage of the format seems to have been repurposed many years ago to > > something else. > > > > I think we should either find someone to take ownership over this and > > promise to invest a significant amount of time into it. Or just remove it. > > CC'in Tobias (if that address still works) in case he has some input. > > I've never seen any plucker document myself. No answer from anyone so this was actioned. https://invent.kde.org/graphics/okular/-/merge_requests/921 Cheers, Albert > > Cheers, > Albert > > > /Sune
Re: Removing plucker generator ?
El dimecres, 17 de gener de 2024, a les 13:45:03 (CET), Sune Stolborg Vuorela va escriure: > Hi > > While doing changes for KF6, I also touched the plucker generator code a > bit. And I'm not confident in the code. > > It's c-code originating in 2003. > It seems to be trusting the input is good. > I found potential crasher bugs in it by looking at it > It has no tests > It doesn't look like the code has met some fuzzy-tester > > If it requires a owner key, it needs to be provided in a configuration file > somewhere on disk, and trying that ends up with out of bounds writes and > crashes. The configuration file it tries to open is btw called: > PLUCKER_CONFIG_DIRFILE_SEPARATOR_CHAR_SSYS_CONFIG_FILE_NAME > (and stored in a char* malloc'ed to be 40 chars long). > > It has foo = realloc(foo,...); foo[n].bar = ...; Realloc returns null on > failure. > > It's hard to find test data for it. Any data. > The homepage of the format seems to have been repurposed many years ago to > something else. > > I think we should either find someone to take ownership over this and > promise to invest a significant amount of time into it. Or just remove it. CC'in Tobias (if that address still works) in case he has some input. I've never seen any plucker document myself. Cheers, Albert > > /Sune
Removing plucker generator ?
Hi While doing changes for KF6, I also touched the plucker generator code a bit. And I'm not confident in the code. It's c-code originating in 2003. It seems to be trusting the input is good. I found potential crasher bugs in it by looking at it It has no tests It doesn't look like the code has met some fuzzy-tester If it requires a owner key, it needs to be provided in a configuration file somewhere on disk, and trying that ends up with out of bounds writes and crashes. The configuration file it tries to open is btw called: PLUCKER_CONFIG_DIRFILE_SEPARATOR_CHAR_SSYS_CONFIG_FILE_NAME (and stored in a char* malloc'ed to be 40 chars long). It has foo = realloc(foo,...); foo[n].bar = ...; Realloc returns null on failure. It's hard to find test data for it. Any data. The homepage of the format seems to have been repurposed many years ago to something else. I think we should either find someone to take ownership over this and promise to invest a significant amount of time into it. Or just remove it. /Sune -- I didn’t stop pretending when I became an adult, it’s just that when I was a kid I was pretending that I fit into the rules and structures of this world. And now that I’m an adult, I pretend that those rules and structures exist. - zefrank
