Commit 4d143d10ebc52c222d590af41ebbf9a7b9de4ba6
1 parent
26514ab7
TODO: organize in preparation for next increment
Showing
1 changed file
with
93 additions
and
6 deletions
TODO
| 1 | +Candidates for upcoming release | |
| 2 | +=============================== | |
| 3 | + | |
| 4 | +* Trivial fixes: | |
| 5 | + * lgtm warning | |
| 6 | + * #470: odd/even -- doc bug | |
| 7 | + * #468: doc typo | |
| 8 | + * Remove travisci | |
| 9 | + * Update manual to clearly state qpdf's exit codes including mention | |
| 10 | + of not exiting with code 1. | |
| 11 | + | |
| 12 | +* Quick issues: | |
| 13 | + * #438: things written to stdout instead of stderr; --no-warn issues | |
| 14 | + * #454: integer overflow | |
| 15 | + * #451: BufferInputSource performance enhancement | |
| 16 | + * #432: WindowsCryptProvider fixes | |
| 17 | + | |
| 18 | +* Easy build/test | |
| 19 | + * #429: cygwin build and openssl version (see #455) | |
| 20 | + * #455: openssl configure checks | |
| 21 | + * #453: improve openssl error messages | |
| 22 | + * #422: disable rpath when building RPM | |
| 23 | + * #352: building standalone executables (lambda layer) | |
| 24 | + * #460: potential malware in fuzzer seed corpus | |
| 25 | + | |
| 26 | +* Fuzz crashes | |
| 27 | + * See "New" below | |
| 28 | + | |
| 29 | +* Open "next" issues | |
| 30 | + * bugs | |
| 31 | + * #473: zsh completion with directories | |
| 32 | + * #459: locale-sensitivity | |
| 33 | + * #449: internal error with case to reproduce (from pikepdf) | |
| 34 | + * #444: concatenated stream/whitespace bug | |
| 35 | + * Non-bugs | |
| 36 | + * #446: recognize edited QDF files | |
| 37 | + * #436: parsing of document with form xobject | |
| 38 | + | |
| 39 | +* Try migrating to github actions | |
| 40 | + | |
| 41 | +* Remember to check work `qpdf` project for private issues | |
| 42 | + * file with very slow page extraction | |
| 43 | + * big page even with --remove-unreferenced-resources=yes, even with --empty | |
| 44 | + * optimize image failure because of colorspace | |
| 45 | + | |
| 46 | +* Make it possible for StreamDataProvider to modify the stream | |
| 47 | + dictionary in addition to the stream data so it can calculate things | |
| 48 | + about the dictionary at runtime. Will require a small change to | |
| 49 | + QPDFWriter. | |
| 50 | + | |
| 51 | +* Take flattenRotation code from pdf-split and do something with it, | |
| 52 | + maybe adding it to the library. Once there, call it from pdf-split | |
| 53 | + and bump up the required version of qpdf. | |
| 54 | + | |
| 55 | +* Externalize inline images doesn't walk into form XObjects. In | |
| 56 | + general: | |
| 57 | + | |
| 58 | + * Check QPDFPageObjectHelper and see what can be applied to form | |
| 59 | + XObjects. Maybe think about generalizing it to work with form | |
| 60 | + XObjects. | |
| 61 | + | |
| 62 | + * There is an increasing amount of logic in qpdf.cc that should | |
| 63 | + probably move into the library. This includes externalizing inline | |
| 64 | + images and page splitting as those operations become more | |
| 65 | + elaborate, particularly with handling of form XObjects. | |
| 66 | + | |
| 67 | +* Flattening of form XObjects seems like something that would be | |
| 68 | + useful in the library. We are seeing more cases of completely valid | |
| 69 | + PDF files with form XObjects that cause problems in other software. | |
| 70 | + Flattening of form XObjects could be a useful way to work around | |
| 71 | + those issues or to prepare files for additional processing, making | |
| 72 | + it possible for users of the qpdf library to not be concerned about | |
| 73 | + form XObjects. This could be done recursively; i.e., we could have a | |
| 74 | + method to embed a form XObject into whatever contains it, whether | |
| 75 | + that is a form XObject or a page. This would require more | |
| 76 | + significant interpretation of the content stream. We would need a | |
| 77 | + test file in which the placement of the form XObject has to be in | |
| 78 | + the right place, e.g., the form XObject partially obscures earlier | |
| 79 | + code and is partially obscured by later code. | |
| 80 | + | |
| 81 | +* See if the tokenizer is a performance bottleneck and, if so, | |
| 82 | + optimize it. We might end up with a high-performance tokenizer that | |
| 83 | + has a different interface but still ultimately creates the same | |
| 84 | + tokens. | |
| 85 | + | |
| 86 | +* See about tying lgtm.com into qpdf's CI. | |
| 87 | + | |
| 88 | + | |
| 1 | 89 | Fuzz Errors |
| 2 | 90 | =========== |
| 3 | 91 | |
| 4 | 92 | * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> |
| 5 | 93 | |
| 6 | -* To fix: | |
| 7 | - * 19253 - indirect leaks. Not sure of the cause, but it might have | |
| 8 | - something to do with multiple instances of the same object being | |
| 9 | - read and discarded during file recovery. Maybe there's a missing | |
| 10 | - call to releaseResolved. | |
| 94 | +* New: | |
| 95 | + * 23172: stack overflow (https://oss-fuzz.com/testcase-detail/5719543787028480) | |
| 96 | + * 23599: integer overflow: https://oss-fuzz.com/testcase?key=6290807920525312 | |
| 97 | + * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 | |
| 11 | 98 | |
| 12 | 99 | * Ignoring these: |
| 13 | 100 | * Problems inside the jpeg library: 15470, 15751, 18633, 18732, |
| 14 | - 18745, 20391 | |
| 101 | + 18745, 20391, 23581 | |
| 15 | 102 | * Timeout: 15471, 17630 |
| 16 | 103 | |
| 17 | 104 | Windows Build | ... | ... |