Commit 4d143d10ebc52c222d590af41ebbf9a7b9de4ba6
1 parent
26514ab7
TODO: organize in preparation for next increment
Showing
1 changed file
with
93 additions
and
6 deletions
TODO
| 1 | +Candidates for upcoming release | ||
| 2 | +=============================== | ||
| 3 | + | ||
| 4 | +* Trivial fixes: | ||
| 5 | + * lgtm warning | ||
| 6 | + * #470: odd/even -- doc bug | ||
| 7 | + * #468: doc typo | ||
| 8 | + * Remove travisci | ||
| 9 | + * Update manual to clearly state qpdf's exit codes including mention | ||
| 10 | + of not exiting with code 1. | ||
| 11 | + | ||
| 12 | +* Quick issues: | ||
| 13 | + * #438: things written to stdout instead of stderr; --no-warn issues | ||
| 14 | + * #454: integer overflow | ||
| 15 | + * #451: BufferInputSource performance enhancement | ||
| 16 | + * #432: WindowsCryptProvider fixes | ||
| 17 | + | ||
| 18 | +* Easy build/test | ||
| 19 | + * #429: cygwin build and openssl version (see #455) | ||
| 20 | + * #455: openssl configure checks | ||
| 21 | + * #453: improve openssl error messages | ||
| 22 | + * #422: disable rpath when building RPM | ||
| 23 | + * #352: building standalone executables (lambda layer) | ||
| 24 | + * #460: potential malware in fuzzer seed corpus | ||
| 25 | + | ||
| 26 | +* Fuzz crashes | ||
| 27 | + * See "New" below | ||
| 28 | + | ||
| 29 | +* Open "next" issues | ||
| 30 | + * bugs | ||
| 31 | + * #473: zsh completion with directories | ||
| 32 | + * #459: locale-sensitivity | ||
| 33 | + * #449: internal error with case to reproduce (from pikepdf) | ||
| 34 | + * #444: concatenated stream/whitespace bug | ||
| 35 | + * Non-bugs | ||
| 36 | + * #446: recognize edited QDF files | ||
| 37 | + * #436: parsing of document with form xobject | ||
| 38 | + | ||
| 39 | +* Try migrating to github actions | ||
| 40 | + | ||
| 41 | +* Remember to check work `qpdf` project for private issues | ||
| 42 | + * file with very slow page extraction | ||
| 43 | + * big page even with --remove-unreferenced-resources=yes, even with --empty | ||
| 44 | + * optimize image failure because of colorspace | ||
| 45 | + | ||
| 46 | +* Make it possible for StreamDataProvider to modify the stream | ||
| 47 | + dictionary in addition to the stream data so it can calculate things | ||
| 48 | + about the dictionary at runtime. Will require a small change to | ||
| 49 | + QPDFWriter. | ||
| 50 | + | ||
| 51 | +* Take flattenRotation code from pdf-split and do something with it, | ||
| 52 | + maybe adding it to the library. Once there, call it from pdf-split | ||
| 53 | + and bump up the required version of qpdf. | ||
| 54 | + | ||
| 55 | +* Externalize inline images doesn't walk into form XObjects. In | ||
| 56 | + general: | ||
| 57 | + | ||
| 58 | + * Check QPDFPageObjectHelper and see what can be applied to form | ||
| 59 | + XObjects. Maybe think about generalizing it to work with form | ||
| 60 | + XObjects. | ||
| 61 | + | ||
| 62 | + * There is an increasing amount of logic in qpdf.cc that should | ||
| 63 | + probably move into the library. This includes externalizing inline | ||
| 64 | + images and page splitting as those operations become more | ||
| 65 | + elaborate, particularly with handling of form XObjects. | ||
| 66 | + | ||
| 67 | +* Flattening of form XObjects seems like something that would be | ||
| 68 | + useful in the library. We are seeing more cases of completely valid | ||
| 69 | + PDF files with form XObjects that cause problems in other software. | ||
| 70 | + Flattening of form XObjects could be a useful way to work around | ||
| 71 | + those issues or to prepare files for additional processing, making | ||
| 72 | + it possible for users of the qpdf library to not be concerned about | ||
| 73 | + form XObjects. This could be done recursively; i.e., we could have a | ||
| 74 | + method to embed a form XObject into whatever contains it, whether | ||
| 75 | + that is a form XObject or a page. This would require more | ||
| 76 | + significant interpretation of the content stream. We would need a | ||
| 77 | + test file in which the placement of the form XObject has to be in | ||
| 78 | + the right place, e.g., the form XObject partially obscures earlier | ||
| 79 | + code and is partially obscured by later code. | ||
| 80 | + | ||
| 81 | +* See if the tokenizer is a performance bottleneck and, if so, | ||
| 82 | + optimize it. We might end up with a high-performance tokenizer that | ||
| 83 | + has a different interface but still ultimately creates the same | ||
| 84 | + tokens. | ||
| 85 | + | ||
| 86 | +* See about tying lgtm.com into qpdf's CI. | ||
| 87 | + | ||
| 88 | + | ||
| 1 | Fuzz Errors | 89 | Fuzz Errors |
| 2 | =========== | 90 | =========== |
| 3 | 91 | ||
| 4 | * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> | 92 | * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> |
| 5 | 93 | ||
| 6 | -* To fix: | ||
| 7 | - * 19253 - indirect leaks. Not sure of the cause, but it might have | ||
| 8 | - something to do with multiple instances of the same object being | ||
| 9 | - read and discarded during file recovery. Maybe there's a missing | ||
| 10 | - call to releaseResolved. | 94 | +* New: |
| 95 | + * 23172: stack overflow (https://oss-fuzz.com/testcase-detail/5719543787028480) | ||
| 96 | + * 23599: integer overflow: https://oss-fuzz.com/testcase?key=6290807920525312 | ||
| 97 | + * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 | ||
| 11 | 98 | ||
| 12 | * Ignoring these: | 99 | * Ignoring these: |
| 13 | * Problems inside the jpeg library: 15470, 15751, 18633, 18732, | 100 | * Problems inside the jpeg library: 15470, 15751, 18633, 18732, |
| 14 | - 18745, 20391 | 101 | + 18745, 20391, 23581 |
| 15 | * Timeout: 15471, 17630 | 102 | * Timeout: 15471, 17630 |
| 16 | 103 | ||
| 17 | Windows Build | 104 | Windows Build |