From 4d143d10ebc52c222d590af41ebbf9a7b9de4ba6 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Thu, 15 Oct 2020 14:10:21 -0400 Subject: TODO: organize in preparation for next increment --- TODO | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 93 insertions(+), 6 deletions(-) (limited to 'TODO') diff --git a/TODO b/TODO index 8ab668d8..fb9a14e2 100644 --- a/TODO +++ b/TODO @@ -1,17 +1,104 @@ +Candidates for upcoming release +=============================== + +* Trivial fixes: + * lgtm warning + * #470: odd/even -- doc bug + * #468: doc typo + * Remove travisci + * Update manual to clearly state qpdf's exit codes including mention + of not exiting with code 1. + +* Quick issues: + * #438: things written to stdout instead of stderr; --no-warn issues + * #454: integer overflow + * #451: BufferInputSource performance enhancement + * #432: WindowsCryptProvider fixes + +* Easy build/test + * #429: cygwin build and openssl version (see #455) + * #455: openssl configure checks + * #453: improve openssl error messages + * #422: disable rpath when building RPM + * #352: building standalone executables (lambda layer) + * #460: potential malware in fuzzer seed corpus + +* Fuzz crashes + * See "New" below + +* Open "next" issues + * bugs + * #473: zsh completion with directories + * #459: locale-sensitivity + * #449: internal error with case to reproduce (from pikepdf) + * #444: concatenated stream/whitespace bug + * Non-bugs + * #446: recognize edited QDF files + * #436: parsing of document with form xobject + +* Try migrating to github actions + +* Remember to check work `qpdf` project for private issues + * file with very slow page extraction + * big page even with --remove-unreferenced-resources=yes, even with --empty + * optimize image failure because of colorspace + +* Make it possible for StreamDataProvider to modify the stream + dictionary in addition to the stream data so it can calculate things + about the dictionary at runtime. Will require a small change to + QPDFWriter. + +* Take flattenRotation code from pdf-split and do something with it, + maybe adding it to the library. Once there, call it from pdf-split + and bump up the required version of qpdf. + +* Externalize inline images doesn't walk into form XObjects. In + general: + + * Check QPDFPageObjectHelper and see what can be applied to form + XObjects. Maybe think about generalizing it to work with form + XObjects. + + * There is an increasing amount of logic in qpdf.cc that should + probably move into the library. This includes externalizing inline + images and page splitting as those operations become more + elaborate, particularly with handling of form XObjects. + +* Flattening of form XObjects seems like something that would be + useful in the library. We are seeing more cases of completely valid + PDF files with form XObjects that cause problems in other software. + Flattening of form XObjects could be a useful way to work around + those issues or to prepare files for additional processing, making + it possible for users of the qpdf library to not be concerned about + form XObjects. This could be done recursively; i.e., we could have a + method to embed a form XObject into whatever contains it, whether + that is a form XObject or a page. This would require more + significant interpretation of the content stream. We would need a + test file in which the placement of the form XObject has to be in + the right place, e.g., the form XObject partially obscures earlier + code and is partially obscured by later code. + +* See if the tokenizer is a performance bottleneck and, if so, + optimize it. We might end up with a high-performance tokenizer that + has a different interface but still ultimately creates the same + tokens. + +* See about tying lgtm.com into qpdf's CI. + + Fuzz Errors =========== * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id= -* To fix: - * 19253 - indirect leaks. Not sure of the cause, but it might have - something to do with multiple instances of the same object being - read and discarded during file recovery. Maybe there's a missing - call to releaseResolved. +* New: + * 23172: stack overflow (https://oss-fuzz.com/testcase-detail/5719543787028480) + * 23599: integer overflow: https://oss-fuzz.com/testcase?key=6290807920525312 + * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 * Ignoring these: * Problems inside the jpeg library: 15470, 15751, 18633, 18732, - 18745, 20391 + 18745, 20391, 23581 * Timeout: 15471, 17630 Windows Build -- cgit v1.2.3-54-g00ecf