Hi folks, Bruno Haible found a SEGV in the formatter by putting the GNU distribution archive "sed-4.8.tar.xz" on the input.
See <https://savannah.gnu.org/bugs/?67978>. I _was_ going to bust the C/C++ code freeze for this and whatever yarn unravelled from it...I've already started to find some, as seen in comment #4 to the foregoing ticket. However, Bruno argues against that. > I wouldn't delay the 1.24.0 release for this, because > > It's an absurd, unrealistic input. > > Complete handling of such inputs would take several weeks. When I > did input fuzzing on the 'xgettext' program, it took me two weeks > to fix the various findings. And for groff, Ingo Schwarze > estimates it to be "at least a month of full-time work", see > https://lists.nongnu.org/archive/html/groff/2019-12/msg00078.html > > You have 15 pages of NEWS accumulated for this release. Get the > new features out to the users! Personally I feel conflicted; my pride as a software engineer is in conflict with my goals as a release manager. (Usually, the former wins, which is why I have not yet managed to accelerate groff's traditionally slow release cadence.) However, a quick check reveals that this problem is not new to groff's 1.24.0 release candidates. groff 1.23.0, 1.22.4, and 1.22.3 all also core dump on the same input. That pushes me back toward just proceeding, and not even writing a release note about it, since it's a defect of long standing and (now) tracked in Savannah, and we've never historically blasted readers of our release notes with lists of _open_ (non-Wish-Severity) Savannah tickets. So I guess I'll just wince about this and pounce on it when the 1.25 cycle opens, or masticate it in a private branch while waiting for for RC or release feedback. I welcome the community's viewpoints on the matter. Regards, Branden
signature.asc
Description: PGP signature
