groff
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Re: PSPIC error - "missing argument"

From: Bernd Warken
Subject: Re: [Groff] Re: PSPIC error - "missing argument"
Date: Sun, 16 Jun 2002 00:43:10 +0200
User-agent: Mutt/1.2.5i 
On Fri, Jun 14, 2002 at 06:47:00PM +0100, Ralph Corderoy wrote:
> 
> > > > groff still contains a lot of very old code.  If you look at it
> > > > deeply, it is full of subtle bugs.  Moreover, it is absolutely
> > > > insecure (buffer-overflows).
> > > 
> > > Please tell us where.  Such things should be fixed ASAP.
> > 
> > Not now.  After the release.
> 
> Do you mean you won't tell us until after the release, or you will tell
> us but don't think they should be fixed until after the release?
> 
These bugs are not trivial.  Many global variables are not cleanly used.
Most classes are not well designed.  It will be a lot of work.  Have a 
look at <groff_top>/src/libs/libdriver/input.cc to get an idea.  The
changes there fixed some bugs that were inhereted and tolerated since the 
very beginning.

As a second point, security issues from the Secure-Programs-HOWTO are
mandatory for a serious GNU package.  This will imply a heavy usage of
classes.  This would be combined with Unicode integration, so that's a
big deal, too.

The greatest difficulty is the conservatism of the groff elders.
Security in driving cars is a bit more complicated than with bicycles
from the stone age.

Bernd Warken
reply via email to
[Prev in Thread] Current Thread [Next in Thread]