On Wednesday, 28 January 2026 19:00:58 GMT G. Branden Robinson wrote: > Hi folks, > > Bruno Haible found a SEGV in the formatter by putting the GNU > distribution archive "sed-4.8.tar.xz" on the input. > > See <https://savannah.gnu.org/bugs/?67978>. > > I _was_ going to bust the C/C++ code freeze for this and whatever yarn > unravelled from it...I've already started to find some, as seen in > comment #4 to the foregoing ticket. > > However, Bruno argues against that. > > > I wouldn't delay the 1.24.0 release for this, because > > > > It's an absurd, unrealistic input. > > > > Complete handling of such inputs would take several weeks. When I > > did input fuzzing on the 'xgettext' program, it took me two weeks > > to fix the various findings. And for groff, Ingo Schwarze > > estimates it to be "at least a month of full-time work", see > > https://lists.nongnu.org/archive/html/groff/2019-12/msg00078.html > > > > You have 15 pages of NEWS accumulated for this release. Get the > > new features out to the users! > > Personally I feel conflicted; my pride as a software engineer is in > conflict with my goals as a release manager. (Usually, the former wins, > which is why I have not yet managed to accelerate groff's traditionally > slow release cadence.) > > However, a quick check reveals that this problem is not new to groff's > 1.24.0 release candidates. > > groff 1.23.0, 1.22.4, and 1.22.3 all also core dump on the same input. > > That pushes me back toward just proceeding, and not even writing a > release note about it, since it's a defect of long standing and (now) > tracked in Savannah, and we've never historically blasted readers of our > release notes with lists of _open_ (non-Wish-Severity) Savannah tickets. > > So I guess I'll just wince about this and pounce on it when the 1.25 > cycle opens, or masticate it in a private branch while waiting for for > RC or release feedback. > > I welcome the community's viewpoints on the matter. > > Regards, > Branden
Hi Branden, I agree with Bruno, the fix can wait. I'm not sure about this one though, it seems to be only in current groff:- [derij@pip build (master)]$ echo "\X'pdf: xrev'"|groff -Tpdf -ms -Z x T pdf x res 72000 1 1 x init p1 troff: src/roff/troff/input.cpp:3107: const char* token::description(): Assertion `0 == "unhandled case of `type` (token)"' failed. groff: error: troff: Aborted (core dumped) It only dumps if the -ms is included. It does not matter what text appears in the \X command. Cheers Deri
