It's actual unit tests (a new tests/unit/ParserTest.cpp file) and most of the
tests are for PdfParser::ReadXRefSubsection (responsible for CVE-2015-8981,
CVE-2017-5853, CVE-2017-5855, CVE-2017-6844, CVE-2018-5296 - 14% of the CVEs
discovered in PoDoFo)
I'll submit the new tests next week - my main concern is adding a new .CPP and
.H file to the build lists risks breaking the build very close to release.
A safer option (until 0.9.6 is released) might be adding the new unit test
files without changing the build - and anyone that's running tests can patch
their build locally to include the new tests.
Best Regards
Mark
--
Mark Rogers - mark.rog...@powermapper.com
PowerMapper Software Ltd - www.powermapper.com
Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL
On 13/04/2018, 21:58, "Mattia Rizzolo" <mat...@mapreri.org> wrote:
On Fri, Apr 13, 2018 at 02:09:40PM +0000, Mark Rogers wrote:
> If I can also submit the parser unit tests now, but I was planning
> to wait until 0.9.6 release was complete
If you have actual unit tests (i.e., patches to tests/unit, or even
within tests/ only, and not external reproducers), I'd recommend
submitting them, and I would also recommend libpodofo maintainers to
accept them (as really, more tests can't possibly be a bad thing…).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
