During March Dave Mitchell started working on the Fixing Perl5 Core Bugs grant. As requested he has been posting weekly reports to the p5p mailing list and has provided a monthly summary report for posting here.
Dave Mitchell writes:
A rough summary of activity in March:
first, I tagged all new/open tickets with severity >= medium (about 500 of
them) with one or more types (eg regex, PerlIO). At the same time, I
closed any of those tickets which were obviously fixed or not-a-bug etc.
Then being in a position to view all tickets of a certain type, I
worked my way through the 18 tickets marked as security/taint, and there
is currently just a single one of those left, which I was waiting for some
feedback from p5p before fixing.
I've now started on tie bugs: they are closely related to the issues I
came across in the taint bugs earlier, so thought I might as well have a
look at them while the code is still fresh in my mind.
I've been avoiding working on bugs likely to involve large code changes
until after 5.12 is released and the code freeze ends.
I've also been attempting to ensure that new tickets get correctly marked
up with type etc, and are closed if they've been promptly dealt with.
Note that I've ended up closing quite a lot of tickets that I haven't
actually fixed, but that I've determined during triage are fixed or
not-a-bug etc. The tickets listed below are ones that I have generally
done more work on than just triage.
I notionally started work on this grant on 8th march, so this month isn't
a full one. I have been managing so far to commit approximately 20 hour
per week as promised, and have fixed more than the 1 bug per 20 hours
minimum that was also promised.
Report for period 2010/03/08 to 2010/03/31 inclusive
19:05 diagnosing bugs
27:55 fixing bugs
6:20 reviewing other people's bug fixes
0:55 reviewing ticket histories
20:05 review the ticket queue (triage)
Numbers of tickets closed:
8 tickets closed that have been worked on
3 tickets closed related to bugs that have been fixed
54 tickets closed that were reviewed but not worked on (triage)
7:40 [perl #5475] Bug in taint+regex+hash/arrays
0:15 [perl #6654] setreuid problem on aix 4.3
7:05 [perl #6758] tainted values become untainted in tied hashes
0:20 [perl #8928] no taint checks on symbolic references
5:30 [perl #20727] Segfault in program mingling tie and select
11:00 [perl #23810] Tied methods break when combined with eval() of failing compile-time code
1:30 [perl #33755] utf8_heavy.pl, tainted and insecure dependency
5:20 [perl #45167] Taint removal by sprintf
0:15 [perl #50146] File::Temp and unsafe shell characters
0:25 [perl #56490] %+ still untaints data when 'use re qw(taint)' is in scope
0:30 [perl #59766] Changing effective userid from root to normal user fails on Linux
0:15 [perl #62502] Fcntl exported constants become tainted under 5.8.9
0:30 [perl #63248] perl with a script with setuid bits set does not allow -M or -I
1:40 [perl #67962] spamassassin and tainted mode
5:20 [perl #72740] Bleadperl breaks LEMBARK/LinkedList-Single-0.99.1.tar.gz
2:10 [perl #73052] Storable considerably slower at storing coderefs
1:00 [perl #73330] Bug in threads->tid
1:45 [perl #73626] Incorrect resolution of Readonly scalar in piped open
0:30 [perl #73672] Memory leak when assigning to %ENV
1:15 [perl #73714] Regression in 5.12: File::Copy and initial spaces