The Random Books, Software, and Thoughts of Michael R Sweet

PDFio 1.6.2 February 15, 2026

PDFio 1.6.2 is a bug fix release. Changes include:

  • Increased the maximum length of a single string to 128k (Issue #146)
  • Added missing range checks to pdfioArrayCopy and pdfioDictCopy.
  • Refactored PDF encryption code to fix unlocking with certain files.
  • Improved xref table loop detection (Issue #148)
  • Changed how duplicate objects are handled in PDF files (Issue #155)
  • Fixed xref reconstruction for objects lacking a Type value.
  • Fixed pdfioPageOpenStream for indirect Contents arrays.
  • Fixed an error propagation bug when reading too-long values (Issue #146)
  • Fixed a bug when converting Unicode characters above plane 0 (issue #159)
  • Fixed a Clang warning.

Enjoy!

Download PDFio v1.6.2 Home Page

Comments
 

HTMLDOC 1.9.23 January 28, 2026

HTMLDOC 1.9.23 is a bug fix release. Changes include:

  • Fixed a regression in list handling that caused a crash for empty list items (Issue #553)
  • Fixed a regression in the number of rendered table of contents levels in PDF and PostScript output (Issue #554)

Binaries are available from Github for Windows 10+ and macOS 11+, and through the Snapcraft store for Linux.

Enjoy!

Download HTMLDOC 1.9.23 Install HTMLDOC 1.9.23 Snap Home Page

Comments
 

What is a Security Bug? January 13, 2026

I’ve had the privilege of working with a lot of security researchers throughout my career. Every one of them has been passionate about their work and the issues they report, and my work has greatly benefitted from their contributions.

Unfortunately, the software security industry has created an environment where CVEs (Common Vulnerabilities and Exposures) have become an economic driver. Researchers seem to increasingly need published CVEs or bug bounties to justify the time they spend trying to break software in new and interesting ways.

This has predictably led to more software bugs being reported as critical security vulnerabilities, with push-back and frustration from developers when those bugs are either not exploitable or not in that software at all! In addition, many issues are discovered and reported automatically (“AI”, “fuzzing”, etc.) without sufficient investigation/analysis by the reporter. Finally, security updates trigger an emergency response for everyone involved, causing further disruption to the software development process. Thus, it is important to clearly identify which bugs rate a CVE and which ones are ordinary bugs.

More + Comments
 

TTF v1.1.0 December 31, 2025

This is a feature release of TTF, a simple C library for using TrueType and OpenType font files. Changes include:

  • Added configure script for better build system compatibility.
  • Added ttfCache functions to access user- and system-installed fonts (Issue #5)
  • Added ttfCreateData function to create a font from a memory buffer.
  • Added ttfContainsChar and ttfContainsChars functions to determine whether a font contains the necessary characters (Issue #2)
  • Added ttfGetKernedExtents function to get kerned extents (Issue #6)
  • Added guards against fonts claiming they have 0 characters.
  • Added stddef.h include to ttf.h.
  • Added support for more kinds of TrueType/OpenType fonts.
  • Fixed range checking in ttfGetExtents (Issue #9)
  • Fixed potential heap/integer overflow issues in the TrueType cmap code.
  • Fixed underflow in TrueType cmap code.

Enjoy!

Download TTF v1.1.0 Home Page Github Project

Comments
 

HTMLDOC 1.9.22 December 28, 2025

HTMLDOC 1.9.22 is a bug fix release. Changes include:

  • Added a “–without-http” configure option to build without CUPS HTTP/HTTPS support (Issue #547)
  • Updated HTTP/HTTPS support to work with both CUPS 2.x and 3.x.
  • Updated the maximum image dimension to prevent integer overflow on 32-bit platforms (Issue #550)
  • Updated the HTML parser to correctly report the line number of errors in files with more than 2^32-1 lines (Issue #551)
  • Fixed a crash bug with certain markdown files (Issue #548)
  • Fixed an unrestricted recursion bug when reading and formatting HTML (Issue #552)

Binaries are available from Github for Windows 10+ and macOS 11+, and through the Snapcraft store for Linux.

Enjoy!

Download HTMLDOC 1.9.22 Install HTMLDOC 1.9.22 Snap Home Page

Comments
 

PDFio 1.6.1 December 26, 2025

PDFio 1.6.1 is a bug fix release. Changes include:

  • Added missing input checking to pdfioFileCreateFontObjFromBase function.
  • Updated support for UTF-16 strings (Issue #141)
  • Updated Xcode project to use installed PNG library.
  • Fixed decryption of PDF files using an Encrypt dictionary instead of an indirect reference (Issue #139)
  • Fixed character range checking in a TTF support function.
  • Fixed some clang warnings.
  • Fixed the generated pkg-config file.

Enjoy!

Download PDFio v1.6.1 Home Page

Comments
 

PAPPL v1.4.10 December 26, 2025

PAPPL v1.4.10 is now available for download and is a bug fix release. Changes include:

  • Changed the preferred/first printer URI to use the “ipps” scheme.
  • Updated the USB serial number code to better support non-compliant printers such as those from DYMO (Issue #396)
  • Now show the default and supported “output-bin” options (Issue #393)
  • Now suppress a duplicate ‘auto’ value for “media-source-supported” to work around a bug in the legacy-printer-app (Issue #394)
  • Now log the TLS version and cipher suite, when available.
  • Now create spool files with read-only permissions.
  • Now support setting “media-ready” with the modify sub-command (Issue #395)
  • Fixed attribute copying issue from multiple client threads (Issue #390)
  • Fixed driver validation for raw printing (Issue #391)
  • Fixed PNG looping issue (Issue #398)
  • Fixed default IPv6 listener (Issue #401)
  • Fixed builds against the latest libcups (Issue #403)
  • Fixed a deadlock issue in the web interface (Issue #406)

Enjoy!

Download PAPPL v1.4.10 Home Page

Comments
 

StringsUtil v1.2 December 19, 2025

StringsUtil v1.2 is now available and is a bug fix release. Changes include:

  • Added -v option to stringsutil report sub-command to show unlocalized strings.
  • Added Windows API support to the sfSetLocale function.
  • Updated the output from stringsutil translate to better show progress.
  • Updated code to work with latest CUPS 2.5/3.0.
  • Fixed a crash bug in stringsutil report when checking format strings.

Enjoy!

Download StringsUtil v1.2 Home Page Github Project

Comments
 

View All Posts

 
Donate using Liberapay
Copyright © 1991-2026 by Michael R Sweet. All rights reserved. Contact “webmaster@msweet.org” for assistance.