noah-arcouette / md Goto Github PK
View Code? Open in Web Editor NEWSimple, small, and optimized compiled MarkDown file reader that runs in your terminal / command line
License: MIT License
Simple, small, and optimized compiled MarkDown file reader that runs in your terminal / command line
License: MIT License
Hi Noah
While I was looking for a Markdown viewer for my old Linux machine , I saw you code which is great to be honest most MD viewers are really bloated and hog a ridiculous amount of memory
but I noticed few bugs and flaws
after I compiled it and renamed it as MD
I noticed that the way that you are handling command line argument seems incorrect
which caused a buffer overflow
so when I ran this:
./MD AAAAAAAAAAA
the output was:
Error: File `AAAAAAAAAAA' cannot be opened.
Segmentation fault
as you might see that it tells me that the file doesn't exist as expected but what happens is that it is still trying to process that incorrect input
if the file name is long enough it completely breaks the program as a result of a buffer overflow
which is a usually can cause some security vulnerabilities but it's not really severe in this case
as you see when I run it this way:
./MD AAAAAAAAAAAAA
it outputs:
Segmentation fault
as you might already know argv
is not memory safe because it doesn't check the length of inputs before it passes it to your program
so you have to check the length of the string manually before your program processes it
also I tried to open the file from this link https://github.com/xroche/coucal/blob/master/README.md
and it read some part of it then ran into a segmentation fault which as you know is accessing some memory blocks that it shouldn't access , so in theory an MD file with some shell script in some particular way created by a hacker can end up running on any machine views that file using this program
I hope that get fixed soon. and thank you for creating this piece of art. other than the previous bugs your code is amazing and it is just exactly what I'm looking for
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.