noah-arcouette / md Goto Github PK

Hi Noah

While I was looking for a Markdown viewer for my old Linux machine , I saw you code which is great to be honest most MD viewers are really bloated and hog a ridiculous amount of memory

but I noticed few bugs and flaws

after I compiled it and renamed it as MD

I noticed that the way that you are handling command line argument seems incorrect
which caused a buffer overflow

so when I ran this:

./MD AAAAAAAAAAA

the output was:

Error: File `AAAAAAAAAAA' cannot be opened.
Segmentation fault

as you might see that it tells me that the file doesn't exist as expected but what happens is that it is still trying to process that incorrect input

if the file name is long enough it completely breaks the program as a result of a buffer overflow
which is a usually can cause some security vulnerabilities but it's not really severe in this case

as you see when I run it this way:

./MD AAAAAAAAAAAAA

it outputs:

Segmentation fault

as you might already know argv is not memory safe because it doesn't check the length of inputs before it passes it to your program

so you have to check the length of the string manually before your program processes it

also I tried to open the file from this link https://github.com/xroche/coucal/blob/master/README.md

and it read some part of it then ran into a segmentation fault which as you know is accessing some memory blocks that it shouldn't access , so in theory an MD file with some shell script in some particular way created by a hacker can end up running on any machine views that file using this program

I hope that get fixed soon. and thank you for creating this piece of art. other than the previous bugs your code is amazing and it is just exactly what I'm looking for