Comments (6)
I don't see the use of this SECURITY.md file: my email can be found from my site (its reference is in README.md).
Up to now, I had reports from various security research communities, but none was containing critical bugs: crashing the program does not destroy any information in the computers of the users, and this cannot extract private data.
On the other side, yes, some buffer overflows have been reported, but I don't see how a malware could be inserted in the readable texts my users expect.
from abcm2ps.
I was considering running this on a server which accepts arbitrary user input without authentication. Crashing the program and buffer overflows can often be turned into arbitrary code execution, which would allow anybody with access to my website to run arbitrary code as the user account which runs abcm2ps
. I'd like to not have everybody on the Internet running whatever code they'd like on my server.
from abcm2ps.
I don't see running abcm2ps in a server as a good idea. It is mainly a batch program that is better run in users computers.
If you want to offer music from a server, it is better to move the computation to the users, and the best way for that is ECMAscript. That's why I created abc2svg.
from abcm2ps.
Just to add to this, the report we received ended up being invalid - so nothing to share from our side.
from abcm2ps.
@moinejf yeah, I found abc2svg
a couple hours later. I abandoned ABC though as I couldn't get verse+chorus repeated parts to render after several hours with either abc2svg
or abcm2ps
using the P
repetitions thing. I may add ABC support later as a side feature, but it will not be the core of the site as I had been previously considering.
from abcm2ps.
What is the problem with abc2svg? Have you any example?
from abcm2ps.
Related Issues (20)
- null pointer deference in function gchord_width() in music.c HOT 1
- null pointer deference in go_global_time() in parse.c HOT 1
- null pointer deference in function set_bar_num() in parse.c HOT 1
- Shape notes: Help defining glyphs HOT 6
- Crash in abcm2ps at music.c:2142 HOT 2
- Stack-buffer-overflow in abcm2ps at music:298 HOT 2
- Crash in abcm2ps at buffer.c HOT 2
- "Bad length" for legit 7/8 duration HOT 2
- Problem when a long decoration acrosses more than two rows HOT 2
- Staffscale directive is ignored for subsequent tunes when using single file eps output (-E -O) options HOT 1
- Bar line at the end of a stave is being placed outside the generated image boundaries HOT 1
- Minor warning HOT 5
- Pango warning because of depreciation HOT 2
- Memory leaks HOT 1
- ld: error: undefined symbol: 8.14.1 -> 8.14.2 (and later) HOT 2
- many «error: Not a note» HOT 2
- Wanted a simpler how-to for Arabic/Turkish score transcriptions HOT 9
- multicol text with a blank line (for paragraph) confuses abcm2ps parser HOT 2
- Cyryllic characters are not displayed HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from abcm2ps.