[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds

[Lucas_Werkmeister_WMDE]

Lucas_Werkmeister_WMDE added a comment.
The change adding the test was reverted in Id2eeeb781b (I’m not sure why @gerritbot didn’t leave a comment), and since then I haven’t seen any more occurrences of this bug, so the CI issue seems to be resolved.

However, I assume we still want to have some test for CVE-2014-5461, so I’m not sure how to proceed. Perhaps close this task and reopen T209232: Add a unit test to Scribunto testing it is not vulnerable to CVE-2014-5461? (Though I’m not sure if it’s still suitable for GCI with these added complications.)TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: Lucas_Werkmeister_WMDECc: gerritbot, Michael, hoo, Jdforrester-WMF, matmarex, Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, CucyNoiD, Nandana, NebulousIris, Gaboe420, A.S.Kochergin, Versusxo, Majesticalreaper22, Giuliamocci, Adrian1985, God, Cpaulf30, Lahi, Gq86, Baloch007, Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, Ramalepe, Liugev6, QZanden, LawExplorer, Lewizho99, Maathavan, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds

[gerritbot]

gerritbot added a comment.
Change 476854 had a related patch set uploaded (by Lucas Werkmeister (WMDE); owner: Lucas Werkmeister (WMDE)):
[mediawiki/extensions/Scribunto@master] Fix stack overflows being reported as OOM errors

https://gerrit.wikimedia.org/r/476854TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Michael, hoo, Jdforrester-WMF, matmarex, Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds

[matmarex]

matmarex added a comment.
Also occurred on https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Math/+/476339TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: matmarexCc: matmarex, Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds

[Anomie]

Anomie added a comment.
Or you could have someone else try it again.TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: AnomieCc: Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] [Commented On] T210634: Scribunto test “LuaStandalone: SecurityTests[1]: CVE-2014-5461” failing in Wikibase CI builds

[Bawolff]

Bawolff added a comment.
The gci task is already accepted - we cant force the student to do more work (we can of course ask nicely)


In T210634#4782783, @Anomie wrote:
Apparently the test added for T209232: Add a unit test to Scribunto testing it is not vulnerable to CVE-2014-5461 is sometimes running out of allowed memory (set by ulimit most likely) before it runs out of Lua stack space (a constant set in Lua's C code), so it's giving a different error from the one that was expected.

If nothing else we could revert rELUA7a7f5226765e: Adding a unit test for CVE-2014-5461 in Scribunto. and let them try again on that task.


TASK DETAILhttps://phabricator.wikimedia.org/T210634EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: BawolffCc: Bawolff, Anomie, Aklapper, Lucas_Werkmeister_WMDE, Nandana, A.S.Kochergin, God, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, SundanceRaphael, _jensen, D3r1ck01, Wikidata-bugs, aude, Dinoguy1000, jayvdb, MrStradivarius, Jackmcbarn, Mbch331, hashar___
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs