Add a unit test to Scribunto, to test that it is not vulnerable to CVE-2014-5461

Wikimedia

This task is for people who have already completed some coding related tasks in MediaWiki!

Old versions of Lua have a security vulnerability in them (CVE-2014-5461). Your task is to write a unit test (Similar to other tests in Scribunto/tests/phpunit/engines/LuaCommon) to make sure that we are not vulnerable to this vulnerability.

The unit test should run the following snippet of lua code:

function f(p1, p2, p3, p4, p5, p6, p7, p8, p9, p10,
            p11, p12, p13, p14, p15, p16, p17, p18, p19, p20,
            p21, p22, p23, p24, p25, p26, p27, p28, p29, p30,
            p31, p32, p33, p34, p35, p36, p37, p38, p39, p40,
            p41, p42, p43, p44, p45, p46, p48, p49, p50, ...)
   local a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14
   f(...)
end
f(17)

And verify that the lua process does not segfault but instead returns an error about stack exhaustion.

See the phabricator ticket for more details!

You are expected to provide a patch in Wikimedia Gerrit. See https://www.mediawiki.org/wiki/Gerrit/Tutorial for how to set up Git and Gerrit.

https://phabricator.wikimedia.org/T209232

Task tags

lua
security
unittests

Students who completed this task

mogmog123

Task type

Code
Quality Assurance