Difference between revisions of "Score testing"

Revision as of 22:15, 19 January 2023

Unreadable Score extension output in dark mode

Hopefully I can get the Score extension working to produce SVG output on upstream task T49578. The transparent PNG image normally produced needs white background styling otherwise it's unreadable in dark mode.

Update December 2022: my patch was merged! :) now we wait for it to be tested and deployed into Wikipedia. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354 (see below). Also, this wiki is running on a 32-bit server, which only supports up to LilyPond 2.22 (I'm not game enough to try and compile LilyPond myself, and I'm not even sure Scheme 2 runs in 32-bit?) So I'm testing the SVG Score output over on my test instance (which is not guaranteed to be up at all times).

Examples

Range of the contrabass trombone, as used on Wikipedia:

${ \new Staff \with { \remove "Time_signature_engraver" } \clef bass \key c \major \cadenzaOn \ottava #-1 \tweak font-size #-2 fis,,,1 \finger \markup \text "poss." \ottava #0 c,,1 \glissando d'1 \tweak font-size #-2 f'1 }$

The Spear motif from Das Rheingold:

$\layout { ragged-right = ##t \context { \Score \omit BarNumber } } \relative g { \override DynamicTextSpanner.style = #'none \override Hairpin.minimum-length = #5 \clef bass \key c \major g2~ \ff g8 f8 e8. d16 c4 b a g f e d c \break b a g f e1~ \dim\! << e1~ { s2 s4 s4 \> } >> e4 \! \p r4 r2 }$

The Summit from Eine Alpensinfonie, which may or may not be a contrabass trombone excerpt, but probably ought to be:

$\relative c, { \time 4/4 \clef bass \key c \major r2 r4\ff g\tenuto c2.\tenuto c4\tenuto g'2.\tenuto g4\tenuto c1 e2~ e4.. b16 a1 g1 c8 r8 r4 r2 \bar "|." }$

CV-2020-17354

See T259210. Looks like either the syntax of the PoC vulns need updating, and/or they've been fixed. Can't repro as currently stands, with LilyPond 2.24 and Score on latest master.

1. With defined location:

Unable to compile LilyPond input file:

line 6 - column 1:
Spurious expression in \score

2. and without:

Unable to compile LilyPond input file:

line 6 - column 1:
Spurious expression in \score

3. Variant in comment from Han-wen Nienhuys:

${ \override NoteHead.text = \system \override NoteHead.stencil = #(lambda (grob) ((cdr (assoc 'text (cadr (ly:grob-alist-chain grob '())))) "id") #f) c4 }$

@@ Line 1: / Line 1: @@
 [[File:Score_PNG_output_in_dark_theme.png|thumb|Unreadable Score extension output in dark mode]]
-Hopefully I can get the Score extension working to [https://phabricator.wikimedia.org/T49578 produce SVG output], instead of the transparent PNG image that needs a white background styling for dark mode otherwise it's unreadable.
+Hopefully I can get the Score extension working to produce SVG output on upstream task [https://phabricator.wikimedia.org/T49578 T49578]. The transparent PNG image normally produced needs white background styling otherwise it's unreadable in dark mode.
-;Update Januuary 2023: my patch was merged! :) now we wait for it to be tested and deployed. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354.
+;Update December 2022: my patch was merged! :) now we wait for it to be tested and deployed into Wikipedia. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354 (see below). Also, this wiki is running on a 32-bit server, which only supports up to LilyPond 2.22 (I'm not game enough to try and compile LilyPond myself, and I'm not even sure Scheme 2 runs in 32-bit?) So I'm testing the SVG Score output over on my [https://mw-master.test.jon.geek.nz test instance] (which is not guaranteed to be up at all times).
 == Examples ==
@@ Line 50: / Line 50: @@
 == CV-2020-17354 ==
-See [https://phabricator.wikimedia.org/T259210 T259210]
+See [https://phabricator.wikimedia.org/T259210 T259210]. Looks like either the syntax of the PoC vulns need updating, and/or they've been fixed. Can't repro as currently stands, with LilyPond 2.24 and Score on latest master.
 . With defined location: <score>