Author: avinoamr
Description:
The SMW Parser seems to ignore grammar/syntax errors altogether. Instead of issuing an error message, it's generating an impossibly-heavy DB query:
SELECT /* SMW::getQueryResult Avinoamr */ DISTINCT t0.smw_id AS id,t0.smw_title AS t,t0.smw_namespace AS ns,t0.smw_iw AS iw,t0.smw_sortkey FROM smw_ids AS t0 INNER JOIN smw_ids AS t2 ON t0.smw_id=t2.smw_id WHERE t2.smw_iw!=':smw' AND t2.smw_iw!=':smw-redi' AND t2.smw_iw!=':smw-border' AND t2.smw_iw!=':smw-intprop' ORDER BY t0.smw_sortkey ASC LIMIT 21
This query is obviously malformed, it doesn't try to match anything useful, just filters out certain rows. On our current MediaWiki installation this query takes more than 1 hour to complete.
I've noticed it's being generated by (1) using a bad syntax (try [Field::->Value]]), or (2) by using the {#ask} parser function with an empty query string (try {#ask:}).
Obviously, the user should be aware of what he's doing - but a couple of these queries can really slow down the DBs for no reason.
I think it's a critical performance/stability bug. If I'm not mistaken, a single user can pretty much crash several of the DB servers simply by running these queries repeatedly.
I'm not certain what kind of parsing algorithm is being used (LL(1) ?), but I'm sure grammar validation is part of it. If you wish, I volunteer to help with developing this support - but I'd like to have a comprehensive understanding and guidance before I begin.
By the way - another approach would be to check the Query object before executing it. And if we realize that this meaningless SQL error will be executed, we can just throw a non-informative Parsing exception. That's a more quick & dirty solution, in my opinion.
Version: unspecified
Severity: critical