Page MenuHomePhabricator

SQL query error on bad input to [[special:ipblocklist]] due to negative LIMIT clause
Closed, ResolvedPublic


Author: nickpj


CURL command:

curl --silent --include \
-F 'limit'='09700982312351132098234'\


Results in this entry in the MediaWiki database error log:

Tue Aug 1 17:04:55 EST 2006 bling IndexPager::reallyDoQuery
(IPBlocklistPager) localhost 1064 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '-9223372036854775808' at line 1 (localhost) SELECT
ipblocks.*,user_name FROM ipblocks,user WHERE
(ipb_expiry>'20060801070455') AND (ipb_by=user_id OR ipb_by=0) GROUP BY

ipblocks.ipb_id ORDER BY ipb_timestamp DESC LIMIT -9223372036854775808

This is on 64-bit hardware & software; However the limit field value being
passed to MediaWiki exceeds 2^64, so there's possibly an integer wraparound
happening somewhere, which results in the negative limit value being used.

Version: 1.8.x
Severity: minor



Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:21 PM
bzimport set Reference to bz6890.
bzimport added a subscriber: Unknown Object (MLST).

nickpj wrote:

The problem here can be illustrated with these 3 steps:

root@bling:~# php --run '$x = 9223372036854775807; $y = $x + 1; print intval($y)
. "\n\n";'


I.e. a wraparound issue, as 2^63 (for a signed int on 64-bit platform) =

nickpj wrote:

Simple patch that caps the limit clause to some sensible max value (e.g. 50000)