Page MenuHomePhabricator
Create Task
Maniphest T8890

SQL query error on bad input to [[special:ipblocklist]] due to negative LIMIT clause
Closed, ResolvedPublic
Actions

Description

Author: nickpj

Description:

CURL command:

curl --silent --include \
-F 'limit'='09700982312351132098234'\

'localhost/wiki/index.php/Special:Ipblocklist'

Results in this entry in the MediaWiki database error log:

Tue Aug 1 17:04:55 EST 2006 bling IndexPager::reallyDoQuery
(IPBlocklistPager) localhost 1064 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '-9223372036854775808' at line 1 (localhost) SELECT
ipblocks.*,user_name FROM ipblocks,user WHERE
(ipb_expiry>'20060801070455') AND (ipb_by=user_id OR ipb_by=0) GROUP BY

ipblocks.ipb_id ORDER BY ipb_timestamp DESC LIMIT -9223372036854775808

This is on 64-bit hardware & software; However the limit field value being
passed to MediaWiki exceeds 2^64, so there's possibly an integer wraparound
happening somewhere, which results in the negative limit value being used.

Version: 1.8.x
Severity: minor

Details

Reference
bz6890

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:21 PM
bzimport added a project: MediaWiki-Special-pages.
bzimport set Reference to bz6890.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Aug 1 2006, 7:10 AM
bzimport added a comment.Oct 3 2006, 6:06 AM

nickpj wrote:

The problem here can be illustrated with these 3 steps:

root@bling:~# php --run '$x = 9223372036854775807; $y = $x + 1; print intval($y)
. "\n\n";'
-9223372036854775808

root@bling:~#

I.e. a wraparound issue, as 2^63 (for a signed int on 64-bit platform) =
9223372036854776000

bzimport added a comment.Oct 3 2006, 6:07 AM

nickpj wrote:

Simple patch that caps the limit clause to some sensible max value (e.g. 50000)

Attached:

pager-diff.txt556 BDownload

bzimport added a comment.Oct 4 2006, 8:48 AM

nickpj wrote:

Closed in r16789.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits