Permalink
Browse files

MDL-26922 dml - avoid PHP_INT_MAX overflow on limit queries

  • Loading branch information...
1 parent 56babbc commit f80de2f25c1599a9f3b1cdf4b2570106c40ccc30 @stronk7 stronk7 committed Mar 21, 2011
Showing with 6 additions and 0 deletions.
  1. +3 −0 lib/dml/mssql_native_moodle_database.php
  2. +3 −0 lib/dml/sqlsrv_native_moodle_database.php
@@ -694,6 +694,9 @@ public function get_recordset_sql($sql, array $params=null, $limitfrom=0, $limit
if ($limitfrom or $limitnum) {
if ($limitnum >= 1) { // Only apply TOP clause if we have any limitnum (limitfrom offset is handled later)
$fetch = $limitfrom + $limitnum;
+ if (PHP_INT_MAX - $limitnum < $limitfrom) { // Check PHP_INT_MAX overflow
+ $fetch = PHP_INT_MAX;
+ }
$sql = preg_replace('/^([\s(])*SELECT([\s]+(DISTINCT|ALL))?(?!\s*TOP\s*\()/i',
"\\1SELECT\\2 TOP $fetch", $sql);
}
@@ -763,6 +763,9 @@ public function get_recordset_sql($sql, array $params = null, $limitfrom = 0, $l
if ($limitfrom or $limitnum) {
if ($limitnum >= 1) { // Only apply TOP clause if we have any limitnum (limitfrom offset is handled later)
$fetch = $limitfrom + $limitnum;
+ if (PHP_INT_MAX - $limitnum < $limitfrom) { // Check PHP_INT_MAX overflow
+ $fetch = PHP_INT_MAX;
+ }
$sql = preg_replace('/^([\s(])*SELECT([\s]+(DISTINCT|ALL))?(?!\s*TOP\s*\()/i',
"\\1SELECT\\2 TOP $fetch", $sql);
}

0 comments on commit f80de2f

Please sign in to comment.