[aur-dev] [PATCH] aurjson.class.php: Limit number of RPC results

canyonknight canyonknight at gmail.com
Thu Oct 18 16:52:11 EDT 2012 

With no limit to the number of results, memory_limit set to 32M
can easily be exceeded for searches that have a large number of
results. This results in an HTTP error 500 for those queries.

Limit results to 5000 packages to avoid exceeding memory_limit.
Introduce new JSON error code for when the result limit is hit.

Fixes FS#31849

Signed-off-by: canyonknight <canyonknight at gmail.com>
---

It doesn't have to be 5000. That's just a safe arbitrary number
I came up with during testing.

 web/lib/aurjson.class.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index fbdc711..5701697 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -149,6 +149,10 @@ class AurJSON {
                 }
             }
 
+           if ($resultcount === 5000) {
+               return $this->json_error('Too many package results.');
+           }
+
             return $this->json_results($type, $resultcount, $search_data);
         }
         else {
@@ -198,7 +202,8 @@ class AurJSON {
         $keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%");
 
         $where_condition = "(Name LIKE {$keyword_string} OR ";
-        $where_condition.= "Description LIKE {$keyword_string})";
+        $where_condition.= "Description LIKE {$keyword_string}) ";
+        $where_condition.= "LIMIT 5000";
 
         return $this->process_query('search', $where_condition);
     }
@@ -238,17 +243,19 @@ class AurJSON {
         $where_condition = "";
         if ($ids) {
             $ids_value = implode(',', $args['ids']);
-            $where_condition .= "ID IN ({$ids_value})";
+            $where_condition .= "ID IN ({$ids_value}) ";
         }
         if ($ids && $names) {
-            $where_condition .= " OR ";
+            $where_condition .= "OR ";
         }
         if ($names) {
             // individual names were quoted in parse_multiinfo_args()
             $names_value = implode(',', $args['names']);
-            $where_condition .= "Name IN ({$names_value})";
+            $where_condition .= "Name IN ({$names_value}) ";
         }
 
+        $where_condition .= "LIMIT 5000";
+
         return $this->process_query('multiinfo', $where_condition);
     }
 
@@ -260,7 +267,8 @@ class AurJSON {
     private function msearch($maintainer) {
         $maintainer = $this->dbh->quote($maintainer);
 
-        $where_condition = "Users.Username = {$maintainer}";
+        $where_condition = "Users.Username = {$maintainer} ";
+        $where_condition .= "LIMIT 5000";
 
         return $this->process_query('msearch', $where_condition);
     }
-- 
1.7.12.3

More information about the aur-dev mailing list