NULL pointer dereference on oversized SIZE parameter in SELECT tag.
vulners.com/securityvulns/securityvulns:doc:26335