Closed
Bug 242405
Opened 21 years ago
Closed 20 years ago
Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.18
People
(Reporter: shengh, Assigned: glob)
Details
Attachments
(1 file, 2 obsolete files)
|
2.06 KB,
patch
|
bugreport
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316
I had my bugzilla upgraded from 2.16.2. Truned on the QA contact, now that I see
"missing" in all of the components, which is of cause a OK as I don't have that
before.
Then I added a new component to the list, however I received the following error:
Software error:
Insecure dependency in parameter 1 of DBI::db=HASH(0x860957c)->do method call
while running with -T switch at Bugzilla/Series.pm line 184.
For help, please send mail to the webmaster (vcad_webmaster@cadence.com), giving
this error message and the time and date of the error.
However, as I look into the database, the new component is added to the
component list.
Then I tried to add a new bug to the new component, ooops, failed as Bugzilla is
suffering from "internal error" and cannot proceed further. As i can tell,
edit/add bugs are still fine for old components, just those components created
after the upgrade are tied to this problem.
Then if I turned the QA contact off in the edit param page, all goes fine,
edit/add either old existing components, or newly created components are
proceeded as normal.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
|
||
Comment 1•21 years ago
|
||
What version did you upgrade *to*?
The problem you're having with the bugs sounds to me like a side-effect of the
error you got when adding the component.
Summary: Turned on QA contact cause submit bug failed → Turning on QA contact causes taint error in Bugzilla/Series.pm when adding a component
|
|
||
Comment 2•21 years ago
|
||
question: is the Bugzilla webserver running Windows? I don't believe
editcomponents.cgi is supposed to be running in taint mode yet...
Blocks: 141006
|
||
Comment 4•21 years ago
|
||
I cannot make this happen
Maybe not a bug itself in the 2.17.7, instead something need to be find out
between 2.16.2 ~ 2.17.7?
I still experience this problem :-(
Now the system is turn to QA off all the time.
If I add a new component to a existing product, bugzilla reports error as
before, however it does add the new component to the database. I can see the new
component from the component list whe I try to add a bug.
However, if I really go to add a new bug __right after__ I create the new
component, I will receive an other error message, something like "illegal
component list" (sorry, my colleague found the problem bug didn't saved the
message). Then the second time if I try to add the other bug to this component,
it passes and everything seems correctly added!! Mytery!
I will try again to reproduce this problem, please let me know what else
information/data/log you guys will need.
cheers.
Okey, I just reproduced the scenario myself and here is the log I save from mysql
log file and Bugzilla screen output.
Adding a new component named "Vescs" under product "Skill packages":
*********************** log from screen ***************
Adding new component of Skill packages
Software error:
Insecure dependency in parameter 1 of DBI::db=HASH(0x86093fc)->do method call
while running with -T switch at Bugzilla/Series.pm line 184.
For help, please send mail to the webmaster (vcad_webmaster@cadence.com), giving
this error message and the time and date of the error.
******************* log from mysql **************************
040602 15:12:58 44462 Connect bugs@172.29.139.182 on bugs
44462 Query SELECT profiles.userid, profiles.disabledtext FROM
logincookies, profiles WHERE logincookies.cookie='201' AND
logincookies.userid=profiles.userid AND logincookies.userid='1' AND
(logincookies.ipaddr='172.29.139.136' OR logincookies.ipaddr='172.29.139.136')
44462 Query UPDATE logincookies SET lastused=NULL WHERE cookie='201'
44462 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE userid='1'
44462 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44462 Query SELECT DISTINCT groups.name, group_id
FROM groups, user_group_map
WHERE groups.id=user_group_map.group_id
AND user_id='1'
AND isbless=0
44462 Query SELECT name, query, linkinfooter
FROM namedqueries
WHERE userid='1'
ORDER BY UPPER(name)
44462 Query SELECT name
FROM products
WHERE name='Skill packages'
44462 Query SELECT id FROM products WHERE name = 'Skill packages'
44462 Query SELECT components.name
FROM components, products
WHERE products.id = components.product_id
AND products.name='Skill packages' AND components.name='Vescs'
44462 Query select userid from profiles where login_name =
'shengh@cadence.com'
44462 Query select userid from profiles where login_name = ''
44462 Query INSERT INTO components ( product_id, name, description,
initialowner, initialqacontact ) VALUES ( 11,'Vescs','Vcad enhanced schematic
check&save','1','0')
44462 Query LOCK TABLES series_categories WRITE, series WRITE,
user_series_map WRITE
44462 Query SELECT category_id from series_categories WHERE name
='Skill packages'
44462 Query SELECT category_id from series_categories WHERE name ='Vescs'
44462 Query INSERT INTO series_categories (name) VALUES ('Vescs')
44462 Query SELECT category_id from series_categories WHERE name ='Vescs'
44462 Quit
***************** log end for add new component ************************
Try to add a bug for the component I just added (Vescs). It produced the
following error message in browser:
***************** log from screen **********************
editcomponents.cgi: Insecure dependency in parameter 1 of
DBI::db=HASH(0x86093fc)->do method call while running with -T switch at
Bugzilla/Series.pm line 184.
Internal Error
Bugzilla has suffered an internal error. Please save this page and send it to
shengh@cadence.com with details of what you were doing at the time this message
appeared.
URL: http://portcullis/bugzilla/post_bug.cgi
A legal Component was not set.
******************** log from mysql **********************
040602 15:14:25 44463 Connect bugs@172.29.139.182 on bugs
44463 Query SELECT 1 FROM group_control_map WHERE entry != 0 LIMIT 1
44463 Query SELECT profiles.userid, profiles.disabledtext FROM
logincookies, profiles WHERE logincookies.cookie='201' AND
logincookies.userid=profiles.userid AND logincookies.userid='1' AND
(logincookies.ipaddr='172.29.139.136' OR logincookies.ipaddr='172.29.139.136')
44463 Query UPDATE logincookies SET lastused=NULL WHERE cookie='201'
44463 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE userid='1'
44463 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44463 Query SELECT DISTINCT groups.name, group_id
FROM groups, user_group_map
WHERE groups.id=user_group_map.group_id
AND user_id='1'
AND isbless=0
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Bugzilla' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Customer' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Epm' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Infrastructure' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Isador' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'PCM' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'PCT' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Skill packages' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'TimeTracker' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Vcad IP' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'VCAD Web' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'VPRM' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'VSH' LIMIT 1
44463 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'WCDI' LIMIT 1
44463 Query SELECT name, query, linkinfooter
FROM namedqueries
WHERE userid='1'
ORDER BY UPPER(name)
44463 Quit
I tried the above twice, but all failed to add a new bug with this new component.
So then I surrendered with this session, click on the add new bug link at the
foot banner, tried again to redraw the page, filled the form for the same thing
and hit commit button.......processed and added! No error, no warning...and here
is the log from mysql for this action:
***************** log from mysql ****************
040602 15:20:57 44470 Connect bugs@172.29.139.182 on bugs
44470 Query SELECT profiles.userid, profiles.disabledtext FROM
logincookies, profiles WHERE logincookies.cookie='201' AND
logincookies.userid=profiles.userid AND logincookies.userid='1' AND
(logincookies.ipaddr='172.29.139.136' OR logincookies.ipaddr='172.29.139.136')
44470 Query UPDATE logincookies SET lastused=NULL WHERE cookie='201'
44470 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE userid='1'
44470 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44470 Query SELECT userid, realname, login_name FROM profiles WHERE
login_name = 'shengh@cadence.com'
44470 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE userid='1'
44470 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44470 Query SELECT id FROM products WHERE name = 'Skill packages'
44470 Query SELECT DISTINCT groups.name, group_id
FROM groups, user_group_map
WHERE groups.id=user_group_map.group_id
AND user_id='1'
AND isbless=0
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Skill packages' LIMIT 1
44470 Query SELECT id FROM components WHERE product_id = 11 AND name =
'Vescs'
44470 Query select userid from profiles where login_name =
'shengh@cadence.com'
44470 Query SELECT defaultmilestone FROM products WHERE name='Skill
packages'
44470 Query SELECT isactive FROM groups WHERE id=22
44470 Query SELECT user_id FROM user_group_map
WHERE user_id = 1
AND group_id = 22
AND isbless = 0
44470 Query SELECT DISTINCT groups.id, groups.name, membercontrol,
othercontrol FROM groups LEFT JOIN group_control_map ON group_id = id AND
product_id = 11 WHERE isbuggroup != 0 AND isactive != 0 ORDER BY description
44470 Query INSERT INTO bugs
(version,rep_platform,bug_severity,priority,op_sys,assigned_to,bug_status,bug_file_loc,short_desc,target_milestone,everconfirmed,product_id,component_id,
reporter, creation_ts, estimated_time, remaining_time) VALUES
('unspecified','PC','normal','P3','Linux','1','NEW','','Create base
class','---','1','11','128',1, now(), 0, 0)
44470 Query select now()
44470 Query select LAST_INSERT_ID()
44470 Query INSERT INTO bug_group_map (bug_id, group_id)
VALUES (3340022, 22)
44470 Query INSERT INTO longdescs (bug_id, who, bug_when, thetext)
VALUES (3340022, 1, now(), 'Create top level base class')
44470 Query select login_name from profiles where userid = 1
44470 Query SELECT
bugs.bug_id, alias, bugs.product_id, products.name, version,
rep_platform, op_sys, bug_status, resolution, priority,
bug_severity, bugs.component_id, components.name, assigned_to,
reporter, bug_file_loc, short_desc, target_milestone,
qa_contact, status_whiteboard,
DATE_FORMAT(creation_ts,'%Y.%m.%d %H:%i'),
delta_ts, ifnull(sum(votes.vote_count),0),
reporter_accessible, cclist_accessible,
estimated_time, remaining_time
from bugs left join votes using(bug_id),
products, components
where bugs.bug_id = 3340022
AND products.id = bugs.product_id
AND components.id = bugs.component_id
group by bugs.bug_id
44470 Query SELECT bugs.bug_id, reporter, assigned_to, qa_contact,
reporter_accessible, cclist_accessible, cc.who IS NOT NULL,
COUNT(DISTINCT(bug_group_map.group_id)) as cntbugingroups,
COUNT(DISTINCT(user_group_map.group_id)) as cntuseringroups FROM bugs LEFT JOIN
cc ON bugs.bug_id = cc.bug_id AND cc.who = 1 LEFT JOIN bug_group_map ON
bugs.bug_id = bug_group_map.bug_id LEFT JOIN user_group_map ON
user_group_map.group_id = bug_group_map.group_id AND user_group_map.isbless = 0
AND user_group_map.user_id = 1 WHERE bugs.bug_id = 3340022 GROUP BY bugs.bug_id
44470 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE userid='1'
44470 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44470 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE userid='1'
44470 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44470 Query select who from cc where bug_id=3340022
44470 Query SELECT keyworddefs.name
FROM keyworddefs, keywords
WHERE keywords.bug_id = 3340022
AND keyworddefs.id = keywords.keywordid
ORDER BY keyworddefs.name
44470 Query SELECT product_id
FROM bugs
WHERE bug_id = 3340022
44470 Query SELECT group_id FROM group_control_map WHERE product_id =
11 AND canedit != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) LIMIT 1
44470 Query SELECT attach_id, DATE_FORMAT(creation_ts, '%Y.%m.%d %H:%i'),
mimetype, description, ispatch, isobsolete, isprivate,
submitter_id, LENGTH(thedata)
FROM attachments WHERE bug_id = 3340022 ORDER BY attach_id
44470 Query SELECT 1, flagtypes.id, flagtypes.name,
flagtypes.description, flagtypes.cc_list, flagtypes.target_type,
flagtypes.sortkey, flagtypes.is_active, flagtypes.is_requestable,
flagtypes.is_requesteeble, flagtypes.is_multiplicable,
COUNT(flagexclusions.type_id) AS num_exclusions FROM flagtypes , flaginclusions
LEFT JOIN flagexclusions ON (flagtypes.id = flagexclusions.type_id AND
(flagexclusions.product_id = 11 OR flagexclusions.product_id IS NULL) AND
(flagexclusions.component_id = 128 OR flagexclusions.component_id IS NULL))
WHERE 1=1 AND flagtypes.target_type = 'b' AND flagtypes.id =
flaginclusions.type_id AND (flaginclusions.product_id = 11 OR
flaginclusions.product_id IS NULL) AND (flaginclusions.component_id = 128 OR
flaginclusions.component_id IS NULL) GROUP BY flagtypes.id HAVING
num_exclusions = 0 ORDER BY flagtypes.sortkey, flagtypes.name
44470 Query SELECT COUNT(flagtypes.id), COUNT(flagexclusions.type_id)
AS num_exclusions FROM flagtypes , flaginclusions LEFT JOIN flagexclusions ON
(flagtypes.id = flagexclusions.type_id AND (flagexclusions.product_id = 11 OR
flagexclusions.product_id IS NULL) AND (flagexclusions.component_id = 128 OR
flagexclusions.component_id IS NULL)) WHERE 1=1 AND flagtypes.target_type = 'a'
AND flagtypes.is_active = 1 AND flagtypes.id = flaginclusions.type_id AND
(flaginclusions.product_id = 11 OR flaginclusions.product_id IS NULL) AND
(flaginclusions.component_id = 128 OR flaginclusions.component_id IS NULL)
GROUP BY flagtypes.id HAVING num_exclusions = 0
44470 Query SELECT COUNT(id) FROM flags WHERE 1=1 AND attach_id IS NOT
NULL AND bug_id = 3340022
44470 Query select dependencies.dependson, bugs.bug_status
from dependencies, bugs
where dependencies.blocked = 3340022
and bugs.bug_id = dependencies.dependson
order by dependencies.dependson
44470 Query select dependencies.blocked, bugs.bug_status
from dependencies, bugs
where dependencies.dependson = 3340022
and bugs.bug_id = dependencies.blocked
order by dependencies.blocked
44470 Query SELECT name, query, linkinfooter
FROM namedqueries
WHERE userid='1'
ORDER BY UPPER(name)
44470 Query SELECT name, description, mailhead FROM fielddefs ORDER BY
sortkey
44470 Query SELECT
alias,assigned_to,bug_file_loc,bug_severity,bug_status,cclist_accessible,component_id,estimated_time,everconfirmed,keywords,op_sys,priority,product_id,qa_contact,remaining_time,rep_platform,reporter,reporter_accessible,resolution,short_desc,status_whiteboard,target_milestone,version,votes,
lastdiffed, now() FROM bugs WHERE bug_id = 3340022
44470 Query SELECT name FROM products WHERE id = 11
44470 Query SELECT name FROM components WHERE id = 128
44470 Query SELECT who FROM cc WHERE bug_id = 3340022
44470 Query SELECT profiles.login_name FROM votes, profiles WHERE
votes.bug_id = 3340022 AND profiles.userid = votes.who
44470 Query SELECT dependson FROM dependencies WHERE
blocked = 3340022 ORDER BY dependson
44470 Query SELECT blocked FROM dependencies WHERE
dependson = 3340022 ORDER BY blocked
44470 Query SELECT profiles.login_name, fielddefs.description,
bug_when, removed, added, attach_id, fielddefs.name FROM bugs_activity,
fielddefs, profiles WHERE bug_id = 3340022 AND fielddefs.fieldid =
bugs_activity.fieldid AND profiles.userid = who AND bug_when > '0000-00-00
00:00:00' AND bug_when <= '2004-06-02 15:20:57' ORDER BY bug_when
44470 Query SELECT bugs_activity.bug_id, bugs.short_desc,
fielddefs.name, removed, added FROM bugs_activity, bugs, dependencies,
fielddefs WHERE bugs_activity.bug_id = dependencies.dependson AND bugs.bug_id
= bugs_activity.bug_id AND dependencies.blocked = 3340022 AND
fielddefs.fieldid = bugs_activity.fieldid AND (fielddefs.name = 'bug_status'
OR fielddefs.name = 'resolution') AND bug_when > '0000-00-00 00:00:00' AND
bug_when <= '2004-06-02 15:20:57' ORDER BY bug_when, bug_id
44470 Query SELECT profiles.login_name,
DATE_FORMAT(longdescs.bug_when,'%Y.%m.%d %H:%i'), longdescs.thetext,
longdescs.isprivate FROM longdescs, profiles WHERE profiles.userid =
longdescs.who AND longdescs.bug_id = 3340022 AND longdescs.bug_when <=
'2004-06-02 15:20:57'ORDER BY longdescs.bug_when
44470 Query select userid from profiles where login_name =
'shengh@cadence.com'
44470 Query SELECT emailflags FROM profiles WHERE userid = 1
44470 Query select userid from profiles where login_name =
'shengh@cadence.com'
44470 Query SELECT emailflags FROM profiles WHERE userid = 1
44470 Query select userid from profiles where login_name =
'shengh@cadence.com'
44470 Query SELECT emailflags FROM profiles WHERE userid = 1
44470 Query select userid from profiles where login_name =
'shengh@cadence.com'
44470 Query SELECT emailflags FROM profiles WHERE userid = 1
44470 Query SELECT userid,
login_name,
realname,
mybugslink
FROM profiles
WHERE
login_name='shengh@cadence.com'
44470 Query SELECT 1
FROM profiles, groups
WHERE userid='1'
AND profiles.refreshed_when <=
groups.last_changed
44470 Query SELECT bugs.bug_id, reporter, assigned_to, qa_contact,
reporter_accessible, cclist_accessible, cc.who IS NOT NULL,
COUNT(DISTINCT(bug_group_map.group_id)) as cntbugingroups,
COUNT(DISTINCT(user_group_map.group_id)) as cntuseringroups FROM bugs LEFT JOIN
cc ON bugs.bug_id = cc.bug_id AND cc.who = 1 LEFT JOIN bug_group_map ON
bugs.bug_id = bug_group_map.bug_id LEFT JOIN user_group_map ON
user_group_map.group_id = bug_group_map.group_id AND user_group_map.isbless = 0
AND user_group_map.user_id = 1 WHERE bugs.bug_id = 3340022 GROUP BY bugs.bug_id
44470 Query SELECT DISTINCT groups.name, group_id
FROM groups, user_group_map
WHERE groups.id=user_group_map.group_id
AND user_id='1'
AND isbless=0
040602 15:20:58 44470 Query UPDATE bugs SET lastdiffed = '2004-06-02
15:20:57', delta_ts = delta_ts WHERE bug_id = 3340022
44470 Query SELECT profiles.realname, profiles.login_name,
date_format(longdescs.bug_when,'%Y.%m.%d %H:%i'),
longdescs.thetext, longdescs.work_time,
isprivate,
date_format(longdescs.bug_when,'%Y%m%d%H%i%s')
FROM longdescs, profiles
WHERE profiles.userid = longdescs.who
AND longdescs.bug_id = 3340022
ORDER BY longdescs.bug_when
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Bugzilla' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Customer' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Epm' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Infrastructure' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Isador' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'PCM' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'PCT' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'TimeTracker' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'Vcad IP' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'VCAD Web' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'VPRM' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'VSH' LIMIT 1
44470 Query SELECT group_id IS NULL FROM products LEFT JOIN
group_control_map ON group_control_map.product_id = products.id AND
group_control_map.entry != 0 AND group_id NOT
IN(6,16,3,14,1,4,24,23,11,25,5,8,20,22,7,18,13,12,9,15,19,21,2,10,17) WHERE
products.name = 'WCDI' LIMIT 1
44470 Query SELECT DISTINCT groups.id, name, description,
bug_group_map.group_id IS NOT NULL, user_group_map.group_id IS NOT NULL,
isactive, membercontrol, othercontrol FROM groups LEFT JOIN bug_group_map ON
bug_group_map.group_id = groups.id AND bug_id = 3340022 LEFT JOIN user_group_map
ON user_group_map.group_id = groups.id AND user_id = 1 AND NOT isbless LEFT JOIN
group_control_map ON group_control_map.group_id = groups.id AND
group_control_map.product_id = 11 WHERE isbuggroup
44470 Quit
********************** log from mysql end **********************
It looks to me that something is not finished during the create new component,
and was finished in a later stage. Maybe some kind of "lock", such that this
lock is not being removed in the correct place but got removed later.
Right after I created the new component, although it told me there were
"internal error", I could see the new component has been added to the database,
it must be something else is not set/unset.
cheers.
|
|
||
Comment 10•20 years ago
|
||
Confirmed by visual inspection of the code. The product and component being
used as the category and subcategory coming out of new component creation is
never getting detainted. The failure to be able to create bugs in the new
component is only temporary until versioncache rebuilds. The unlinking of
data/versioncache happens after the series is created, so when it crashes during
series creation, the cache doesn't get rebuilt until the next time it would have
anyway.
By definition, taint errors are 2.18 blockers.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking2.18+
Target Milestone: --- → Bugzilla 2.18
|
Assignee | |
Comment 11•20 years ago
|
||
only $self->{'name'} needs to be detainted.
it's a shame that $dbh->quote doesn't detaint automatically like SqlQuote does.
Attachment #150931 -
Flags: review?
|
|
Assignee | |
Comment 12•20 years ago
|
||
someone want to reveiw this for me please?
|
||
Comment 13•20 years ago
|
||
(In reply to comment #12)
> someone want to reveiw this for me please?
I can confirm that this does fix the problem, but I haven't checked that the detaint is safe to do, or the
only one necessary. (Sorry that isn't too helpful)
Is the title of the big correct? I'm sure I had failures before I enabled QA contacts...
|
|
||
Comment 14•20 years ago
|
||
Comment on attachment 150931 [details] [diff] [review]
detaint series insert
Series.pm should never be getting tainted data to begin with unless it's
getting it from an environment variable or CGI form data directly.
The latter happens to be the case here, however, the part that loads data from
CGI is a separate sub, and the writeToDatabase function is callable even on
series objects that aren't created from CGI, thus the detaint() doesn't belong
here (that goes for the one on 'query' as well).
The detaints should all be happening in the initFromCGI sub before the object
is returned.
Attachment #150931 -
Flags: review? → review-
|
|
Assignee | |
Comment 15•20 years ago
|
||
moves trick_taint in Series.pm into initFromCGI, which is the logical location,
but doesn't fix this bug, as initFromParameters is actually used.
editcomponents now has a shiny new trick_taint
Attachment #150931 -
Attachment is obsolete: true
Attachment #152096 -
Flags: review?(justdave)
|
|
||
Comment 16•20 years ago
|
||
Comment on attachment 152096 [details] [diff] [review]
detaint series insert v2
>+++ editcomponents.cgi
>@@ -466,6 +466,7 @@
> push(@series, [$::FORM{'closed_name'}, $resolved . $prodcomp]);
>
> foreach my $sdata (@series) {
>+ trick_taint($sdata->[0]);
ehh.... how about if we stuff $::FORM{'closed_name'} into a local variable
and detaint it there before pushing it into @series? That'll make the logic a
little cleaner, since we won't be wondering why stuff in @series is suddenly
tainted. It's obvious why $::FORM stuff would be tainted at that point.
To satify the anal security folks, we should also add a comment next to the
trick_taint() which explains why we think it's safe to use trick_taint() on it.
(i.e. it's never used as a command or raw SQL)
Also, how about if we move the other detaint from writeToDatabase while we're
looking at it, so we don't forget.
Sorry to be so anal about it, but them's the breaks when we're dealing with the
taint stuff ;) We're close :)
Attachment #152096 -
Flags: review?(justdave) → review-
|
|
Assignee | |
Comment 17•20 years ago
|
||
Attachment #152096 -
Attachment is obsolete: true
Attachment #152420 -
Flags: review?(justdave)
|
|
Assignee | |
Comment 18•20 years ago
|
||
Comment on attachment 152420 [details] [diff] [review]
detaint series insert v3
clearing review request. was thinking about this on the bus and i want to do
some more testing.
Attachment #152420 -
Flags: review?(justdave)
|
|
||
Comment 19•20 years ago
|
||
Comment on attachment 152420 [details] [diff] [review]
detaint series insert v3
r=joel
Attachment #152420 -
Flags: review+
|
|
||
Updated•20 years ago
|
Flags: approval?
|
|
||
Updated•20 years ago
|
Flags: approval? → approval+
|
||
Comment 20•20 years ago
|
||
Checked in by timeless:
Bug 242405 Turning on QA contact causes taint error in Bugzilla/Series.pm when
adding a component
patch by bugzilla@glob.com.au r=joel a=justdave
2004-07-08 20:33 timeless%mozdev.org mozilla/ webtools/ bugzilla/ Bugzilla/
Series.pm 1.5 0/1
2004-07-08 20:33 timeless%mozdev.org mozilla/ webtools/ bugzilla/
editcomponents.cgi 1.41 14/5
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•