[PostgreSQL] Crash when querying the DB

RESOLVED FIXED in Bugzilla 3.0

Status

()

--
major
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: LpSolit, Assigned: mkanat)

Tracking

({regression})

2.23
Bugzilla 3.0
regression
Bug Flags:
approval +
blocking3.0 +

Details

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
I tested on bugzilla-tip-pg and qa30pg on landfill, as well as on my local 2.23.3 installation running on PostgreSQL, and I can reproduce the bug in all 3 installations:

Insecure dependency in parameter 1 of DBI::db=HASH(0x931b930)->prepare method call while running with -T switch at /var/www/html/qa30pg/buglist.cgi line 996.

To reproduce, go to query.cgi, and select:

A Comment: "contains all of the words/strings" "foo"


I cannot reproduce the bug on MySQL using this testcase, nor can I reproduce on 2.22 using PostgreSQL. So this bug is specific to 3.0 running on PostgreSQL.
(Reporter)

Comment 1

12 years ago
I have no idea what the problem is. joel, Max, can you help?
Flags: blocking3.0?
(Assignee)

Updated

12 years ago
Flags: blocking3.0? → blocking3.0+
(Assignee)

Comment 2

12 years ago
All right. I'm investigating this. This line shows up as tainted:

((bugs.bug_status IN ('NEW','ASSIGNED','REOPENED')) AND (POSITION('foo' IN LOWER(bugs.short_desc)) > 0))
Assignee: query-and-buglist → mkanat
(Assignee)

Comment 3

12 years ago
Created attachment 241455 [details] [diff] [review]
v1

Okay, here we go. Trivial and obvious patch. The code was obviously wrong before. I don't know why MySQL wasn't throwing this error--I suppose its quote() function also detaints, while Pg's doesn't.
Attachment #241455 - Flags: review?(LpSolit)
(Reporter)

Comment 4

12 years ago
For the record, this is a regression due to bug 300552, which landed on tip only.
Status: NEW → ASSIGNED
Depends on: 300552
(Reporter)

Comment 5

12 years ago
Comment on attachment 241455 [details] [diff] [review]
v1

Tested. This fixes the problem. r=LpSolit

Land this asap.
Attachment #241455 - Flags: review?(LpSolit) → review+
(Reporter)

Updated

12 years ago
Flags: approval?
Flags: approval? → approval+
(Assignee)

Comment 6

12 years ago
Checking in Bugzilla/Search.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Search.pm,v  <--  Search.pm
new revision: 1.142; previous revision: 1.141
done
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.