Closed Bug 355709 Opened 18 years ago Closed 18 years ago

[PostgreSQL] Crash when querying the DB

Categories

(Bugzilla :: Query/Bug List, defect)

2.23
defect
Not set
major

Tracking

()

RESOLVED FIXED
Bugzilla 3.0

People

(Reporter: LpSolit, Assigned: mkanat)

References

Details

(Keywords: regression)

Attachments

(1 file)

I tested on bugzilla-tip-pg and qa30pg on landfill, as well as on my local 2.23.3 installation running on PostgreSQL, and I can reproduce the bug in all 3 installations: Insecure dependency in parameter 1 of DBI::db=HASH(0x931b930)->prepare method call while running with -T switch at /var/www/html/qa30pg/buglist.cgi line 996. To reproduce, go to query.cgi, and select: A Comment: "contains all of the words/strings" "foo" I cannot reproduce the bug on MySQL using this testcase, nor can I reproduce on 2.22 using PostgreSQL. So this bug is specific to 3.0 running on PostgreSQL.
I have no idea what the problem is. joel, Max, can you help?
Flags: blocking3.0?
Flags: blocking3.0? → blocking3.0+
All right. I'm investigating this. This line shows up as tainted: ((bugs.bug_status IN ('NEW','ASSIGNED','REOPENED')) AND (POSITION('foo' IN LOWER(bugs.short_desc)) > 0))
Assignee: query-and-buglist → mkanat
Attached patch v1Splinter Review
Okay, here we go. Trivial and obvious patch. The code was obviously wrong before. I don't know why MySQL wasn't throwing this error--I suppose its quote() function also detaints, while Pg's doesn't.
Attachment #241455 - Flags: review?(LpSolit)
For the record, this is a regression due to bug 300552, which landed on tip only.
Status: NEW → ASSIGNED
Depends on: 300552
Comment on attachment 241455 [details] [diff] [review] v1 Tested. This fixes the problem. r=LpSolit Land this asap.
Attachment #241455 - Flags: review?(LpSolit) → review+
Flags: approval?
Flags: approval? → approval+
Checking in Bugzilla/Search.pm; /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Search.pm,v <-- Search.pm new revision: 1.142; previous revision: 1.141 done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: