Closed
Bug 355709
Opened 18 years ago
Closed 18 years ago
[PostgreSQL] Crash when querying the DB
Categories
(Bugzilla :: Query/Bug List, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.0
People
(Reporter: LpSolit, Assigned: mkanat)
References
Details
(Keywords: regression)
Attachments
(1 file)
673 bytes,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
I tested on bugzilla-tip-pg and qa30pg on landfill, as well as on my local 2.23.3 installation running on PostgreSQL, and I can reproduce the bug in all 3 installations:
Insecure dependency in parameter 1 of DBI::db=HASH(0x931b930)->prepare method call while running with -T switch at /var/www/html/qa30pg/buglist.cgi line 996.
To reproduce, go to query.cgi, and select:
A Comment: "contains all of the words/strings" "foo"
I cannot reproduce the bug on MySQL using this testcase, nor can I reproduce on 2.22 using PostgreSQL. So this bug is specific to 3.0 running on PostgreSQL.
Reporter | ||
Comment 1•18 years ago
|
||
I have no idea what the problem is. joel, Max, can you help?
Flags: blocking3.0?
Assignee | ||
Updated•18 years ago
|
Flags: blocking3.0? → blocking3.0+
Assignee | ||
Comment 2•18 years ago
|
||
All right. I'm investigating this. This line shows up as tainted:
((bugs.bug_status IN ('NEW','ASSIGNED','REOPENED')) AND (POSITION('foo' IN LOWER(bugs.short_desc)) > 0))
Assignee: query-and-buglist → mkanat
Assignee | ||
Comment 3•18 years ago
|
||
Okay, here we go. Trivial and obvious patch. The code was obviously wrong before. I don't know why MySQL wasn't throwing this error--I suppose its quote() function also detaints, while Pg's doesn't.
Attachment #241455 -
Flags: review?(LpSolit)
Reporter | ||
Comment 4•18 years ago
|
||
For the record, this is a regression due to bug 300552, which landed on tip only.
Status: NEW → ASSIGNED
Depends on: 300552
Reporter | ||
Comment 5•18 years ago
|
||
Comment on attachment 241455 [details] [diff] [review]
v1
Tested. This fixes the problem. r=LpSolit
Land this asap.
Attachment #241455 -
Flags: review?(LpSolit) → review+
Reporter | ||
Updated•18 years ago
|
Flags: approval?
Updated•18 years ago
|
Flags: approval? → approval+
Assignee | ||
Comment 6•18 years ago
|
||
Checking in Bugzilla/Search.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/Search.pm,v <-- Search.pm
new revision: 1.142; previous revision: 1.141
done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•