[Issues] [mod_log_sql 0000041]: Wrong comparison with itemsets causes invalid SQL queries to be sent over the wire.

issues at outoforder.cc issues at outoforder.cc
Wed Aug 31 01:22:52 EST 2005


The following issue has been RESOLVED.
======================================================================
<http://issues.outoforder.cc/view.php?id=41> 
======================================================================
Reported By:                dbroady1
Assigned To:                urkle
======================================================================
Project:                    mod_log_sql
Issue ID:                   41
Category:                   Database Issue
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     resolved
Apache Version:             2.0.54
Resolution:                 fixed
Fixed in Version:           1.101
======================================================================
Date Submitted:             07-19-2005 07:43 EST
Last Modified:              08-31-2005 01:22 EST
======================================================================
Summary:                    Wrong comparison with itemsets causes invalid SQL
queries to be sent over the wire.
Description: 
In mod_log_sql.c, in function log_sql_transaction, lines 933, 964, 996, &
1029, the code is attempting to compare the itemsets variable to the empty
string to determine when to issue an insert SQL statement for the notes,
headers_out, headers_in & cookies tables.  However,
   if (itemsets != "") {...}
will only work if the compiler puts all instances of the empty string into
the same location in memory.  The compiler I'm using, Sun Studio 8 with
Solaris 9, does not do this.  What happens at runtime is that I get
invalid insert statements of the form
    insert into notes values ;
This invalid sql statement then gets logged to the apache log file each
time a new HTTP request comes in.

To fix this, I changed the comparison on each of the line numbers listed
above to
   if (itemsets && (itemsets[0] != '\0')) { ... }
This is semantically the same operation.  I compiled & installed this
version and everything works as expected (if itemsets is empty, no sql
statement executed).
======================================================================

----------------------------------------------------------------------
 urkle - 08-31-05 01:22 
----------------------------------------------------------------------
Thanks for the report.  

I've committed a fix for this issue as SVN revision
http://issues.outoforder.cc/view.php?id=166.

Issue History
Date Modified  Username       Field                    Change              
======================================================================
07-19-05 07:43 dbroady1       New Issue                                    
07-19-05 07:43 dbroady1       Apache Version            => 2.0.54          
07-19-05 12:46 dbroady1       Issue Monitored: dbroady1                    
08-31-05 01:06 urkle          Status                   new => assigned     
08-31-05 01:06 urkle          Assigned To               => urkle           
08-31-05 01:22 urkle          Status                   assigned => resolved
08-31-05 01:22 urkle          Fixed in Version          => 1.101           
08-31-05 01:22 urkle          Resolution               open => fixed       
08-31-05 01:22 urkle          Note Added: 0000048                          
======================================================================




More information about the Issues mailing list