[Issues] [mod_log_sql 0000041]: Wrong comparison with itemsets
causes invalid SQL queries to be sent over the wire.
issues at outoforder.cc
issues at outoforder.cc
Wed Aug 31 01:22:52 EST 2005
The following issue has been RESOLVED.
======================================================================
<http://issues.outoforder.cc/view.php?id=41>
======================================================================
Reported By: dbroady1
Assigned To: urkle
======================================================================
Project: mod_log_sql
Issue ID: 41
Category: Database Issue
Reproducibility: always
Severity: minor
Priority: normal
Status: resolved
Apache Version: 2.0.54
Resolution: fixed
Fixed in Version: 1.101
======================================================================
Date Submitted: 07-19-2005 07:43 EST
Last Modified: 08-31-2005 01:22 EST
======================================================================
Summary: Wrong comparison with itemsets causes invalid SQL
queries to be sent over the wire.
Description:
In mod_log_sql.c, in function log_sql_transaction, lines 933, 964, 996, &
1029, the code is attempting to compare the itemsets variable to the empty
string to determine when to issue an insert SQL statement for the notes,
headers_out, headers_in & cookies tables. However,
if (itemsets != "") {...}
will only work if the compiler puts all instances of the empty string into
the same location in memory. The compiler I'm using, Sun Studio 8 with
Solaris 9, does not do this. What happens at runtime is that I get
invalid insert statements of the form
insert into notes values ;
This invalid sql statement then gets logged to the apache log file each
time a new HTTP request comes in.
To fix this, I changed the comparison on each of the line numbers listed
above to
if (itemsets && (itemsets[0] != '\0')) { ... }
This is semantically the same operation. I compiled & installed this
version and everything works as expected (if itemsets is empty, no sql
statement executed).
======================================================================
----------------------------------------------------------------------
urkle - 08-31-05 01:22
----------------------------------------------------------------------
Thanks for the report.
I've committed a fix for this issue as SVN revision
http://issues.outoforder.cc/view.php?id=166.
Issue History
Date Modified Username Field Change
======================================================================
07-19-05 07:43 dbroady1 New Issue
07-19-05 07:43 dbroady1 Apache Version => 2.0.54
07-19-05 12:46 dbroady1 Issue Monitored: dbroady1
08-31-05 01:06 urkle Status new => assigned
08-31-05 01:06 urkle Assigned To => urkle
08-31-05 01:22 urkle Status assigned => resolved
08-31-05 01:22 urkle Fixed in Version => 1.101
08-31-05 01:22 urkle Resolution open => fixed
08-31-05 01:22 urkle Note Added: 0000048
======================================================================
More information about the Issues
mailing list