[Issues] [mod_log_sql 0000041]: Wrong comparison with itemsets causes invalid SQL queries to be sent over the wire.

issues at outoforder.cc issues at outoforder.cc
Tue Jul 19 07:43:05 EST 2005 

The following issue has been SUBMITTED.
======================================================================
<http://issues.outoforder.cc/view.php?id=41> 
======================================================================
Reported By:                dbroady1
Assigned To:                
======================================================================
Project:                    mod_log_sql
Issue ID:                   41
Category:                   Database Issue
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Apache Version:             2.0.54
======================================================================
Date Submitted:             07-19-2005 07:43 EST
Last Modified:              07-19-2005 07:43 EST
======================================================================
Summary:                    Wrong comparison with itemsets causes invalid SQL
queries to be sent over the wire.
Description: 
In mod_log_sql.c, in function log_sql_transaction, lines 933, 964, 996, &
1029, the code is attempting to compare the itemsets variable to the empty
string to determine when to issue an insert SQL statement for the notes,
headers_out, headers_in & cookies tables.  However,
   if (itemsets != "") {...}
will only work if the compiler puts all instances of the empty string into
the same location in memory.  The compiler I'm using, Sun Studio 8 with
Solaris 9, does not do this.  What happens at runtime is that I get
invalid insert statements of the form
    insert into notes values ;
This invalid sql statement then gets logged to the apache log file each
time a new HTTP request comes in.

To fix this, I changed the comparison on each of the line numbers listed
above to
   if (itemsets && (itemsets[0] != '\0')) { ... }
This is semantically the same operation.  I compiled & installed this
version and everything works as expected (if itemsets is empty, no sql
statement executed).
======================================================================

Issue History
Date Modified  Username       Field                    Change              
======================================================================
07-19-05 07:43 dbroady1       New Issue                                    
07-19-05 07:43 dbroady1       Apache Version            => 2.0.54          
======================================================================

More information about the Issues mailing list