Closed
Bug 7233
Opened 26 years ago
Closed 20 years ago
Editversions.cgi has a potential race resulting in duplicate versions
Categories
(Bugzilla :: Administration, task, P3)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: steveha, Assigned: LpSolit)
References
Details
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
mkanat
:
review+
|
Details | Diff | Splinter Review |
By accident, I entered a product/version combination twice in the versions
tables. The database ought to be set up in a way that guarantees that this
cannot happen. (I'm not sure how to do this, since I am not a SQL guru. I
believe that you could declare that the two columns together make a primary key,
and that would do it.)
Updated•25 years ago
|
Status: NEW → ASSIGNED
Priority: P3 → P2
Comment 1•25 years ago
|
||
tara@tequilarista.org is the new owner of Bugzilla and Bonsai. (For details,
see my posting in netscape.public.mozilla.webtools,
news://news.mozilla.org/38F5D90D.F40E8C1A%40geocast.com .)
Assignee: terry → tara
Status: ASSIGNED → NEW
actually you do this by creating an index that forces unique values on columns.
i agree that this is a good thing to have, i can't think of any situation where
it would be good to have multiple instances of product/version in the versions
table.
moving to assigned.
Status: NEW → ASSIGNED
made schema slightly more retentive by requiring unique on product name.
editproducts.cgi and editversions.cgi both have checking to prevent duplicates.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Comment 5•25 years ago
|
||
Just double-checking here, because that doesn't sound right... what if you have
more than one version of the same product? :) I have to have two or more rows
in the table with the same product name in order to do that (they'd each have
different version numbers).
oh dear. you're right. i obviously was _not_ thinking. I did a partial backout
of the change...unique indexing is out, the not null change is still there.
credited you in the comments for catching my idiocy.
Comment 8•25 years ago
|
||
Why is this verified fixed? This is what's in checksetup.pl for the version
table right now:
$table{versions} =
'value tinytext,
program varchar(64) not null';
I don't see any uniqueness in there.
You can make both columns unique as a pair by grouping them in parenthesis in the
definition.
$table{versions} =
'value tinytext,
program varchar(64) not null
unique (value, program)';
What was backed out before is that the one column was made unique by itself,
instead of doing it as a pair, so it wouldn't let you put more than one version
on a product.
This needs to be reopened.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
ugh. you can't index a blob type (tinytext). we'd need to change this to
varchar(255) or something.
Comment 10•24 years ago
|
||
I assume the fix here is to set up a compound unique index.
QA Contact: matty
Whiteboard: 2.14
Updated•24 years ago
|
Whiteboard: 2.14 → 2.16
Comment 12•24 years ago
|
||
Whatever is done here should be duplicated for the milestones table I assume.
Priority: P2 → P3
Whiteboard: 2.16
Comment 13•24 years ago
|
||
Taking all of cyeh's Bugzilla bugs.
Assignee: Chris.Yeh → justdave
Status: REOPENED → NEW
Comment 14•23 years ago
|
||
*** Bug 97748 has been marked as a duplicate of this bug. ***
Comment 15•23 years ago
|
||
New product: bugzilla.
Component: Bugzilla → Administration
Product: Webtools → Bugzilla
Version: other → 2.10
Comment 16•23 years ago
|
||
this looks like it requires a schema change (changing a tinytext to a
varchar(255) was suggested here). CCing a few of the people working on the xdb
sql syntax for comment.
Comment 17•23 years ago
|
||
We are currently trying to wrap up Bugzilla 2.16. We are now close enough to
release time that anything that wasn't already ranked at P1 isn't going to make
the cut. Thus this is being retargetted at 2.18. If you strongly disagree with
this retargetting, please comment, however, be aware that we only have about 2
weeks left to review and test anything at this point, and we intend to devote
this time to the remaining bugs that were designated as release blockers.
Target Milestone: Bugzilla 2.16 → Bugzilla 2.18
Comment 18•23 years ago
|
||
And we should use real ids, too.
Comment 19•22 years ago
|
||
*** Bug 191745 has been marked as a duplicate of this bug. ***
Comment 20•21 years ago
|
||
In 2.17.6, this seems to work..... If I add the same version twice, I get...
"Adding new version
The version 'a' already exists. Please press Back and try again."
Status: NEW → RESOLVED
Closed: 25 years ago → 21 years ago
Resolution: --- → WORKSFORME
Comment 21•21 years ago
|
||
Joel Peshkin, did you check whether there is actualy a unique index yet on
the "versions" table ("values" column)? The editversions.cgi explicitly tries
to do a select before inserting, but that is not atomic and does not guarantee
uniqueness in race conditions (such as when two users are trying to do it, or
if the user double-clicks the submit button).
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Comment 22•21 years ago
|
||
The potential for a race caused by 2 users simultaneously adding versions is
there. The double-click scenario is not very plausible. The other concern,
mentioned in bug 191745, suggests that the database protect itself from users
manually fiddling with it.
It looks like the right thing to do is to either
a) LOCK/UNLOCK around the test and the insert
or
b) Add a unique index and change the INSERT to INSERT IGNORE
[[ At the same time, we should change the versions.value to a varchar(64) to
match bugs.version ]]
bbaetz -- versioncache is supposed to go away. Does that plan impact this
decision??
Summary: versions rows should be forced to be unique → Editversions.cgi has a potential race resulting in duplicate versions
Comment 23•21 years ago
|
||
option (b) would seem to be preferable, since it is quite reasonable to
enforce this type of constraint at the schema level. Note that changing
versions.value from "tinytext" to "varchar(64)" is actually a necessary
pre-requisite before creating a unique index on that column (as per comment #9)
Comment 24•21 years ago
|
||
See bug 153540.
versioncache has nothing to do with versions, really
Comment 25•21 years ago
|
||
I'll take this one, when I port to my new administration architecture all the
edit*.cgi should be consistent including on this issue.
Assignee: justdave → mattyt-bugzilla
Status: REOPENED → NEW
Comment 26•21 years ago
|
||
Not likely to make 2.18. Change it back if I'm wrong.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20
Comment 27•20 years ago
|
||
When this bug is fixed, I would suggest you consider making the size of the
versions.value and milestones.value fields consistent.
I would also note that according to the MySQL documenation (Section 11.4.3) TEXT
columns stored in MyISAM tables can be indexed as of MySQL version 3.23.2, which
is significantly older than what Bugzilla 2.18 minimally requires.
Comment 28•20 years ago
|
||
*** Bug 237926 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 29•20 years ago
|
||
Is it now fixed by the checkin of bug 190226?
Comment 30•20 years ago
|
||
(In reply to comment #29)
> Is it now fixed by the checkin of bug 190226?
Nope, this not fixed yet.
Comment 31•20 years ago
|
||
This bug has not been touched by its owner in over six months, even though it is
targeted to 2.20, for which the freeze is 10 days away. Unsetting the target
milestone, on the assumption that nobody is actually working on it or has any
plans to soon.
If you are the owner, and you plan to work on the bug, please give it a real
target milestone. If you are the owner, and you do *not* plan to work on it,
please reassign it to nobody@bugzilla.org or a .bugs component owner. If you are
*anybody*, and you get this comment, and *you* plan to work on the bug, please
reassign it to yourself if you have the ability.
Target Milestone: Bugzilla 2.20 → ---
Assignee | ||
Comment 32•20 years ago
|
||
First convert the 'value' field from tinytext to varchar(64), consistently with
templates which allow 64 characters and bugs.version which is also defined as
varchar(64).
Then add an index to the 'versions' table.
Assignee: mattyt-bugzilla → LpSolit
Status: NEW → ASSIGNED
Attachment #182007 -
Flags: review?(mkanat)
Comment 33•20 years ago
|
||
Comment on attachment 182007 [details] [diff] [review]
patch, v1
Technically, in order for that UNIQUE constraint to fix this problem, value
would have to be NOT NULL.
If there are currently *any* null values in the "value" field, you are in for a
very difficult problem.
Attachment #182007 -
Flags: review?(mkanat) → review-
Assignee | ||
Comment 34•20 years ago
|
||
I don't see how a value could be NULL. The actual UI does not let you do that.
So I simply added NOTNULL => 1.
Attachment #182007 -
Attachment is obsolete: true
Attachment #182045 -
Flags: review?(mkanat)
Comment 35•20 years ago
|
||
Comment on attachment 182045 [details] [diff] [review]
patch, v2
OK, yeah, now this looks obviously correct.
Attachment #182045 -
Flags: review?(mkanat) → review+
Assignee | ||
Updated•20 years ago
|
Flags: approval?
Target Milestone: --- → Bugzilla 2.20
Updated•20 years ago
|
Flags: approval? → approval+
Assignee | ||
Comment 36•20 years ago
|
||
Checking in checksetup.pl;
/cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v <-- checksetup.pl
new revision: 1.401; previous revision: 1.400
done
Checking in Bugzilla/DB/Schema.pm;
/cvsroot/mozilla/webtools/bugzilla/Bugzilla/DB/Schema.pm,v <-- Schema.pm
new revision: 1.29; previous revision: 1.28
done
Status: ASSIGNED → RESOLVED
Closed: 21 years ago → 20 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•