Summary: | apr_dbd_pgsql does not check column number | ||
---|---|---|---|
Product: | APR | Reporter: | Michiel van Loon <michiel> |
Component: | APR-util | Assignee: | Apache Portable Runtime bugs mailinglist <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | michiel |
Priority: | P2 | Keywords: | FixedInTrunk, PatchAvailable |
Version: | HEAD | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | Patch to suppress column number out of range message with pgsql |
Is PQnfields() a trivial-cost function call, or could it be better to look it up once and store it? PQnfields just returns res->numAttributes if res is valid. I don't think it is needed to store the result. from fe-exec.c of libpq: int PQnfields(const PGresult *res) { if (!res) return 0; return res->numAttributes; } I've committed the patch to trunk in r704986. Thanks for the report. Backported to 1.3.x now. 1.4.x already has this. Thanks for the patch! |
Created attachment 22733 [details] Patch to suppress column number out of range message with pgsql In apr_dbd_pgsql.c calls are made to PQfname. When the column number 'n' is too big libpq issues an error message that appears in the apache error log like 'column number 3 is out of range 0..2'. As this function is called at every password check, my logfiles consists for 99% of these messages now. The patch attachedto this bug report removes the error message by first validating the column number.