Bug 46012 - apr_dbd_pgsql does not check column number
Summary: apr_dbd_pgsql does not check column number
Alias: None
Product: APR
Classification: Unclassified
Component: APR-util (show other bugs)
Version: HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache Portable Runtime bugs mailinglist
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Reported: 2008-10-15 03:49 UTC by Michiel van Loon
Modified: 2009-01-05 16:50 UTC (History)
1 user (show)

Patch to suppress column number out of range message with pgsql (499 bytes, patch)
2008-10-15 03:49 UTC, Michiel van Loon
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michiel van Loon 2008-10-15 03:49:43 UTC
Created attachment 22733 [details]
Patch to suppress column number out of range message with pgsql 

In apr_dbd_pgsql.c calls are made to PQfname. When the column number 'n' is too big libpq issues an error message that appears in the apache error log like 'column number 3 is out of range 0..2'.
As this function is called at every password check, my logfiles consists for 99% of these messages now. 

The patch attachedto this bug report removes the error message by first validating the column number.
Comment 1 Nick Kew 2008-10-15 05:07:57 UTC
Is PQnfields() a trivial-cost function call, or could it be better to look it up once and store it?
Comment 2 Michiel van Loon 2008-10-15 05:12:58 UTC
PQnfields just returns res->numAttributes if res is valid. I don't think it is needed to store the result.

from fe-exec.c of libpq:

PQnfields(const PGresult *res)
		 if (!res)
		 		 return 0;
		 return res->numAttributes;
Comment 3 Nick Kew 2008-10-15 11:25:19 UTC
I've committed the patch to trunk in r704986.  Thanks for the report.
Comment 4 Bojan Smojver 2009-01-05 16:50:46 UTC
Backported to 1.3.x now. 1.4.x already has this.

Thanks for the patch!