[hibernate-issues] [Hibernate-JIRA] Created: (HHH-6730) Query#setParameterList silently overwrites previous parameters

Alexander Keul (JIRA) noreply at atlassian.com
Thu Oct 13 10:41:19 EDT 2011 

Query#setParameterList silently overwrites previous parameters
--------------------------------------------------------------

                 Key: HHH-6730
                 URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-6730
             Project: Hibernate Core
          Issue Type: Improvement
          Components: query-hql, query-sql
    Affects Versions: 3.6.6
            Reporter: Alexander Keul
            Priority: Minor


When setting a parameter list on a query Hibernate's expandParameterList silently overwrites existing parameters.It requires a very specific set of conditions to be an issue, but I believe Hibernate should at least throw an exception rather than continuing on it's merry way. The issue is specifically found at the end of the function, line 789-796 in 3.6.2.FINAL. Hibernate aliases the expanded parameterlist based on the original name (:param0 -> :param00_, :param01_, etc), which can cause issues if

1) The parameters are themselves sublists, or are for some other reason named with numbers at the end
and
2) The parameter lists contain at least 10 items.

For example
:param1 expands to :param110_ (11th element)
:param11 expands to :param 110_ (1st element)

The problem could be avoided by changing the name expansion into

while ( iter.hasNext() ) {
  String alias = ( isJpaPositionalParam ? 'x' + name : name ) + i++ + '_';
  Object oldVal = namedParamsCopy.put( alias, new TypedValue( type, iter.next(), session.getEntityMode() ) );
  
  if ( oldVal != null ) {
    throw new QueryException("Named parameterlist " + name + " expands into an ambiguous parameter");  
  }

  list.append( ParserHelper.HQL_VARIABLE_PREFIX ).append( alias );
  if ( iter.hasNext() ) {
    list.append( ", " );
  }
}

No patch or testcast attached at this time, but if one's requested I can see if I can't get one up reasonably soon.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the hibernate-issues mailing list