[hibernate-issues] [Hibernate-JIRA] Resolved: (HHH-6688) ParameterParser.parse(...) has a parsing bug involving "call" substring

Strong Liu (JIRA) noreply at atlassian.com
Thu Oct 13 12:38:19 EDT 2011 

     [ http://opensource.atlassian.com/projects/hibernate/browse/HHH-6688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Strong Liu resolved HHH-6688.
-----------------------------

    Resolution: Fixed
      Assignee: Strong Liu

I believe this has been fixed, at least in 4.0

> ParameterParser.parse(...) has a parsing bug involving "call" substring
> -----------------------------------------------------------------------
>
>                 Key: HHH-6688
>                 URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-6688
>             Project: Hibernate Core
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.3.1
>         Environment: windows and linux.  
>            Reporter: silly things
>            Assignee: Strong Liu
>              Labels: hibernate
>
> The following line of code does not account for the possibility that a column name in the sqlString can contain the substring "call".  As a result hasMainOutputParameter will get set to the wrong value.
> ParameterParser.java
> public static void parse(String sqlString, Recognizer recognizer) throws QueryException {
>   boolean hasMainOutputParameter = sqlString.indexOf( "call" ) > 0 &&
>   sqlString.indexOf( "?" ) < sqlString.indexOf( "call" ) &&
>   sqlString.indexOf( "=" ) < sqlString.indexOf( "call" );
> For example:
> create table test (id varchar(255), call_center varchar(255));
> sql = "insert test set id=?, call_center=?;"
> SQLQuery query = session.createSQLQuery(sql);
> query.setParameter(0, "blab");
> query.setParameter(1, "california");
> At this point, the second setParameter call will exception out.  This is because the createSQLQuery() calls ParameterParser which wrongly parse any sql that contains "call" in the substring.  Actually, if you think about the following, the edge case that is not being handled is pretty obvious.
>   boolean hasMainOutputParameter = sqlString.indexOf( "call" ) > 0 &&
>   sqlString.indexOf( "?" ) < sqlString.indexOf( "call" ) &&
>   sqlString.indexOf( "=" ) < sqlString.indexOf( "call" );
> I am using 3.3.1 but I suspect this is affecting all current release.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the hibernate-issues mailing list