[hibernate-issues] [Hibernate-JIRA] Updated: (HHH-6730) Query#setParameterList silently overwrites previous parameters

Alexander Keul (JIRA) noreply at atlassian.com
Fri Oct 28 08:51:20 EDT 2011 

     [ http://opensource.atlassian.com/projects/hibernate/browse/HHH-6730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexander Keul updated HHH-6730:
--------------------------------

    Attachment: hhh-6730.patch

Attached a fix as well as a minimal test case. Several ugly implementations of interfaces which could be replaced with mock objects, I just have no idea which mock library might be used.

This is against the 3.6.9-SNAPSHOT

> Query#setParameterList silently overwrites previous parameters
> --------------------------------------------------------------
>
>                 Key: HHH-6730
>                 URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-6730
>             Project: Hibernate Core
>          Issue Type: Improvement
>          Components: query-hql, query-sql
>    Affects Versions: 3.6.6
>            Reporter: Alexander Keul
>            Priority: Minor
>         Attachments: hhh-6730.patch
>
>
> When setting a parameter list on a query Hibernate's expandParameterList silently overwrites existing parameters.It requires a very specific set of conditions to be an issue, but I believe Hibernate should at least throw an exception rather than continuing on it's merry way. The issue is specifically found at the end of the function, line 789-796 in 3.6.2.FINAL. Hibernate aliases the expanded parameterlist based on the original name (:param0 -> :param00_, :param01_, etc), which can cause issues if
> 1) The parameters are themselves sublists, or are for some other reason named with numbers at the end
> and
> 2) The parameter lists contain at least 10 items.
> For example
> :param1 expands to :param110_ (11th element)
> :param11 expands to :param 110_ (1st element)
> The problem could be avoided by changing the name expansion into
> while ( iter.hasNext() ) {
>   String alias = ( isJpaPositionalParam ? 'x' + name : name ) + i++ + '_';
>   Object oldVal = namedParamsCopy.put( alias, new TypedValue( type, iter.next(), session.getEntityMode() ) );
>   
>   if ( oldVal != null ) {
>     throw new QueryException("Named parameterlist " + name + " expands into an ambiguous parameter");  
>   }
>   list.append( ParserHelper.HQL_VARIABLE_PREFIX ).append( alias );
>   if ( iter.hasNext() ) {
>     list.append( ", " );
>   }
> }
> No patch or testcast attached at this time, but if one's requested I can see if I can't get one up reasonably soon.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the hibernate-issues mailing list