Status/Resolution/Reason: Closed/Withdrawn/
Reporter/Name(from Bugbase): Sean Corfield / Sean Corfield (Sean Corfield)
Created: 03/11/2009
Components: Language, CF Component
Versions: 9.0
Failure Type: Unspecified
Found In Build/Fixed In Build: 0000 /
Priority/Frequency: Major / Unknown
Locale/System: English / Platforms All
Vote Count: 0
Duplicate ID: CF-3038003
Problem:
com.adobe.coldfusion.* CFCs are not thread safe. Here's the email I posted on the forum listing problems in system.cfc and base.cfc - the other CFCs should be checked as well for any and all loop variables (at a minimum).
Sean Corfield wrote:
On Mar 10, 2009, at 7:48 PM, Sean Corfield - CF_9_General Discussions
wrote:
> I’m curious as to how this is implemented because I see the
> com.adobe.coldfusion.system CFC but it is not thread safe (I see the
> mail CFC and others seem to have improved in that area).
I ran varScoper on the com.adobe.coldfusion.* CFCs and in addition to
these two problems which I mentioned:
> The following method should var-declare argName and keyExists...
It also identified this problem in the base.cfc:
<!--- process proc resultsets --->
<cfset var procresultset = {}>
<cfloop array="#procresults#" index="procresult">
<cfset procresultset[procresult.name] =
Evaluate(procresult["name"])>
</cfloop>
procresult is not var-declared.
Unfortunately, varScoper doesn’t do so well on cfscript so it did not
spot the following additional problems in base.cfc:
public struct function getAttributes(string attribs="")
{
var attributesstruct = {};
arguments.attribs = trim(arguments.attribs) neq "" ?
trim(arguments.attribs) : variables.tagAttributes;
for(i=1; i lte listlen(attribs); i++)
i is not var-declared.
public void function clearAttributes(string tagAttributesToClear="")
{
var attributeslist = isdefined("arguments.tagAttributesToClear")
and trim(arguments.tagAttributesToClear) neq "" ?
arguments.tagAttributesToClear : variables.tagAttributes;
for(i=1;i lte listlen(attributeslist); i++)
i is not var-declared.
private struct function getTagAttributes()
{
var tagAttributes = structnew();
for(i=1; i lte listlen(variables.tagAttributes); i++)
i is not var-declared.
private string function getSupportedTagAttributes(string tagName)
{
//store all service tag attributes in Server scope for faster access.
if(not isdefined("Server.serviceTagAttributes.#tagName#"))
{
lock scope="server" timeout="30" throwontimeout="yes"
type="exclusive"
{
var cftldpath = expandpath("/WEB-INF/cftags/META-INF/
taglib.cftld");
var xpath = "/taglib/
tag[name=’#lcase(Right(tagName,len(tagName)-2))#’]/attribute/name";
var cftagsXml = XmlParse(FileRead(cftldpath));
var tagAttributes = xmlsearch(cftagsXml,xpath);
var attributeslist = "";
for(i=1;i lte arraylen(tagAttributes); i++)
All those var-declarations... but i is not among them!
private array function appendAllowExtraAttributes(array params)
{
var temp = [];
var nbrOfParams = arraylen(arguments.params);
for(i=1; i lte nbrOfParams; i++)
i is not var-declared.
varScoper also did not spot a number of un-var’d variables in the
invokeTag() method. Here are some that I found by inspection:
<cfcase value="CFHTTP">
<cfhttp attributeCollection="#tagAttributes#">
<cfloop array="#params#" index="httpparam">
<cfhttpparam attributeCollection="#httpparam#">
</cfloop>
httpparam is not var-declared.
<cfcase value="CFPDF">
<!--- If the "source" attribute contains any cfdocument or cfpdf
variables, we need to pass a variable with that value instead of the
value --->
<cfset var sourceVar = "">
<cfif structkeyexists(tagAttributes,"source") and not
isSimpleValue(tagAttributes["source"])>
<cfset sourceVar = tagAttributes["source"]>
<cfset structappend(tagAttributes,
{source="sourceVar"})>
</cfif>
<cfpdf attributeCollection="#tagAttributes#">
<cfif
comparenocase(tagAttributes["action"],"merge") eq 0>
<cfif arraylen(params) gt 0>
<cfloop array="#params#" index="pdfparam">
<cfpdfparam
attributeCollection="#pdfparam#">
</cfloop>
pdfparam is not var-declared.
<cfcase value="CFMAIL">
<cfset var mailbody = "">
<cfset var mailpartbody = "">
<cfset var parts = structkeyexists(tagParams,"parts") ?
appendAllowExtraAttributes(tagParams["parts"]) : []>
<!--- if query attribute exists, pass a variable with
query object instead of the query object --->
<cfif structkeyexists(tagAttributes,"query") and
isquery(tagAttributes["query"])>
<cfset var queryVar = tagAttributes[’query’]>
<cfset structappend(tagAttributes,
{query="queryVar"},"yes")>
</cfif>
<!--- Capture mail content into a local variable and
delete body attribute --->
<cfif structkeyexists(tagAttributes,"body")>
<cfset var mailbody = tagAttributes["body"]>
<cfset structdelete(tagAttributes,"body")>
</cfif>
<!--- invoke the cfmail/cfmailparams/cfmailpart tags --->
<cfmail attributeCollection="#tagAttributes#">
#mailbody#
<cfloop array="#params#" index="mailparam">
<cfmailparam attributeCollection="#mailparam#">
</cfloop>
<cfloop array="#parts#" index="mailpart">
mailparam and mailpart are not var-declared.
<cfcase value="CFQUERY">
<cfset var sqlparams = structkeyexists(tagParams,"params") ?
tagParams["params"] : []>
<cfset var sqlArray = structkeyexists(tagParams,"sqlArray") ?
tagParams["sqlArray"] : []>
<cfset var sqlQuery = structkeyexists(tagParams,"sql") ?
tagParams["sql"] : "">
<cfset var sqlType = structkeyexists(tagParams,"sqlType") ?
tagParams["sqlType"] : "">
<cfquery attributeCollection="#tagAttributes#">
<!--- if no queryparams exist, use query directly
--->
<cfif arraylen(sqlParams) eq 0>
#PreserveSingleQuotes(sqlQuery)#
<cfelse>
#getPreserveSingleQuotes(sqlArray[1])#
<cfif sqlType neq "" and arraylen(sqlParams)
gt 0>
<cfloop index="i" from="2"
to="#ArrayLen(sqlArray)#">
i is not var-declared.
<cfcase value="CFSTOREDPROC">
<cfset var procresults =
structkeyexists(tagParams,"procresults") ?
appendAllowExtraAttributes(tagParams["procresults"]) : []>
<cfset var spResult = new storedprocResult()>
<cfstoredproc attributeCollection="#tagAttributes#">
<cfloop array="#params#" index="procparam">
<cfprocparam
attributeCollection="#procparam#"/>
</cfloop>
<cfloop array="#procresults#" index="procresult">
procparam and procresult are not var-declared (and are both used in
other loops after that).
Sean Corfield
Bay Area ColdFusion User Group Manager
http://bacfug.org -- sean@corfield.org
Method:
Result:
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3037799
External Customer Info:
External Company:
External Customer Name: Sean Corfield
External Customer Email: 479B4EDC43F3A88B992016B6
External Test Config: 03/11/2009
Attachments:
Comments: