tracker issue : CF-3037799

select a category, or use search below
(searches all categories and all time range)
Title:

Bug 75861:com

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Sean Corfield / Sean Corfield (Sean Corfield)

Created: 03/11/2009

Components: Language, CF Component

Versions: 9.0

Failure Type: Unspecified

Found In Build/Fixed In Build: 0000 /

Priority/Frequency: Major / Unknown

Locale/System: English / Platforms All

Vote Count: 0

Duplicate ID:	CF-3038003

Problem:

com.adobe.coldfusion.* CFCs are not thread safe. Here's the email I posted on the forum listing problems in system.cfc and base.cfc - the other CFCs should be checked as well for any and all loop variables (at a minimum).

Sean Corfield wrote: 

On Mar 10, 2009, at 7:48 PM, Sean Corfield - CF_9_General Discussions  
wrote:
> I’m curious as to how this is implemented because I see the
> com.adobe.coldfusion.system CFC but it is not thread safe (I see the
> mail CFC and others seem to have improved in that area).

I ran varScoper on the com.adobe.coldfusion.* CFCs and in addition to  
these two problems which I mentioned:

> The following method should var-declare argName and keyExists...

It also identified this problem in the base.cfc:

                <!--- process proc resultsets --->
                <cfset var procresultset = {}>
        <cfloop array="#procresults#" index="procresult">
        <cfset procresultset[procresult.name] =  
Evaluate(procresult["name"])>
            </cfloop>

procresult is not var-declared.

Unfortunately, varScoper doesn’t do so well on cfscript so it did not  
spot the following additional problems in base.cfc:

public struct function getAttributes(string attribs="")
{
var attributesstruct = {};
arguments.attribs = trim(arguments.attribs) neq "" ?  
trim(arguments.attribs) : variables.tagAttributes;
for(i=1; i lte listlen(attribs); i++)

i is not var-declared.

public void function clearAttributes(string tagAttributesToClear="")
{
var attributeslist = isdefined("arguments.tagAttributesToClear")  
and trim(arguments.tagAttributesToClear) neq "" ?  
arguments.tagAttributesToClear : variables.tagAttributes;

for(i=1;i lte listlen(attributeslist); i++)

i is not var-declared.

private struct function getTagAttributes()
{
var tagAttributes = structnew();
for(i=1; i lte listlen(variables.tagAttributes); i++)

i is not var-declared.

private string function getSupportedTagAttributes(string tagName)
{
//store all service tag attributes in Server scope for faster access.
if(not isdefined("Server.serviceTagAttributes.#tagName#"))
{	
lock scope="server" timeout="30" throwontimeout="yes"  
type="exclusive"
{
var cftldpath = expandpath("/WEB-INF/cftags/META-INF/ 
taglib.cftld");
var xpath = "/taglib/ 
tag[name=’#lcase(Right(tagName,len(tagName)-2))#’]/attribute/name";
var cftagsXml = XmlParse(FileRead(cftldpath));
var tagAttributes = xmlsearch(cftagsXml,xpath);
var attributeslist = "";
for(i=1;i lte arraylen(tagAttributes); i++)

All those var-declarations... but i is not among them!

private array function appendAllowExtraAttributes(array params)
{
var temp = [];
var nbrOfParams = arraylen(arguments.params);
for(i=1; i lte nbrOfParams; i++)

i is not var-declared.

varScoper also did not spot a number of un-var’d variables in the  
invokeTag() method. Here are some that I found by inspection:

            <cfcase value="CFHTTP">
                <cfhttp attributeCollection="#tagAttributes#">
                    <cfloop array="#params#" index="httpparam">
                        <cfhttpparam attributeCollection="#httpparam#">
                    </cfloop>

httpparam is not var-declared.

            <cfcase value="CFPDF">
<!--- If the "source" attribute contains any cfdocument or cfpdf  
variables, we need to pass a variable with that value instead of the  
value --->
                <cfset var sourceVar = "">
                <cfif structkeyexists(tagAttributes,"source") and not  
isSimpleValue(tagAttributes["source"])>
                      <cfset sourceVar = tagAttributes["source"]>
                      <cfset structappend(tagAttributes, 
{source="sourceVar"})>
                </cfif>
<cfpdf attributeCollection="#tagAttributes#">
                    <cfif  
comparenocase(tagAttributes["action"],"merge") eq 0>
                        <cfif arraylen(params) gt 0>
                            <cfloop array="#params#" index="pdfparam">
                                <cfpdfparam  
attributeCollection="#pdfparam#">
                            </cfloop>

pdfparam is not var-declared.

        <cfcase value="CFMAIL">
            <cfset var mailbody = "">
<cfset var mailpartbody = "">
<cfset var parts = structkeyexists(tagParams,"parts") ?  
appendAllowExtraAttributes(tagParams["parts"]) : []>
                <!--- if query attribute exists, pass a variable with  
query object instead of the query object --->
<cfif structkeyexists(tagAttributes,"query") and  
isquery(tagAttributes["query"])>
                      <cfset var queryVar = tagAttributes[’query’]>
                      <cfset structappend(tagAttributes, 
{query="queryVar"},"yes")>
            </cfif>
                <!--- Capture mail content into a local variable and  
delete body attribute --->
                <cfif structkeyexists(tagAttributes,"body")>
                      <cfset var mailbody = tagAttributes["body"]>
                      <cfset structdelete(tagAttributes,"body")>
                </cfif>
<!--- invoke the cfmail/cfmailparams/cfmailpart tags --->
                <cfmail attributeCollection="#tagAttributes#">
                    #mailbody#
                    <cfloop array="#params#" index="mailparam">
                        <cfmailparam attributeCollection="#mailparam#">
                    </cfloop>
                    <cfloop array="#parts#" index="mailpart">

mailparam and mailpart are not var-declared.

            <cfcase value="CFQUERY">
<cfset var sqlparams = structkeyexists(tagParams,"params") ?  
tagParams["params"] : []>
<cfset var sqlArray = structkeyexists(tagParams,"sqlArray") ?  
tagParams["sqlArray"] : []>
<cfset var sqlQuery = structkeyexists(tagParams,"sql") ?  
tagParams["sql"] : "">
<cfset var sqlType = structkeyexists(tagParams,"sqlType") ?  
tagParams["sqlType"] : "">
                <cfquery attributeCollection="#tagAttributes#">
                    <!--- if no queryparams exist, use query directly  
--->
                    <cfif arraylen(sqlParams) eq 0>
                        #PreserveSingleQuotes(sqlQuery)#
                    <cfelse>
                        #getPreserveSingleQuotes(sqlArray[1])#
                        <cfif sqlType neq "" and arraylen(sqlParams)  
gt 0>
                            <cfloop index="i" from="2"  
to="#ArrayLen(sqlArray)#">

i is not var-declared.

            <cfcase value="CFSTOREDPROC">
<cfset var procresults =  
structkeyexists(tagParams,"procresults") ?  
appendAllowExtraAttributes(tagParams["procresults"]) : []>
                <cfset var spResult = new storedprocResult()>
                <cfstoredproc attributeCollection="#tagAttributes#">
                    <cfloop array="#params#" index="procparam">
                        <cfprocparam  
attributeCollection="#procparam#"/>
                    </cfloop>
                    <cfloop array="#procresults#" index="procresult">


procparam and procresult are not var-declared (and are both used in  
other loops after that).

Sean Corfield
Bay Area ColdFusion User Group Manager
http://bacfug.org -- sean@corfield.org



Method:


Result:

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3037799

External Customer Info:
External Company:  
External Customer Name: Sean Corfield
External Customer Email: 479B4EDC43F3A88B992016B6
External Test Config: 03/11/2009

Attachments:

Comments: