QuerySet.update() can cause data corruption if the QuerySet filters only on fields in other tables

[Jamie Gennis]

Changeset ​7496 introduced an optimization for filtered updates that eliminates the table being updated from the sub-select used to do the filtering. This optimization is used when the filter does not reference any fields in the update-table (i.e. the table being updated). To do this the sub-select must select IDs from a column in one of the related tables rather than the update-table. However, the where clause of the update still filters based on the primary key of the update-table being in the result set of the sub-select. This means that in some cases it will update the rows for which the update-table's primary key matches the primary key of one of the related tables, potentially causing data corruption.

[Alex Gaynor]

Fixed in r10528.

[Malcolm Tredinnick]

I wasn't losing my mind after all. This was fixed in r9967 (I thought that was the case, but applied the test here to the wrong revision when verifying that). So, for the record, that's when it was fixed.

[Karen Tracey]

(In [10607]) [1.0.X] Added a test from Jamie Gennis to ensure #9848 doesn't reappear.

The bug itself was fixed at some point in the past months (there have
been a few improvements to update() recently). Fixed #9848.

(Merge of r10528 from trunk. Per comment in #9848 the fix was in r9967,
which was backported in r9968, thus it seems right to backport the new
test as well.)

[Julian Bez]

Does this fix #10875, too?

[Jacob]

Milestone 1.1 deleted