Code

Opened 6 years ago

Closed 5 years ago

Last modified 3 years ago

#9848 closed (fixed)

QuerySet.update() can cause data corruption if the QuerySet filters only on fields in other tables

Reported by: Jamie Gennis Owned by: jgennis
Component: Database layer (models, ORM) Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Changeset 7496 introduced an optimization for filtered updates that eliminates the table being updated from the sub-select used to do the filtering. This optimization is used when the filter does not reference any fields in the update-table (i.e. the table being updated). To do this the sub-select must select IDs from a column in one of the related tables rather than the update-table. However, the where clause of the update still filters based on the primary key of the update-table being in the result set of the sub-select. This means that in some cases it will update the rows for which the update-table's primary key matches the primary key of one of the related tables, potentially causing data corruption.

Attachments (1)

filtered_update_fix.diff (3.2 KB) - added by Jamie Gennis 6 years ago.

Download all attachments as: .zip

Change History (8)

Changed 6 years ago by Jamie Gennis

comment:1 Changed 6 years ago by jgennis

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to jgennis
  • Patch needs improvement unset
  • Status changed from new to assigned

comment:2 Changed 5 years ago by jacob

  • milestone set to 1.1
  • Triage Stage changed from Unreviewed to Accepted

comment:3 Changed 5 years ago by Alex

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in r10528.

comment:4 Changed 5 years ago by mtredinnick

I wasn't losing my mind after all. This was fixed in r9967 (I thought that was the case, but applied the test here to the wrong revision when verifying that). So, for the record, that's when it was fixed.

comment:5 Changed 5 years ago by kmtracey

(In [10607]) [1.0.X] Added a test from Jamie Gennis to ensure #9848 doesn't reappear.

The bug itself was fixed at some point in the past months (there have
been a few improvements to update() recently). Fixed #9848.

(Merge of r10528 from trunk. Per comment in #9848 the fix was in r9967,
which was backported in r9968, thus it seems right to backport the new
test as well.)

comment:6 Changed 5 years ago by julianb

Does this fix #10875, too?

comment:7 Changed 3 years ago by jacob

  • milestone 1.1 deleted

Milestone 1.1 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.