Found a huge bug in my code

It is me, or do you also get that "Aahhhhh..." feeling when you finally finally find a bug, that has been bugging you for a long time. In my case, YEARS this stupid bug has caused the CSS and the images on my (45,000) websites to sometimes, once in a while, screw up the entire site.

Today I found it. Oh man it's better than anything. I need a drink!

Hot Chocolate is my drink. I'm so exciting.

Congrats on the finale of the hunt.


I's cliché, but appropriate.

Want to describe the bug? I'm curious

Stupid bug really.

I have about 45,000 domains hosted at rentyourdot.com, with about 100 templates. Filenames were accessed using something like /images/template/filename.filetype.

Example, /images/redtemplate/header.jpg

I didn't want Google to realize that of the 45,000 websites I have that many of them had the same template. So one of the many things I did was remove the template name from all the templates, so that images and CSS files now appeared to be generic rather than all coming from one folder. I made it grab templates, based on a session ID and then accessed the files by

/images/header.jpg

Then I used url rewrite to change the image location from /images/header.jpg to /images/redtemplate/header.jpg

This means, that two different templates, could both access /images/header.jpg, but they would get different images. This was correct.

Example,

/images/header.jpg -> /images/redtemplate/header.jpg if the person was using the red template
/images/header.jpg -> /images/bluetemplate/header.jpg if the person was using the blue template

This was working most of the time. However there was the possibility that there actually were collisions in the MD5 cache system, because I was using the short name to determine the cache filename, not the long version

ie:

if the person was using the red template
/images/header.jpg -> /images/redtemplate/header.jpg -> md5(/images/header.jpg) -> e4d909c290d0fb1ca068ffaddf22cbd0.jpg

if the person was using the blue template
/images/header.jpg -> /images/bluetemplate/header.jpg -> md5(/images/header.jpg) -> e4d909c290d0fb1ca068ffaddf22cbd0.jpg

SAME MD5!! This means that if the file was cached, the red template, was showing the blue images. When the cache would expire, it would work properly, and the blue template would show red images.

Since most of the time, the MD5 would not have collisions in the cache name, it would work for most file, ie:

/images/header.jpg (redtemplate)
/images/header2.jpg (bluetemplate)

Now, there would not be a collision in the MD5 encoding.

Does any of this make sense? What I am getting at is, I should have been using the MD5 name of the target image name, not the source image name.

/images/redtemplate/header.jpg -> e4d909c290d0fb1ca068ffaddf22cbd0.jpg
/images/bluetemplate/header.jpg -> d41d8cd98f00b204e9800998ecf8427e.jpg

Here is what the bug came down to:

$cname = md5($sname);

vs:

$cname = md5($dname);

One letter difference (source vs destination) meant the wrong name was used and everything worked 99% of the time, instead of 100% of the time.

I could't find this for the life of me!!!

Here is an example of it working correctly (template name is yeso):

http://www.photofight.com/images/yeso/smile.gif

Remapped (template name is still yeso, but you don't see the remapping):

http://www.photofight.com/images/smile.gif

Nice find. I have to say, though, IMO had you used something a bit more descriptive than sname vs. dname, this might not have grown into such a challenge. There are definitely benefits to using conventions.

Well the problem is the system is huge, and this one element was so simple, obvious, whenever I looked at the code I thought "Of course it's source name. Even though I knew what was happening, I thought it was the right thing.

If I had labeled it $source_name and $destination_name, I would have still made the same bug, since they bug was in my thinking - it was not just a typo.

I think it comes down to not being able to step through PHP the same way you can step through C++. If I could have hit F11 like in MSVC++, I would have seen it using the wrong value.

That is such a minor bug that it is unnoticeable. I made a lot of those types of mistakes, but gladly all those systems were small and ones that I wrote from scratch.

Tried Zend with xdebug before? You can get some nice runtime results with the combo.

Congrats...Nice find by you. At last you found the bug. Can you describe it?

Yes, it's always "Aahhh..." especially with those hard-to-track bugs that you finally trace to a single line of code. (or in your case, a single character )

This comment has always bugged me, and today I couldn't help but wonder what Google thinks of the several thousand sites all using phpBB/VBulitin/etc default themes out there. Even a lot of the non-default themes are pretty much the default themes with different CSS files.