classification
Title: crashes in sqlite3.Connection in case it is uninitialized or partially initialized
Type: crash Stage: patch review
Components: Extension Modules Versions: Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Oren Milman
Priority: normal Keywords: patch

Created on 2017-10-10 14:31 by Oren Milman, last changed 2017-10-10 21:42 by python-dev.

Pull Requests
URL Status Linked Edit
PR 3946 open python-dev, 2017-10-10 21:42
Messages (1)
msg304047 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-10-10 14:31
The following code causes a crash:
import sqlite3
connection = sqlite3.Connection.__new__(sqlite3.Connection)
connection.isolation_level

This is because pysqlite_connection_get_isolation_level() doesn't check whether
the Connection object is initialized.
pysqlite_connection_close() also doesn't check that, so we would get a crash
also if we replaced `connection.isolation_level` with `connection.close()`.

pysqlite_connection_set_isolation_level() doesn't crash in case of an
uninitialized Connection object, but it also doesn't raise an error, and IMHO
it should.


The following code causes a crash, too:
import sqlite3
try:
    connection = sqlite3.Connection.__new__(sqlite3.Connection)
    connection.__init__('', isolation_level='invalid isolation level')
except ValueError:
    pass

connection.cursor()

This is because `self->initialized` is set to 1 in the beginning of
pysqlite_connection_init(), so after it fails, we are left with a partially
initialized Connection object whose `self->initialized` is 1. Thus,
pysqlite_connection_cursor() thinks that the Connection object is initialized.
Eventually pysqlite_connection_register_cursor() is called, and it crashes
while trying to append to `connection->cursors`, which is NULL.
History
Date User Action Args
2017-10-10 21:42:00python-devsetkeywords: + patch
stage: patch review
pull_requests: + pull_request3920
2017-10-10 14:31:19Oren Milmancreate