This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: crashes in sqlite3.Connection in case it is uninitialized or partially initialized
Type: crash Stage: resolved
Components: Extension Modules Versions: Python 3.11, Python 3.10, Python 3.9
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: erlendaasland Nosy List: Oren Milman, erlendaasland, lukasz.langa, pablogsal
Priority: normal Keywords: patch

Created on 2017-10-10 14:31 by Oren Milman, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3946 closed python-dev, 2017-10-10 21:42
PR 27431 merged erlendaasland, 2021-07-28 20:56
PR 27463 closed pablogsal, 2021-07-29 20:14
PR 27464 merged erlendaasland, 2021-07-29 20:25
PR 27465 merged erlendaasland, 2021-07-29 20:35
PR 27472 closed erlendaasland, 2021-07-30 05:29
Messages (5)
msg304047 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-10-10 14:31
The following code causes a crash:
import sqlite3
connection = sqlite3.Connection.__new__(sqlite3.Connection)
connection.isolation_level

This is because pysqlite_connection_get_isolation_level() doesn't check whether
the Connection object is initialized.
pysqlite_connection_close() also doesn't check that, so we would get a crash
also if we replaced `connection.isolation_level` with `connection.close()`.

pysqlite_connection_set_isolation_level() doesn't crash in case of an
uninitialized Connection object, but it also doesn't raise an error, and IMHO
it should.


The following code causes a crash, too:
import sqlite3
try:
    connection = sqlite3.Connection.__new__(sqlite3.Connection)
    connection.__init__('', isolation_level='invalid isolation level')
except ValueError:
    pass

connection.cursor()

This is because `self->initialized` is set to 1 in the beginning of
pysqlite_connection_init(), so after it fails, we are left with a partially
initialized Connection object whose `self->initialized` is 1. Thus,
pysqlite_connection_cursor() thinks that the Connection object is initialized.
Eventually pysqlite_connection_register_cursor() is called, and it crashes
while trying to append to `connection->cursors`, which is NULL.
msg398513 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-07-29 19:45
New changeset 7e311e496b0e26b3d3c62fe9b0ed2a4677c37ee9 by Erlend Egeberg Aasland in branch 'main':
bpo-31746: Prevent segfaults when sqlite3.Connection is uninitialised (GH-27431)
https://github.com/python/cpython/commit/7e311e496b0e26b3d3c62fe9b0ed2a4677c37ee9
msg398515 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-07-29 20:47
New changeset 2d34664051bd014d3b807e51ac7c53f37d90f444 by Erlend Egeberg Aasland in branch 'main':
bpo-31746: Fix broken call in GH-27431 (GH-27464)
https://github.com/python/cpython/commit/2d34664051bd014d3b807e51ac7c53f37d90f444
msg398517 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-07-29 21:13
New changeset 0bc17658f5724ce60c3f75acc01e7526f1720efe by Erlend Egeberg Aasland in branch '3.9':
[3.9] bpo-31746: Prevent segfaults when sqlite3.Connection is uninitialised (GH-27431) (GH-27465)
https://github.com/python/cpython/commit/0bc17658f5724ce60c3f75acc01e7526f1720efe
msg398540 - (view) Author: Łukasz Langa (lukasz.langa) * (Python committer) Date: 2021-07-30 12:01
New changeset 0cb470e622ba37920c72e4d8f284741b9fbaea8b by Erlend Egeberg Aasland in branch '3.10':
[3.10] bpo-31746: Prevent segfaults when sqlite3.Connection is uninitialised (GH-27431). (GH-27472)
https://github.com/python/cpython/commit/0cb470e622ba37920c72e4d8f284741b9fbaea8b
History
Date User Action Args
2022-04-11 14:58:53adminsetgithub: 75927
2021-07-30 12:03:10erlendaaslandsetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2021-07-30 12:01:32lukasz.langasetstatus: pending -> open
nosy: + lukasz.langa
messages: + msg398540

2021-07-30 07:37:08erlendaaslandsetstatus: open -> pending
assignee: erlendaasland
versions: + Python 3.9, Python 3.10, Python 3.11, - Python 3.7
2021-07-30 05:29:50erlendaaslandsetpull_requests: + pull_request25991
2021-07-29 21:13:11pablogsalsetmessages: + msg398517
2021-07-29 20:47:31pablogsalsetmessages: + msg398515
2021-07-29 20:35:27erlendaaslandsetpull_requests: + pull_request25988
2021-07-29 20:25:46erlendaaslandsetpull_requests: + pull_request25987
2021-07-29 20:14:46pablogsalsetpull_requests: + pull_request25986
2021-07-29 19:45:36pablogsalsetnosy: + pablogsal
messages: + msg398513
2021-07-28 20:56:00erlendaaslandsetnosy: + erlendaasland
pull_requests: + pull_request25960
2017-10-10 21:42:00python-devsetkeywords: + patch
stage: patch review
pull_requests: + pull_request3920
2017-10-10 14:31:19Oren Milmancreate