classification
Title: sqlite3.Cursor.close() crashes in case the Cursor object is uninitialized
Type: crash Stage: resolved
Components: Extension Modules Versions: Python 3.7, Python 3.6, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: Oren Milman, vstinner
Priority: normal Keywords: patch

Created on 2017-10-11 19:09 by Oren Milman, last changed 2017-11-08 09:59 by vstinner. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3958 merged Oren Milman, 2017-10-11 19:41
PR 4303 merged python-dev, 2017-11-07 00:12
PR 4333 merged Oren Milman, 2017-11-08 09:29
Messages (7)
msg304172 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-10-11 19:09
The following code causes a crash:
import sqlite3
cursor = sqlite3.Cursor.__new__(sqlite3.Cursor)
cursor.close()

this is because pysqlite_cursor_close() (in Modules/_sqlite/cursor.c) assumes
that `self->connection` is not NULL, and passes it to pysqlite_check_thread(),
which crashes.


I would open a PR to fix this soon.
msg305693 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-07 00:09
New changeset edb13ae48c17210fa4b2d40a6833ca09db5c121b by Victor Stinner (Oren Milman) in branch 'master':
bpo-31764: Prevent a crash in sqlite3.Cursor.close() in case the Cursor object is uninitialized (#3958)
https://github.com/python/cpython/commit/edb13ae48c17210fa4b2d40a6833ca09db5c121b
msg305694 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-07 00:13
@Oren: The 2.7 backport is not straighforward. Would you mind to backport the fix to 2.7, please?
msg305701 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-07 00:45
New changeset b0331c94c2a210d50e43d99b249ec83ee165e70c by Victor Stinner (Miss Islington (bot)) in branch '3.6':
bpo-31764: Prevent a crash in sqlite3.Cursor.close() in case the Cursor object is uninitialized (GH-3958) (#4303)
https://github.com/python/cpython/commit/b0331c94c2a210d50e43d99b249ec83ee165e70c
msg305813 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-11-08 09:50
I opened #4333 for 2.7, but it is quite straightforward.. Am i missing something?
msg305815 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-08 09:57
New changeset cd66d6d632b4a8190e97f265ee163f11b5ae38e6 by Victor Stinner (Oren Milman) in branch '2.7':
bpo-31764: Prevent a crash in sqlite3.Cursor.close() in case the Cursor object is uninitialized (GH-4333)
https://github.com/python/cpython/commit/cd66d6d632b4a8190e97f265ee163f11b5ae38e6
msg305816 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2017-11-08 09:59
Thank you for the backport Oren, I already merged it into Python 2.7.

Thanks Oren Milman for your bug report *and* for your bug fix!


> I opened #4333 for 2.7, but it is quite straightforward.. Am i missing something?

Sorry, I had to say that "git cherry-pick" failed on 2.7. I didn't check why ;-)
History
Date User Action Args
2017-11-08 09:59:12vstinnersetstatus: open -> closed
resolution: fixed
messages: + msg305816

stage: patch review -> resolved
2017-11-08 09:57:07vstinnersetmessages: + msg305815
2017-11-08 09:50:20Oren Milmansetmessages: + msg305813
2017-11-08 09:29:23Oren Milmansetpull_requests: + pull_request4288
2017-11-07 00:45:46vstinnersetversions: + Python 2.7, Python 3.6
2017-11-07 00:45:21vstinnersetmessages: + msg305701
2017-11-07 00:13:37vstinnersetmessages: + msg305694
2017-11-07 00:12:07python-devsetpull_requests: + pull_request4266
2017-11-07 00:09:51vstinnersetnosy: + vstinner
messages: + msg305693
2017-10-11 19:41:54Oren Milmansetkeywords: + patch
stage: patch review
pull_requests: + pull_request3934
2017-10-11 19:09:18Oren Milmancreate