classification
Title: Bugs in binding parameters in sqlite3
Type: behavior Stage: resolved
Components: Extension Modules Versions: Python 3.10, Python 3.9, Python 3.8
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: BTaskaya, ghaering, methane, miss-islington, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2020-08-29 13:05 by serhiy.storchaka, last changed 2020-10-26 05:46 by methane. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 21998 merged serhiy.storchaka, 2020-08-29 13:11
PR 22289 merged miss-islington, 2020-09-17 07:36
PR 22290 merged miss-islington, 2020-09-17 07:36
Messages (4)
msg376062 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2020-08-29 13:05
There are few bugs in the code for binding parameters specified in the sqlite3 module:

1. If argument "parameters" is a list, PyList_GET_ITEM() is called in a loop, but the size of the list is read only once before loop. Since the list can be changed during iteration, it can cause reading past the end of the list.

2. If argument "parameters" is a custom sequence, all exceptions raised in __len__() (including KeybordInterrupt) are overridden by a ProgrammingError.
msg377038 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2020-09-17 07:35
New changeset 0b419b791077414bbc011a412698ebb362b63761 by Serhiy Storchaka in branch 'master':
bpo-41662: Fix bugs in binding parameters in sqlite3 (GH-21998)
https://github.com/python/cpython/commit/0b419b791077414bbc011a412698ebb362b63761
msg377042 - (view) Author: miss-islington (miss-islington) Date: 2020-09-17 07:57
New changeset f76a3889d1fc6c5514323866a047b642c6da4e9b by Miss Islington (bot) in branch '3.9':
bpo-41662: Fix bugs in binding parameters in sqlite3 (GH-21998)
https://github.com/python/cpython/commit/f76a3889d1fc6c5514323866a047b642c6da4e9b
msg379641 - (view) Author: Inada Naoki (methane) * (Python committer) Date: 2020-10-26 05:46
New changeset a053a7ecfef006b834a9957468fa461dafb332db by Miss Skeleton (bot) in branch '3.8':
bpo-41662: Fix bugs in binding parameters in sqlite3 (GH-21998)
https://github.com/python/cpython/commit/a053a7ecfef006b834a9957468fa461dafb332db
History
Date User Action Args
2020-10-26 05:46:15methanesetnosy: + methane
messages: + msg379641
2020-09-17 08:51:18serhiy.storchakasetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2020-09-17 07:57:21miss-islingtonsetmessages: + msg377042
2020-09-17 07:36:26miss-islingtonsetpull_requests: + pull_request21343
2020-09-17 07:36:17miss-islingtonsetnosy: + miss-islington
pull_requests: + pull_request21342
2020-09-17 07:35:48serhiy.storchakasetmessages: + msg377038
2020-08-29 13:11:43serhiy.storchakasetkeywords: + patch
stage: patch review
pull_requests: + pull_request21104
2020-08-29 13:05:08serhiy.storchakacreate