This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: [sqlite3] sqlite3.connect() segfaults if given a faulty Connection factory
Type: crash Stage: resolved
Components: Library (Lib) Versions: Python 3.10
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: berker.peksag, erlendaasland, pablogsal, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2021-03-04 10:54 by erlendaasland, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
patch.diff erlendaasland, 2021-03-04 10:54
Pull Requests
URL Status Linked Edit
PR 27966 merged erlendaasland, 2021-08-26 09:46
Messages (5)
msg388082 - (view) Author: Erlend E. Aasland (erlendaasland) * (Python triager) Date: 2021-03-04 10:54 
If the connection factory __init__ method fails, we hit a seg. fault when pysqlite_do_all_statements() is called to clean up the defect connection: PyList_Size received a NULL pointer.

Suggested fix:
Split pysqlite_do_all_statements() in two: one function for resetting cursors, and one for resetting/finalising statements. In each function, check if the respective lists are NULL pointers before iterating. See attached proposed patch.

Test:
    def test_invalid_connection_factory(self):
        class DefectFactory(sqlite.Connection):
            def __init__(self, *args, **kwargs):
                return None
        self.con = sqlite.connect(":memory:", factory=DefectFactory)
msg400329 - (view) Author: Erlend E. Aasland (erlendaasland) * (Python triager) Date: 2021-08-26 09:45 
This issue has been fixed by recent sqlite3 improvements. Suggesting to still expand the test suite with tests for defect connection factories.
msg400642 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-08-30 17:49 
New changeset f62763d26755260c31c717fb396550e00eb6b2a0 by Erlend Egeberg Aasland in branch 'main':
bpo-43398: Add test for defect connection factories (GH-27966)
https://github.com/python/cpython/commit/f62763d26755260c31c717fb396550e00eb6b2a0
msg400643 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-08-30 17:49 
Is something missing here?
msg400654 - (view) Author: Erlend E. Aasland (erlendaasland) * (Python triager) Date: 2021-08-30 18:33 
> Is something missing here?

No; all good. Thanks!
History
Date User Action Args
2022-04-11 14:59:42adminsetgithub: 87564
2021-08-30 18:33:19erlendaaslandsetmessages: + msg400654
2021-08-30 17:49:59pablogsalsetstatus: open -> closed
resolution: fixed
messages: + msg400643

stage: resolved
2021-08-30 17:49:42pablogsalsetstatus: pending -> open
nosy: + pablogsal
messages: + msg400642

2021-08-26 09:47:35erlendaaslandsetstatus: open -> pending
2021-08-26 09:46:00erlendaaslandsetstatus: pending -> open
pull_requests: + pull_request26413
2021-08-26 09:45:22erlendaaslandsetstatus: open -> pending

messages: + msg400329
2021-03-04 10:54:37erlendaaslandcreate