Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sqlite3] Fix sqlite3_value_blob() usage #87462

Closed
erlend-aasland opened this issue Feb 22, 2021 · 5 comments
Closed

[sqlite3] Fix sqlite3_value_blob() usage #87462

erlend-aasland opened this issue Feb 22, 2021 · 5 comments
Labels
3.10 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@erlend-aasland
Copy link
Contributor

BPO 43296
Nosy @berkerpeksag, @serhiy-storchaka, @erlend-aasland
PRs
  • bpo-43296: Handle sqlite3_value_blob() errors #24674
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2021-04-14.21:09:30.879>
created_at = <Date 2021-02-22.14:37:13.837>
labels = ['type-bug', 'library', '3.10']
title = '[sqlite3] Fix sqlite3_value_blob() usage'
updated_at = <Date 2021-04-14.21:15:00.455>
user = 'https://github.com/erlend-aasland'

    bugs.python.org fields:

    activity = <Date 2021-04-14.21:15:00.455>
actor = 'erlendaasland'
assignee = 'none'
closed = True
closed_date = <Date 2021-04-14.21:09:30.879>
closer = 'berker.peksag'
components = ['Library (Lib)']
creation = <Date 2021-02-22.14:37:13.837>
creator = 'erlendaasland'
dependencies = []
files = []
hgrepos = []
issue_num = 43296
keywords = ['patch']
message_count = 5.0
messages = ['387516', '387541', '387719', '391100', '391101']
nosy_count = 3.0
nosy_names = ['berker.peksag', 'serhiy.storchaka', 'erlendaasland']
pr_nums = ['24674']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue43296'
versions = ['Python 3.10']
    @erlend-aasland
    Copy link
    Contributor Author

    The sqlite3_value_() API is almost identical to the sqlite3_column_() API. sqlite3_value_bytes() should be called after we've converted the value using sqlite3_value_blob().

    See also bpo-43249.

    @erlend-aasland erlend-aasland added 3.10 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Feb 22, 2021
    @erlend-aasland
    Copy link
    Contributor Author

    Related:
    If sqlite3_value_blob() returns NULL, we should check if sqlite3_errcode() equals SQLITE_NOMEM and raise MemoryError if it does.

    If not, we should initialise cur_py_value to None, because as the PyBytes_FromStringAndSize docs says: "If v is NULL, the contents of the bytes object are uninitialized."

    @erlend-aasland erlend-aasland changed the title [sqlite3] sqlite3_value_bytes() should be called after sqlite3_value_blob() [sqlite3] Fix sqlite3_value_blob() usage Feb 26, 2021
    @erlend-aasland erlend-aasland changed the title [sqlite3] sqlite3_value_bytes() should be called after sqlite3_value_blob() [sqlite3] Fix sqlite3_value_blob() usage Feb 26, 2021
    @erlend-aasland
    Copy link
    Contributor Author

    If sqlite3_value_blob() returns NULL, we should check if sqlite3_errcode() equals SQLITE_NOMEM and raise MemoryError if it does.

    This also applies to sqlite3_value_text().

    It also applies to sqlite3_value_bytes() if a conversion takes place. We don't need to care about that as long as we call sqlite3_value_bytes() after conversion.

    Also, PyTuple_SetItem() errors are not checked.

    I would also suggest using PyUnicode_FromStringAndSize() iso. PyUnicode_FromString() in case SQLITE_TEXT, to avoid the unneeded strlen(). After sqlite3_value_text() is called, we can just use sqlite3_value_bytes(), since the length is precomputed as a result of the conversion.

    Berker, would you allow a PR to improve all these issues in _pysqlite_build_py_params(), or would you prefer them split up in multiple PR's?

    @berkerpeksag
    Copy link
    Member

    New changeset 5cb601f by Erlend Egeberg Aasland in branch 'master':
    bpo-43296: Handle sqlite3_value_blob() errors (GH-24674)
    5cb601f

    @erlend-aasland
    Copy link
    Contributor Author

    Thanks, Berker!

    I'll add separate issues for sqlite3_value_text() and the missing PyTuple_SetItem() error checks.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.10 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @berkerpeksag @erlend-aasland