[sqlite3] SQLITE_LIMIT_LENGTH is incorrectly used to check statement length #89915
Comments
|
In Modules/_sqlite/statement.c pysqlite_statement_create() and Modules/_sqlite/cursor.c pysqlite_cursor_executescript_impl(), we incorrectly use SQLITE_LIMIT_LENGTH to check statement length. However, the correct limit is *SQLITE_LIMIT_SQL_LENGTH*. ### Alternative 1: ### Alternative 2: ### Alternative 3: See also: |
|
BTW, this only affects the code in main. |
erlend-aasland
added
extension-modules
|
In alternative 1 we control the type and the message of exception. In alternative 3 we left this to the SQLite3 engine. It is difficult to keep consistency in alternative 2, errors raised for sizes less and larger than INT_MAX can be different. I think this is a serious drawback of this alternative. What happens if set SQLITE_LIMIT_SQL_LENGTH to 0 or negative value? Would it be interpreted as "no limit"? |
|
I'm leaning towards alt 1. It is also easy to test all paths with that option. But I also think alt 3 is ok. It makes for easier code to maintain. Alt 2 is, as you say, the weakest alternative.
I'm not sure about 0; I'll try to find out. If you supply -1, you are querying the limit category, not setting it. |
In this case, the limit is actually zero: >>> cx.setlimit(sqlite3.SQLITE_LIMIT_SQL_LENGTH, 0)
1024
>>> cx.execute("select 1")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
sqlite3.DataError: string or blob too big |
|
Also, SQLITE_LIMIT_LENGTH and SQLITE_LIMIT_SQL_LENGTH is inclusive in SQLite. We should treat them likewise. |
|
I believe it is best to go with alternative 1. The error strings produced by SQLite may change from release to release, so for example a buildbot update may suddenly break the CI. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: