This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author erlendaasland
Recipients berker.peksag, erlendaasland, serhiy.storchaka
Date 2021-05-19.21:40:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1621460454.04.0.00376149144587.issue44165@roundup.psfhosted.org>
In-reply-to
Content 
Regarding the maximum length of an SQL string, quoting from https://sqlite.org/limits.html:
"The current implementation will only support a string or BLOB length up to 2^31-1 or 2147483647. And some built-in functions such as hex() might fail well before that point. In security-sensitive applications it is best not to try to increase the maximum string and blob length. In fact, you might do well to lower the maximum string and blob length to something more in the range of a few million if that is possible."

The size returned from functions such as PyUnicode_AsUTF8AndSize is Py_ssize_t. I suggest checking the passed SQL string size and raising OverflowError if the SQL string is larger than 2^31-1.
History
Date User Action Args
2021-05-19 21:42:21erlendaaslandunlinkissue44165 messages
2021-05-19 21:40:54erlendaaslandsetrecipients: + erlendaasland, berker.peksag, serhiy.storchaka
2021-05-19 21:40:54erlendaaslandsetmessageid: <1621460454.04.0.00376149144587.issue44165@roundup.psfhosted.org>
2021-05-19 21:40:54erlendaaslandlinkissue44165 messages
2021-05-19 21:40:53erlendaaslandcreate