This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author erlendaasland
Recipients erlendaasland, serhiy.storchaka
Date 2021-11-08.17:40:00
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1636393200.96.0.803607204185.issue45754@roundup.psfhosted.org>
In-reply-to
Content 
In Modules/_sqlite/statement.c pysqlite_statement_create() and Modules/_sqlite/cursor.c pysqlite_cursor_executescript_impl(), we incorrectly use SQLITE_LIMIT_LENGTH to check statement length. However, the correct limit is *SQLITE_LIMIT_SQL_LENGTH*.

### Alternative 1:
Quick fix is to check against SQLITE_LIMIT_SQL_LENGTH instead of SQLITE_LIMIT_LENGTH.

### Alternative 2:
Let SQLite do the check for us, and instead add integer overflow check, since Py_ssize_t may be larger than int (sqlite3_prepare_v2() uses an int as the max statement length parameter).

### Alternative 3:
As alternative 2, but alter the sqlite3_prepare_v2() call to accept _any_ length (max statement length = -1).


See also:
- https://sqlite.org/limits.html
- https://sqlite.org/c3ref/c_limit_attached.html
- https://sqlite.org/c3ref/prepare.html
History
Date User Action Args
2021-11-08 17:40:01erlendaaslandsetrecipients: + erlendaasland, serhiy.storchaka
2021-11-08 17:40:00erlendaaslandsetmessageid: <1636393200.96.0.803607204185.issue45754@roundup.psfhosted.org>
2021-11-08 17:40:00erlendaaslandlinkissue45754 messages
2021-11-08 17:40:00erlendaaslandcreate