[Python-checkins] cpython (2.7): Issue #21147: sqlite3 now raises an exception if the request contains a null

serhiy.storchaka python-checkins at python.org
Thu Sep 11 12:33:39 CEST 2014

• Previous message: [Python-checkins] cpython: Issue #13968: The glob module now supports recursive search in
• Next message: [Python-checkins] cpython (3.4): Issue #21147: sqlite3 now raises an exception if the request contains a null
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

http://hg.python.org/cpython/rev/430865e9ea9f
changeset: 92401:430865e9ea9f
branch: 2.7
parent: 92397:d6c7ab5a2065
user: Serhiy Storchaka <storchaka at gmail.com>
date: Thu Sep 11 13:27:19 2014 +0300
summary:
 Issue #21147: sqlite3 now raises an exception if the request contains a null
character instead of truncate it. Based on patch by Victor Stinner.
files:
 Lib/sqlite3/test/regression.py | 10 ++++++++++
 Misc/NEWS | 3 +++
 Modules/_sqlite/connection.c | 3 ++-
 Modules/_sqlite/statement.c | 7 +++++--
 4 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/Lib/sqlite3/test/regression.py b/Lib/sqlite3/test/regression.py
--- a/Lib/sqlite3/test/regression.py
+++ b/Lib/sqlite3/test/regression.py
@@ -319,6 +319,16 @@
 sqlite.connect, ":memory:", isolation_level=123)
 
 
+ def CheckNullCharacter(self):
+ # Issue #21147
+ con = sqlite.connect(":memory:")
+ self.assertRaises(ValueError, con, "0円select 1")
+ self.assertRaises(ValueError, con, "select 10円")
+ cur = con.cursor()
+ self.assertRaises(ValueError, cur.execute, " 0円select 2")
+ self.assertRaises(ValueError, cur.execute, "select 20円")
+
+
 def suite():
 regression_suite = unittest.makeSuite(RegressionTests, "Check")
 return unittest.TestSuite((regression_suite,))
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -22,6 +22,9 @@
 Library
 -------
 
+- Issue #21147: sqlite3 now raises an exception if the request contains a null
+ character instead of truncate it. Based on patch by Victor Stinner.
+
 - Issue #21951: Fixed a crash in Tkinter on AIX when called Tcl command with
 empty string or tuple argument.
 
diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1215,7 +1215,8 @@
 if (rc == PYSQLITE_TOO_MUCH_SQL) {
 PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time.");
 } else if (rc == PYSQLITE_SQL_WRONG_TYPE) {
- PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
+ if (!PyErr_Occurred() || PyErr_ExceptionMatches(PyExc_TypeError))
+ PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
 } else {
 (void)pysqlite_statement_reset(statement);
 _pysqlite_seterror(self->db, NULL);
diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@@ -74,12 +74,15 @@
 rc = PYSQLITE_SQL_WRONG_TYPE;
 return rc;
 }
+ sql_cstr = PyString_AsString(sql_str);
+ if (strlen(sql_cstr) != (size_t)PyString_GET_SIZE(sql_str)) {
+ PyErr_SetString(PyExc_ValueError, "the query contains a null character");
+ return PYSQLITE_SQL_WRONG_TYPE;
+ }
 
 self->in_weakreflist = NULL;
 self->sql = sql_str;
 
- sql_cstr = PyString_AsString(sql_str);
-
 Py_BEGIN_ALLOW_THREADS
 rc = sqlite3_prepare(connection->db,
 sql_cstr,
-- 
Repository URL: http://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython: Issue #13968: The glob module now supports recursive search in
• Next message: [Python-checkins] cpython (3.4): Issue #21147: sqlite3 now raises an exception if the request contains a null
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list