[Python-checkins] cpython (3.5): Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
serhiy.storchaka
python-checkins at python.org
Mon Sep 26 17:16:42 EDT 2016
https://hg.python.org/cpython/rev/c739660489c1
changeset: 104087:c739660489c1
branch: 3.5
parent: 104083:112060f8abe8
user: Serhiy Storchaka <storchaka at gmail.com>
date: Tue Sep 27 00:10:03 2016 +0300
summary:
Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
if pass invalid string-like object as a name. Patch by Xiang Zhang.
files:
Lib/sqlite3/test/hooks.py | 22 ++++++++++++++++++++++
Misc/NEWS | 3 +++
Modules/_sqlite/connection.c | 6 ++++--
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/Lib/sqlite3/test/hooks.py b/Lib/sqlite3/test/hooks.py
--- a/Lib/sqlite3/test/hooks.py
+++ b/Lib/sqlite3/test/hooks.py
@@ -25,6 +25,11 @@
import sqlite3 as sqlite
class CollationTests(unittest.TestCase):
+ def CheckCreateCollationNotString(self):
+ con = sqlite.connect(":memory:")
+ with self.assertRaises(TypeError):
+ con.create_collation(None, lambda x, y: (x > y) - (x < y))
+
def CheckCreateCollationNotCallable(self):
con = sqlite.connect(":memory:")
with self.assertRaises(TypeError) as cm:
@@ -36,6 +41,23 @@
with self.assertRaises(sqlite.ProgrammingError):
con.create_collation("collä", lambda x, y: (x > y) - (x < y))
+ def CheckCreateCollationBadUpper(self):
+ class BadUpperStr(str):
+ def upper(self):
+ return None
+ con = sqlite.connect(":memory:")
+ mycoll = lambda x, y: -((x > y) - (x < y))
+ con.create_collation(BadUpperStr("mycoll"), mycoll)
+ result = con.execute("""
+ select x from (
+ select 'a' as x
+ union
+ select 'b' as x
+ ) order by x collate mycoll
+ """).fetchall()
+ self.assertEqual(result[0][0], 'b')
+ self.assertEqual(result[1][0], 'a')
+
@unittest.skipIf(sqlite.sqlite_version_info < (3, 2, 1),
'old SQLite versions crash on this test')
def CheckCollationIsUsed(self):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -80,6 +80,9 @@
Library
-------
+- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
+ if pass invalid string-like object as a name. Patch by Xiang Zhang.
+
- Issue #18893: Fix invalid exception handling in Lib/ctypes/macholib/dyld.py.
Patch by Madison May.
diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1523,11 +1523,13 @@
goto finally;
}
- if (!PyArg_ParseTuple(args, "O!O:create_collation(name, callback)", &PyUnicode_Type, &name, &callable)) {
+ if (!PyArg_ParseTuple(args, "UO:create_collation(name, callback)",
+ &name, &callable)) {
goto finally;
}
- uppercase_name = _PyObject_CallMethodId(name, &PyId_upper, "");
+ uppercase_name = _PyObject_CallMethodIdObjArgs((PyObject *)&PyUnicode_Type,
+ &PyId_upper, name, NULL);
if (!uppercase_name) {
goto finally;
}
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list