[New-bugs-announce] [issue20274] sqlite module has bad argument parsing code, including undefined behavior in C
Larry Hastings
report at bugs.python.org
Wed Jan 15 21:24:43 CET 2014
New submission from Larry Hastings:
The code in Modules/_sqlite/connection.c is sloppy.
The functions pysqlite_connection_execute, pysqlite_connection_executemany, and pysqlite_connection_executescript accept a third "PyObject *kwargs". However none of these functions are marked METH_KEYWORD. This only works because the kwargs parameter is actually ignored--the functions only support positional-only arguments. Obviously the "PyObject *kwargs" parameters should be removed for these three functions.
A slightly more advanced problem: pysqlite_connection_call, which implements sqlite3.Connection.__call__(), ignores its kwargs parameter completely. If it doesn't accept keyword parameters it should at least complain if any are passed in.
Georg: you want this fixed in 3.3? 3.2?
Benjamin: you want this fixed in 2.7?
----------
messages: 208189
nosy: benjamin.peterson, georg.brandl, larry
priority: normal
severity: normal
stage: needs patch
status: open
title: sqlite module has bad argument parsing code, including undefined behavior in C
type: behavior
versions: Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20274>
_______________________________________
More information about the New-bugs-announce
mailing list