[New-bugs-announce] [issue31746] crashes in sqlite3.Connection in case it is uninitialized or partially initialized

[Oren Milman]

New submission from Oren Milman <orenmn at gmail.com>:

The following code causes a crash:
import sqlite3
connection = sqlite3.Connection.__new__(sqlite3.Connection)
connection.isolation_level

This is because pysqlite_connection_get_isolation_level() doesn't check whether
the Connection object is initialized.
pysqlite_connection_close() also doesn't check that, so we would get a crash
also if we replaced `connection.isolation_level` with `connection.close()`.

pysqlite_connection_set_isolation_level() doesn't crash in case of an
uninitialized Connection object, but it also doesn't raise an error, and IMHO
it should.


The following code causes a crash, too:
import sqlite3
try:
    connection = sqlite3.Connection.__new__(sqlite3.Connection)
    connection.__init__('', isolation_level='invalid isolation level')
except ValueError:
    pass

connection.cursor()

This is because `self->initialized` is set to 1 in the beginning of
pysqlite_connection_init(), so after it fails, we are left with a partially
initialized Connection object whose `self->initialized` is 1. Thus,
pysqlite_connection_cursor() thinks that the Connection object is initialized.
Eventually pysqlite_connection_register_cursor() is called, and it crashes
while trying to append to `connection->cursors`, which is NULL.

----------
components: Extension Modules
messages: 304047
nosy: Oren Milman
priority: normal
severity: normal
status: open
title: crashes in sqlite3.Connection in case it is uninitialized or partially initialized
type: crash
versions: Python 3.7

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31746>
_______________________________________