[New-bugs-announce] [issue41662] Bugs in binding parameters in sqlite3
Serhiy Storchaka
report at bugs.python.org
Sat Aug 29 09:05:08 EDT 2020
New submission from Serhiy Storchaka <storchaka+cpython at gmail.com>:
There are few bugs in the code for binding parameters specified in the sqlite3 module:
1. If argument "parameters" is a list, PyList_GET_ITEM() is called in a loop, but the size of the list is read only once before loop. Since the list can be changed during iteration, it can cause reading past the end of the list.
2. If argument "parameters" is a custom sequence, all exceptions raised in __len__() (including KeybordInterrupt) are overridden by a ProgrammingError.
----------
components: Extension Modules
messages: 376062
nosy: BTaskaya, ghaering, serhiy.storchaka
priority: normal
severity: normal
status: open
title: Bugs in binding parameters in sqlite3
type: behavior
versions: Python 3.10, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41662>
_______________________________________
More information about the New-bugs-announce
mailing list