[issue43852] [sqlite3] Harden tuple creation
Erlend Egeberg Aasland
report at bugs.python.org
Thu Apr 15 05:23:35 EDT 2021
New submission from Erlend Egeberg Aasland <erlend.aasland at innova.no>:
All but one of the PyTuple_SetItem() calls are executed without checking the return value.
Callers:
$ grep -r PyTuple_SetItem Modules/_sqlite
Modules/_sqlite/connection.c: PyTuple_SetItem(args, i, cur_py_value);
Modules/_sqlite/cursor.c: PyTuple_SetItem(row, i, converted);
Modules/_sqlite/cursor.c: if (PyTuple_SetItem(func_args, 0, Py_NewRef(operation)) != 0) {
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 0, column_name);
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 1, Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 2, Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 3, Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 4, Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 5, Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 6, Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(self->description, i, descriptor);
All of these are operating on newly created tuples, so I suggest replacing them with PyTuple_SET_ITEM() instead of adding error handling.
For the users in _pysqlite_query_execute() I also suggest to move the tuple creation closer to the code that fills it, in order to minimise the number of decref's needed in case of error.
----------
components: Extension Modules
files: patch.diff
keywords: patch
messages: 391122
nosy: berker.peksag, erlendaasland, serhiy.storchaka
priority: normal
severity: normal
status: open
title: [sqlite3] Harden tuple creation
type: behavior
versions: Python 3.10
Added file: https://bugs.python.org/file49960/patch.diff
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43852>
_______________________________________
More information about the Python-bugs-list
mailing list