https://github.com/python/cpython/commit/af359cee75e4806650f2b9b948e398d89ceb9555
commit: af359cee75e4806650f2b9b948e398d89ceb9555
branch: main
author: Erlend E. Aasland <[email protected]>
committer: erlend-aasland <[email protected]>
date: 2024-05-20T09:44:42-04:00
summary:
gh-118928: sqlite3: correctly bail if sequences of params are used with named
placeholders (#119197)
files:
A Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
M Modules/_sqlite/cursor.c
diff --git
a/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
b/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
new file mode 100644
index 00000000000000..61b192761731d0
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
@@ -0,0 +1,2 @@
+Fix an error where incorrect bindings in :mod:`sqlite3` queries could lead
+to a crash. Patch by Erlend E. Aasland.
diff --git a/Modules/_sqlite/cursor.c b/Modules/_sqlite/cursor.c
index 5d4b77b1a07e08..0fbd408f18cf6a 100644
--- a/Modules/_sqlite/cursor.c
+++ b/Modules/_sqlite/cursor.c
@@ -675,6 +675,7 @@ bind_parameters(pysqlite_state *state, pysqlite_Statement
*self,
"supplied a sequence which requires nameless (qmark) "
"placeholders.",
i+1, name);
+ return;
}
if (PyTuple_CheckExact(parameters)) {
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]
