]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd8fc3a) | patch
[3.14] gh-139283: correctly handle `size` limit in `cursor.fetchmany()` (GH-139296...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 7 Oct 2025 19:23:08 +0000 (21:23 +0200)
committerGitHub <noreply@github.com>
Tue, 7 Oct 2025 19:23:08 +0000 (21:23 +0200)
commitcde02ae7825c09ded31e253bc58839716a943795
treeb3e401b519d91c82fff9b0a10f14027c4fcaeef2tree | snapshot
parentcd8fc3aad33ef8c384281e2378a09fedfb934bfdcommit | diff
[3.14] gh-139283: correctly handle `size` limit in `cursor.fetchmany()` (GH-139296) (GH-139441)

Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.

While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
(cherry picked from commit bc172ee8307431caf4c89612e9e454081635191f)

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Doc/library/sqlite3.rst diff | blob | blame | history
Lib/test/test_sqlite3/test_dbapi.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2025-09-24-13-39-56.gh-issue-139283.jODz_q.rst [new file with mode: 0644] blob
Modules/_sqlite/clinic/cursor.c.h diff | blob | blame | history
Modules/_sqlite/cursor.c diff | blob | blame | history
Modules/_sqlite/cursor.h diff | blob | blame | history
Mirror of https://github.com/python/cpython.git