gh-118928: sqlite3: correctly bail if sequences of params are used with named placeho...

author Erlend E. Aasland <erlend@python.org>

Mon, 20 May 2024 13:44:42 +0000 (09:44 -0400)

committer GitHub <noreply@github.com>

Mon, 20 May 2024 13:44:42 +0000 (09:44 -0400)
author Erlend E. Aasland <erlend@python.org>
Mon, 20 May 2024 13:44:42 +0000 (09:44 -0400)
committer GitHub <noreply@github.com>
Mon, 20 May 2024 13:44:42 +0000 (09:44 -0400)
diff --git a/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst b/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst

new file mode 100644 (file)

index 0000000..61b1927
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
@@ -0,0 +1,2 @@
+Fix an error where incorrect bindings in :mod:`sqlite3` queries could lead
+to a crash. Patch by Erlend E. Aasland.
diff --git a/Modules/_sqlite/cursor.c b/Modules/_sqlite/cursor.c

index 5d4b77b1a07e0856ecbe140d520b5c84b9d321f8..0fbd408f18cf6ab9f8d853def9f363e9a424976b 100644 (file)
--- a/Modules/_sqlite/cursor.c
+++ b/Modules/_sqlite/cursor.c
@@ -675,6 +675,7 @@ bind_parameters(pysqlite_state *state, pysqlite_Statement *self,
                          "supplied a sequence which requires nameless (qmark) "
                          "placeholders.",
                          i+1, name);
+                return;
              }
  
              if (PyTuple_CheckExact(parameters)) {
author	Erlend E. Aasland <erlend@python.org>
	Mon, 20 May 2024 13:44:42 +0000 (09:44 -0400)
committer	GitHub <noreply@github.com>
	Mon, 20 May 2024 13:44:42 +0000 (09:44 -0400)
Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst	[new file with mode: 0644]	patch \| blob
Modules/_sqlite/cursor.c		patch \| blob \| blame \| history