From: Erlend E. Aasland <erlend@python.org>
Date: Mon, 20 May 2024 13:44:42 +0000 (-0400)
Subject: gh-118928: sqlite3: correctly bail if sequences of params are used with named placeho... 
X-Git-Tag: v3.14.0a1~1868
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=af359cee75e4806650f2b9b948e398d89ceb9555;p=thirdparty%2FPython%2Fcpython.git

gh-118928: sqlite3: correctly bail if sequences of params are used with named placeholders (#119197)
---

diff --git a/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst b/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
new file mode 100644
index 000000000000..61b192761731
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-05-19-23-09-36.gh-issue-118928.SznMX1.rst
@@ -0,0 +1,2 @@
+Fix an error where incorrect bindings in :mod:`sqlite3` queries could lead
+to a crash. Patch by Erlend E. Aasland.
diff --git a/Modules/_sqlite/cursor.c b/Modules/_sqlite/cursor.c
index 5d4b77b1a07e..0fbd408f18cf 100644
--- a/Modules/_sqlite/cursor.c
+++ b/Modules/_sqlite/cursor.c
@@ -675,6 +675,7 @@ bind_parameters(pysqlite_state *state, pysqlite_Statement *self,
                         "supplied a sequence which requires nameless (qmark) "
                         "placeholders.",
                         i+1, name);
+                return;
             }
 
             if (PyTuple_CheckExact(parameters)) {