character instead of truncate it. Based on patch by Victor Stinner.
sqlite.connect, ":memory:", isolation_level=123)
+ def CheckNullCharacter(self):
+ # Issue #21147
+ con = sqlite.connect(":memory:")
+ self.assertRaises(ValueError, con, "\0select 1")
+ self.assertRaises(ValueError, con, "select 1\0")
+ cur = con.cursor()
+ self.assertRaises(ValueError, cur.execute, " \0select 2")
+ self.assertRaises(ValueError, cur.execute, "select 2\0")
+
+
def suite():
regression_suite = unittest.makeSuite(RegressionTests, "Check")
return unittest.TestSuite((regression_suite,))
Library
-------
+- Issue #21147: sqlite3 now raises an exception if the request contains a null
+ character instead of truncate it. Based on patch by Victor Stinner.
+
- Issue #21951: Fixed a crash in Tkinter on AIX when called Tcl command with
empty string or tuple argument.
if (rc == PYSQLITE_TOO_MUCH_SQL) {
PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time.");
} else if (rc == PYSQLITE_SQL_WRONG_TYPE) {
- PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
+ if (!PyErr_Occurred() || PyErr_ExceptionMatches(PyExc_TypeError))
+ PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
} else {
(void)pysqlite_statement_reset(statement);
_pysqlite_seterror(self->db, NULL);
rc = PYSQLITE_SQL_WRONG_TYPE;
return rc;
}
+ sql_cstr = PyString_AsString(sql_str);
+ if (strlen(sql_cstr) != (size_t)PyString_GET_SIZE(sql_str)) {
+ PyErr_SetString(PyExc_ValueError, "the query contains a null character");
+ return PYSQLITE_SQL_WRONG_TYPE;
+ }
self->in_weakreflist = NULL;
self->sql = sql_str;
- sql_cstr = PyString_AsString(sql_str);
-
Py_BEGIN_ALLOW_THREADS
rc = sqlite3_prepare(connection->db,
sql_cstr,
projects / python / commitdiff