Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()

if pass invalid string-like object as a name.  Original patch by Xiang Zhang.

diff --git a/Misc/NEWS b/Misc/NEWS
index 7b4631a7c3512707f632811c2aebfdacb8138e8c..044241920d3b89b96f49bc07abd345c6b0ff000c 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -44,6 +44,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
+  if pass invalid string-like object as a name.  Original patch by Xiang Zhang.
+
 - Issue #1703178: Fix the ability to pass the --link-objects option to the
   distutils build_ext command.
 

diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index 24b39c159e8b5b2214b02628250790b6b2fff00a..e62e4d912131e73d931db8062485a17850b7b415 100644 (file)
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1476,16 +1476,18 @@ pysqlite_connection_create_collation(pysqlite_Connection* self, PyObject* args)
         goto finally;
     }
 
-    if (!PyArg_ParseTuple(args, "O!O:create_collation(name, callback)", &PyString_Type, &name, &callable)) {
+    if (!PyArg_ParseTuple(args, "SO:create_collation(name, callback)",
+                          &name, &callable)) {
         goto finally;
     }
 
-    uppercase_name = PyObject_CallMethod(name, "upper", "");
+    uppercase_name = PyObject_CallMethod((PyObject *)&PyString_Type,
+                                         "upper", "O", name);
     if (!uppercase_name) {
         goto finally;
     }
 
-    chk = PyString_AsString(uppercase_name);
+    chk = PyString_AS_STRING(uppercase_name);
     while (*chk) {
         if ((*chk >= '0' && *chk <= '9')
          || (*chk >= 'A' && *chk <= 'Z')