From: Serhiy Storchaka Date: Sat, 1 Oct 2016 05:24:55 +0000 (+0300) Subject: Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() X-Git-Tag: v2.7.13rc1~97 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5170c16d2105ef5a1a049d2fd8a05439f6b47229;p=python Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() if pass invalid string-like object as a name. Original patch by Xiang Zhang. --- diff --git a/Misc/NEWS b/Misc/NEWS index 7b4631a7c3..044241920d 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -44,6 +44,9 @@ Core and Builtins Library ------- +- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() + if pass invalid string-like object as a name. Original patch by Xiang Zhang. + - Issue #1703178: Fix the ability to pass the --link-objects option to the distutils build_ext command. diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 24b39c159e..e62e4d9121 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -1476,16 +1476,18 @@ pysqlite_connection_create_collation(pysqlite_Connection* self, PyObject* args) goto finally; } - if (!PyArg_ParseTuple(args, "O!O:create_collation(name, callback)", &PyString_Type, &name, &callable)) { + if (!PyArg_ParseTuple(args, "SO:create_collation(name, callback)", + &name, &callable)) { goto finally; } - uppercase_name = PyObject_CallMethod(name, "upper", ""); + uppercase_name = PyObject_CallMethod((PyObject *)&PyString_Type, + "upper", "O", name); if (!uppercase_name) { goto finally; } - chk = PyString_AsString(uppercase_name); + chk = PyString_AS_STRING(uppercase_name); while (*chk) { if ((*chk >= '0' && *chk <= '9') || (*chk >= 'A' && *chk <= 'Z')