From 5170c16d2105ef5a1a049d2fd8a05439f6b47229 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Sat, 1 Oct 2016 08:24:55 +0300 Subject: [PATCH] Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() if pass invalid string-like object as a name. Original patch by Xiang Zhang. --- Misc/NEWS | 3 +++ Modules/_sqlite/connection.c | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Misc/NEWS b/Misc/NEWS index 7b4631a7c3..044241920d 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -44,6 +44,9 @@ Core and Builtins Library ------- +- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() + if pass invalid string-like object as a name. Original patch by Xiang Zhang. + - Issue #1703178: Fix the ability to pass the --link-objects option to the distutils build_ext command. diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 24b39c159e..e62e4d9121 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -1476,16 +1476,18 @@ pysqlite_connection_create_collation(pysqlite_Connection* self, PyObject* args) goto finally; } - if (!PyArg_ParseTuple(args, "O!O:create_collation(name, callback)", &PyString_Type, &name, &callable)) { + if (!PyArg_ParseTuple(args, "SO:create_collation(name, callback)", + &name, &callable)) { goto finally; } - uppercase_name = PyObject_CallMethod(name, "upper", ""); + uppercase_name = PyObject_CallMethod((PyObject *)&PyString_Type, + "upper", "O", name); if (!uppercase_name) { goto finally; } - chk = PyString_AsString(uppercase_name); + chk = PyString_AS_STRING(uppercase_name); while (*chk) { if ((*chk >= '0' && *chk <= '9') || (*chk >= 'A' && *chk <= 'Z') -- 2.50.1