[New-bugs-announce] [issue41662] Bugs in binding parameters in sqlite3

Serhiy Storchaka report at bugs.python.org
Sat Aug 29 09:05:08 EDT 2020

New submission from Serhiy Storchaka <storchaka+cpython at gmail.com>:

There are few bugs in the code for binding parameters specified in the sqlite3 module:

1. If argument "parameters" is a list, PyList_GET_ITEM() is called in a loop, but the size of the list is read only once before loop. Since the list can be changed during iteration, it can cause reading past the end of the list.

2. If argument "parameters" is a custom sequence, all exceptions raised in __len__() (including KeybordInterrupt) are overridden by a ProgrammingError.

components: Extension Modules
messages: 376062
nosy: BTaskaya, ghaering, serhiy.storchaka
priority: normal
severity: normal
status: open
title: Bugs in binding parameters in sqlite3
type: behavior
versions: Python 3.10, Python 3.8, Python 3.9

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list