[issue44165] [sqlite3] sqlite3_prepare_v2 micro optimisation: pass string size
Erlend E. Aasland
report at bugs.python.org
Wed May 19 17:42:45 EDT 2021
Erlend E. Aasland <erlend.aasland at innova.no> added the comment:
Regarding the maximum length of an SQL string, quoting from https://sqlite.org/limits.html:
"The current implementation will only support a string or BLOB length up to 2^31-1 or 2147483647. And some built-in functions such as hex() might fail well before that point. In security-sensitive applications it is best not to try to increase the maximum string and blob length. In fact, you might do well to lower the maximum string and blob length to something more in the range of a few million if that is possible."
The size returned from functions such as PyUnicode_AsUTF8AndSize is Py_ssize_t. I suggest checking the passed SQL string size and raising OverflowError if the SQL string is larger than SQLITE_MAX_LENGTH.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44165>
_______________________________________
More information about the Python-bugs-list
mailing list