New submission from Erlend Egeberg Aasland <erlend.aasl...@innova.no>:
All but one of the PyTuple_SetItem() calls are executed without checking the
return value.
Callers:
$ grep -r PyTuple_SetItem Modules/_sqlite
Modules/_sqlite/connection.c: PyTuple_SetItem(args, i, cur_py_value);
Modules/_sqlite/cursor.c: PyTuple_SetItem(row, i, converted);
Modules/_sqlite/cursor.c: if (PyTuple_SetItem(func_args, 0,
Py_NewRef(operation)) != 0) {
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 0,
column_name);
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 1,
Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 2,
Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 3,
Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 4,
Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 5,
Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(descriptor, 6,
Py_NewRef(Py_None));
Modules/_sqlite/cursor.c: PyTuple_SetItem(self->description, i,
descriptor);
All of these are operating on newly created tuples, so I suggest replacing them
with PyTuple_SET_ITEM() instead of adding error handling.
For the users in _pysqlite_query_execute() I also suggest to move the tuple
creation closer to the code that fills it, in order to minimise the number of
decref's needed in case of error.
----------
components: Extension Modules
files: patch.diff
keywords: patch
messages: 391122
nosy: berker.peksag, erlendaasland, serhiy.storchaka
priority: normal
severity: normal
status: open
title: [sqlite3] Harden tuple creation
type: behavior
versions: Python 3.10
Added file: https://bugs.python.org/file49960/patch.diff
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue43852>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
