bpo-31764: Prevent a crash in sqlite3.Cursor.close() in case the Cursor object is uninitialized by orenmn · Pull Request #3958 · python/cpython (original) (raw)

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Conversation13 Commits4 Checks0 Files changed

Conversation

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})

I wonder whether we should add self->initialized = 0; after the call to PyArg_ParseTuple() in pysqlite_cursor_init(). (At least test_sqlite passes when i add this change.)
This would make sure that a Cursor object wouldn't be partially initialized while self->initialized == 1 .

However, i don't know how to produce code that would create a partially initialized Cursor object such that using it would cause problems.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style nit: I think !foo is more common than foo == NULL in sqlite3 codebase. It would be nice to keep styling consistent within the module.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use double backticks (``). I tried to explain why single backticks shouldn't be used at #3925 (comment)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I wasn't aware of that example in the devguide. I will update it, thanks!

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ProgrammingError is raised by a lot of things so I wonder if we should add a test for the exception message to make it more future-proof.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All right. Should i also change the assertRaises() that was already in CheckCursorConstructorCallCheck()?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say let's do it only for new additions to the test.

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

However, i don't know how to produce code that would create a partially initialized Cursor object such that using it would cause problems.

I agree with you. There is no need to add additional code for hypothetical use cases. We can change it later if we find a way to create a partially initialized Cursor object.

Thanks @orenmn for the PR, and @Haypo for merging it 🌮🎉.. I'm working now to backport this PR to: 3.6.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request

Nov 7, 2017

vstinner pushed a commit that referenced this pull request

Nov 7, 2017

embray pushed a commit to embray/cpython that referenced this pull request

Nov 9, 2017