[Python-Dev] remaining issues from Klocwork static analysis (original) (raw)
Gerhard Häring gh at ghaering.de
Wed Jul 26 10:17:04 CEST 2006
- Previous message: [Python-Dev] remaining issues from Klocwork static analysis
- Next message: [Python-Dev] Strategy for converting the decimal module to C
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Martin v. Löwis wrote:
Neal Norwitz wrote:
# 61 Modules/sqlite/cursor.c:599 Null pointer may be dereferenced
Null pointer 'self->statement' that comes from line 674 may be dereferenced by passing argument 1 to function 'statementmarkdirty' at line 599. Looks like a problem. Maybe a break is missing after line 674?
The code is a bit complicated here, and admittedly not the nicest one, but I verified it and there is no problem here.
_query_execute() is designed to handle both executemany() and execute().
multiple is a local variable that is 1 if there is a set of tuples of SQL parameters (executemany) instead of a single tuple of SQL parameters (execute), in which case it's 0.
Before the while loop, the code makes sure that parameters_iter is an iterator that returns SQL parameter tuples. So if there is only a single parameter tuple, a temporary list is created an parameters_iter is an iterator over it.
So, if !multiple (referenced code in line 674), the while-loop will only be executed once, and in the second loop, the while-loop will exit because then the following code will break:
parameters = PyIter_Next(parameters_iter);
if (!parameters) {
break;
}Code in line 599 is thus not executed with self->statement = 0.
-- Gerhard
- Previous message: [Python-Dev] remaining issues from Klocwork static analysis
- Next message: [Python-Dev] Strategy for converting the decimal module to C
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]