diff --git a/Lib/sqlite3/test/hooks.py b/Lib/sqlite3/test/hooks.py index cafff932b4d..f8ef4d88f37 100644 --- a/Lib/sqlite3/test/hooks.py +++ b/Lib/sqlite3/test/hooks.py @@ -25,6 +25,11 @@ import unittest import sqlite3 as sqlite class CollationTests(unittest.TestCase): + def CheckCreateCollationNotString(self): + con = sqlite.connect(":memory:") + with self.assertRaises(TypeError): + con.create_collation(None, lambda x, y: (x > y) - (x < y)) + def CheckCreateCollationNotCallable(self): con = sqlite.connect(":memory:") with self.assertRaises(TypeError) as cm: @@ -36,6 +41,23 @@ class CollationTests(unittest.TestCase): with self.assertRaises(sqlite.ProgrammingError): con.create_collation("collä", lambda x, y: (x > y) - (x < y)) + def CheckCreateCollationBadUpper(self): + class BadUpperStr(str): + def upper(self): + return None + con = sqlite.connect(":memory:") + mycoll = lambda x, y: -((x > y) - (x < y)) + con.create_collation(BadUpperStr("mycoll"), mycoll) + result = con.execute(""" + select x from ( + select 'a' as x + union + select 'b' as x + ) order by x collate mycoll + """).fetchall() + self.assertEqual(result[0][0], 'b') + self.assertEqual(result[1][0], 'a') + @unittest.skipIf(sqlite.sqlite_version_info < (3, 2, 1), 'old SQLite versions crash on this test') def CheckCollationIsUsed(self): diff --git a/Misc/NEWS b/Misc/NEWS index 224f5f6ab18..40f63078ec4 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -47,6 +47,9 @@ Core and Builtins Library ------- +- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() + if pass invalid string-like object as a name. Patch by Xiang Zhang. + - Issue #18893: Fix invalid exception handling in Lib/ctypes/macholib/dyld.py. Patch by Madison May. diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index d29fafe3fa5..62102275b9d 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -1498,11 +1498,13 @@ pysqlite_connection_create_collation(pysqlite_Connection* self, PyObject* args) goto finally; } - if (!PyArg_ParseTuple(args, "O!O:create_collation(name, callback)", &PyUnicode_Type, &name, &callable)) { + if (!PyArg_ParseTuple(args, "UO:create_collation(name, callback)", + &name, &callable)) { goto finally; } - uppercase_name = _PyObject_CallMethodId(name, &PyId_upper, NULL); + uppercase_name = _PyObject_CallMethodIdObjArgs((PyObject *)&PyUnicode_Type, + &PyId_upper, name, NULL); if (!uppercase_name) { goto finally; }