Issue #17073: Fix some integer overflows in sqlite3 module.
This commit is contained in:
commit
2efdc90b0f
|
@ -76,6 +76,25 @@ class CollationTests(unittest.TestCase):
|
|||
except sqlite.OperationalError as e:
|
||||
self.assertEqual(e.args[0].lower(), "no such collation sequence: mycoll")
|
||||
|
||||
def CheckCollationReturnsLargeInteger(self):
|
||||
def mycoll(x, y):
|
||||
# reverse order
|
||||
return -((x > y) - (x < y)) * 2**32
|
||||
con = sqlite.connect(":memory:")
|
||||
con.create_collation("mycoll", mycoll)
|
||||
sql = """
|
||||
select x from (
|
||||
select 'a' as x
|
||||
union
|
||||
select 'b' as x
|
||||
union
|
||||
select 'c' as x
|
||||
) order by x collate mycoll
|
||||
"""
|
||||
result = con.execute(sql).fetchall()
|
||||
self.assertEqual(result, [('c',), ('b',), ('a',)],
|
||||
msg="the expected order was not returned")
|
||||
|
||||
def CheckCollationRegisterTwice(self):
|
||||
"""
|
||||
Register two different collation functions under the same name.
|
||||
|
|
|
@ -375,14 +375,15 @@ class AggregateTests(unittest.TestCase):
|
|||
val = cur.fetchone()[0]
|
||||
self.assertEqual(val, 60)
|
||||
|
||||
def authorizer_cb(action, arg1, arg2, dbname, source):
|
||||
if action != sqlite.SQLITE_SELECT:
|
||||
return sqlite.SQLITE_DENY
|
||||
if arg2 == 'c2' or arg1 == 't2':
|
||||
return sqlite.SQLITE_DENY
|
||||
return sqlite.SQLITE_OK
|
||||
|
||||
class AuthorizerTests(unittest.TestCase):
|
||||
@staticmethod
|
||||
def authorizer_cb(action, arg1, arg2, dbname, source):
|
||||
if action != sqlite.SQLITE_SELECT:
|
||||
return sqlite.SQLITE_DENY
|
||||
if arg2 == 'c2' or arg1 == 't2':
|
||||
return sqlite.SQLITE_DENY
|
||||
return sqlite.SQLITE_OK
|
||||
|
||||
def setUp(self):
|
||||
self.con = sqlite.connect(":memory:")
|
||||
self.con.executescript("""
|
||||
|
@ -395,12 +396,12 @@ class AuthorizerTests(unittest.TestCase):
|
|||
# For our security test:
|
||||
self.con.execute("select c2 from t2")
|
||||
|
||||
self.con.set_authorizer(authorizer_cb)
|
||||
self.con.set_authorizer(self.authorizer_cb)
|
||||
|
||||
def tearDown(self):
|
||||
pass
|
||||
|
||||
def CheckTableAccess(self):
|
||||
def test_table_access(self):
|
||||
try:
|
||||
self.con.execute("select * from t2")
|
||||
except sqlite.DatabaseError as e:
|
||||
|
@ -409,7 +410,7 @@ class AuthorizerTests(unittest.TestCase):
|
|||
return
|
||||
self.fail("should have raised an exception due to missing privileges")
|
||||
|
||||
def CheckColumnAccess(self):
|
||||
def test_column_access(self):
|
||||
try:
|
||||
self.con.execute("select c2 from t1")
|
||||
except sqlite.DatabaseError as e:
|
||||
|
@ -418,11 +419,46 @@ class AuthorizerTests(unittest.TestCase):
|
|||
return
|
||||
self.fail("should have raised an exception due to missing privileges")
|
||||
|
||||
class AuthorizerRaiseExceptionTests(AuthorizerTests):
|
||||
@staticmethod
|
||||
def authorizer_cb(action, arg1, arg2, dbname, source):
|
||||
if action != sqlite.SQLITE_SELECT:
|
||||
raise ValueError
|
||||
if arg2 == 'c2' or arg1 == 't2':
|
||||
raise ValueError
|
||||
return sqlite.SQLITE_OK
|
||||
|
||||
class AuthorizerIllegalTypeTests(AuthorizerTests):
|
||||
@staticmethod
|
||||
def authorizer_cb(action, arg1, arg2, dbname, source):
|
||||
if action != sqlite.SQLITE_SELECT:
|
||||
return 0.0
|
||||
if arg2 == 'c2' or arg1 == 't2':
|
||||
return 0.0
|
||||
return sqlite.SQLITE_OK
|
||||
|
||||
class AuthorizerLargeIntegerTests(AuthorizerTests):
|
||||
@staticmethod
|
||||
def authorizer_cb(action, arg1, arg2, dbname, source):
|
||||
if action != sqlite.SQLITE_SELECT:
|
||||
return 2**32
|
||||
if arg2 == 'c2' or arg1 == 't2':
|
||||
return 2**32
|
||||
return sqlite.SQLITE_OK
|
||||
|
||||
|
||||
def suite():
|
||||
function_suite = unittest.makeSuite(FunctionTests, "Check")
|
||||
aggregate_suite = unittest.makeSuite(AggregateTests, "Check")
|
||||
authorizer_suite = unittest.makeSuite(AuthorizerTests, "Check")
|
||||
return unittest.TestSuite((function_suite, aggregate_suite, authorizer_suite))
|
||||
authorizer_suite = unittest.makeSuite(AuthorizerTests)
|
||||
return unittest.TestSuite((
|
||||
function_suite,
|
||||
aggregate_suite,
|
||||
authorizer_suite,
|
||||
unittest.makeSuite(AuthorizerRaiseExceptionTests),
|
||||
unittest.makeSuite(AuthorizerIllegalTypeTests),
|
||||
unittest.makeSuite(AuthorizerLargeIntegerTests),
|
||||
))
|
||||
|
||||
def test():
|
||||
runner = unittest.TextTestRunner()
|
||||
|
|
|
@ -166,6 +166,8 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #17073: Fix some integer overflows in sqlite3 module.
|
||||
|
||||
- Issue #17114: IDLE now uses non-strict config parser.
|
||||
|
||||
- Issue #16723: httplib.HTTPResponse no longer marked closed when the connection
|
||||
|
|
|
@ -482,32 +482,35 @@ error:
|
|||
}
|
||||
}
|
||||
|
||||
void _pysqlite_set_result(sqlite3_context* context, PyObject* py_val)
|
||||
static int
|
||||
_pysqlite_set_result(sqlite3_context* context, PyObject* py_val)
|
||||
{
|
||||
const char* buffer;
|
||||
Py_ssize_t buflen;
|
||||
|
||||
if ((!py_val) || PyErr_Occurred()) {
|
||||
sqlite3_result_null(context);
|
||||
} else if (py_val == Py_None) {
|
||||
if (py_val == Py_None) {
|
||||
sqlite3_result_null(context);
|
||||
} else if (PyLong_Check(py_val)) {
|
||||
sqlite3_result_int64(context, PyLong_AsLongLong(py_val));
|
||||
sqlite_int64 value = _pysqlite_long_as_int64(py_val);
|
||||
if (value == -1 && PyErr_Occurred())
|
||||
return -1;
|
||||
sqlite3_result_int64(context, value);
|
||||
} else if (PyFloat_Check(py_val)) {
|
||||
sqlite3_result_double(context, PyFloat_AsDouble(py_val));
|
||||
} else if (PyUnicode_Check(py_val)) {
|
||||
char *str = _PyUnicode_AsString(py_val);
|
||||
if (str != NULL)
|
||||
sqlite3_result_text(context, str, -1, SQLITE_TRANSIENT);
|
||||
const char *str = _PyUnicode_AsString(py_val);
|
||||
if (str == NULL)
|
||||
return -1;
|
||||
sqlite3_result_text(context, str, -1, SQLITE_TRANSIENT);
|
||||
} else if (PyObject_CheckBuffer(py_val)) {
|
||||
const char* buffer;
|
||||
Py_ssize_t buflen;
|
||||
if (PyObject_AsCharBuffer(py_val, &buffer, &buflen) != 0) {
|
||||
PyErr_SetString(PyExc_ValueError, "could not convert BLOB to buffer");
|
||||
} else {
|
||||
sqlite3_result_blob(context, buffer, buflen, SQLITE_TRANSIENT);
|
||||
return -1;
|
||||
}
|
||||
sqlite3_result_blob(context, buffer, buflen, SQLITE_TRANSIENT);
|
||||
} else {
|
||||
/* TODO: raise error */
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
PyObject* _pysqlite_build_py_params(sqlite3_context *context, int argc, sqlite3_value** argv)
|
||||
|
@ -528,7 +531,7 @@ PyObject* _pysqlite_build_py_params(sqlite3_context *context, int argc, sqlite3_
|
|||
cur_value = argv[i];
|
||||
switch (sqlite3_value_type(argv[i])) {
|
||||
case SQLITE_INTEGER:
|
||||
cur_py_value = PyLong_FromLongLong(sqlite3_value_int64(cur_value));
|
||||
cur_py_value = _pysqlite_long_from_int64(sqlite3_value_int64(cur_value));
|
||||
break;
|
||||
case SQLITE_FLOAT:
|
||||
cur_py_value = PyFloat_FromDouble(sqlite3_value_double(cur_value));
|
||||
|
@ -571,6 +574,7 @@ void _pysqlite_func_callback(sqlite3_context* context, int argc, sqlite3_value**
|
|||
PyObject* args;
|
||||
PyObject* py_func;
|
||||
PyObject* py_retval = NULL;
|
||||
int ok;
|
||||
|
||||
#ifdef WITH_THREAD
|
||||
PyGILState_STATE threadstate;
|
||||
|
@ -586,10 +590,12 @@ void _pysqlite_func_callback(sqlite3_context* context, int argc, sqlite3_value**
|
|||
Py_DECREF(args);
|
||||
}
|
||||
|
||||
ok = 0;
|
||||
if (py_retval) {
|
||||
_pysqlite_set_result(context, py_retval);
|
||||
ok = _pysqlite_set_result(context, py_retval) == 0;
|
||||
Py_DECREF(py_retval);
|
||||
} else {
|
||||
}
|
||||
if (!ok) {
|
||||
if (_enable_callback_tracebacks) {
|
||||
PyErr_Print();
|
||||
} else {
|
||||
|
@ -669,9 +675,10 @@ error:
|
|||
|
||||
void _pysqlite_final_callback(sqlite3_context* context)
|
||||
{
|
||||
PyObject* function_result = NULL;
|
||||
PyObject* function_result;
|
||||
PyObject** aggregate_instance;
|
||||
_Py_IDENTIFIER(finalize);
|
||||
int ok;
|
||||
|
||||
#ifdef WITH_THREAD
|
||||
PyGILState_STATE threadstate;
|
||||
|
@ -688,21 +695,23 @@ void _pysqlite_final_callback(sqlite3_context* context)
|
|||
}
|
||||
|
||||
function_result = _PyObject_CallMethodId(*aggregate_instance, &PyId_finalize, "");
|
||||
if (!function_result) {
|
||||
Py_DECREF(*aggregate_instance);
|
||||
|
||||
ok = 0;
|
||||
if (function_result) {
|
||||
ok = _pysqlite_set_result(context, function_result) == 0;
|
||||
Py_DECREF(function_result);
|
||||
}
|
||||
if (!ok) {
|
||||
if (_enable_callback_tracebacks) {
|
||||
PyErr_Print();
|
||||
} else {
|
||||
PyErr_Clear();
|
||||
}
|
||||
_sqlite3_result_error(context, "user-defined aggregate's 'finalize' method raised error", -1);
|
||||
} else {
|
||||
_pysqlite_set_result(context, function_result);
|
||||
}
|
||||
|
||||
error:
|
||||
Py_XDECREF(*aggregate_instance);
|
||||
Py_XDECREF(function_result);
|
||||
|
||||
#ifdef WITH_THREAD
|
||||
PyGILState_Release(threadstate);
|
||||
#endif
|
||||
|
@ -859,7 +868,9 @@ static int _authorizer_callback(void* user_arg, int action, const char* arg1, co
|
|||
rc = SQLITE_DENY;
|
||||
} else {
|
||||
if (PyLong_Check(ret)) {
|
||||
rc = (int)PyLong_AsLong(ret);
|
||||
rc = _PyLong_AsInt(ret);
|
||||
if (rc == -1 && PyErr_Occurred())
|
||||
rc = SQLITE_DENY;
|
||||
} else {
|
||||
rc = SQLITE_DENY;
|
||||
}
|
||||
|
@ -1327,6 +1338,7 @@ pysqlite_collation_callback(
|
|||
PyGILState_STATE gilstate;
|
||||
#endif
|
||||
PyObject* retval = NULL;
|
||||
long longval;
|
||||
int result = 0;
|
||||
#ifdef WITH_THREAD
|
||||
gilstate = PyGILState_Ensure();
|
||||
|
@ -1350,10 +1362,17 @@ pysqlite_collation_callback(
|
|||
goto finally;
|
||||
}
|
||||
|
||||
result = PyLong_AsLong(retval);
|
||||
if (PyErr_Occurred()) {
|
||||
longval = PyLong_AsLongAndOverflow(retval, &result);
|
||||
if (longval == -1 && PyErr_Occurred()) {
|
||||
PyErr_Clear();
|
||||
result = 0;
|
||||
}
|
||||
else if (!result) {
|
||||
if (longval > 0)
|
||||
result = 1;
|
||||
else if (longval < 0)
|
||||
result = -1;
|
||||
}
|
||||
|
||||
finally:
|
||||
Py_XDECREF(string1);
|
||||
|
|
|
@ -26,14 +26,6 @@
|
|||
#include "util.h"
|
||||
#include "sqlitecompat.h"
|
||||
|
||||
/* used to decide wether to call PyLong_FromLong or PyLong_FromLongLong */
|
||||
#ifndef INT32_MIN
|
||||
#define INT32_MIN (-2147483647 - 1)
|
||||
#endif
|
||||
#ifndef INT32_MAX
|
||||
#define INT32_MAX 2147483647
|
||||
#endif
|
||||
|
||||
PyObject* pysqlite_cursor_iternext(pysqlite_Cursor* self);
|
||||
|
||||
static char* errmsg_fetch_across_rollback = "Cursor needed to be reset because of commit/rollback and can no longer be fetched from.";
|
||||
|
@ -279,7 +271,6 @@ PyObject* _pysqlite_fetch_one_row(pysqlite_Cursor* self)
|
|||
PyObject* row;
|
||||
PyObject* item = NULL;
|
||||
int coltype;
|
||||
PY_LONG_LONG intval;
|
||||
PyObject* converter;
|
||||
PyObject* converted;
|
||||
Py_ssize_t nbytes;
|
||||
|
@ -339,12 +330,7 @@ PyObject* _pysqlite_fetch_one_row(pysqlite_Cursor* self)
|
|||
Py_INCREF(Py_None);
|
||||
converted = Py_None;
|
||||
} else if (coltype == SQLITE_INTEGER) {
|
||||
intval = sqlite3_column_int64(self->statement->st, i);
|
||||
if (intval < INT32_MIN || intval > INT32_MAX) {
|
||||
converted = PyLong_FromLongLong(intval);
|
||||
} else {
|
||||
converted = PyLong_FromLong((long)intval);
|
||||
}
|
||||
converted = _pysqlite_long_from_int64(sqlite3_column_int64(self->statement->st, i));
|
||||
} else if (coltype == SQLITE_FLOAT) {
|
||||
converted = PyFloat_FromDouble(sqlite3_column_double(self->statement->st, i));
|
||||
} else if (coltype == SQLITE_TEXT) {
|
||||
|
@ -446,7 +432,6 @@ PyObject* _pysqlite_query_execute(pysqlite_Cursor* self, int multiple, PyObject*
|
|||
PyObject* func_args;
|
||||
PyObject* result;
|
||||
int numcols;
|
||||
PY_LONG_LONG lastrowid;
|
||||
int statement_type;
|
||||
PyObject* descriptor;
|
||||
PyObject* second_argument = NULL;
|
||||
|
@ -716,10 +701,11 @@ PyObject* _pysqlite_query_execute(pysqlite_Cursor* self, int multiple, PyObject*
|
|||
|
||||
Py_DECREF(self->lastrowid);
|
||||
if (!multiple && statement_type == STATEMENT_INSERT) {
|
||||
sqlite3_int64 lastrowid;
|
||||
Py_BEGIN_ALLOW_THREADS
|
||||
lastrowid = sqlite3_last_insert_rowid(self->connection->db);
|
||||
Py_END_ALLOW_THREADS
|
||||
self->lastrowid = PyLong_FromLong((long)lastrowid);
|
||||
self->lastrowid = _pysqlite_long_from_int64(lastrowid);
|
||||
} else {
|
||||
Py_INCREF(Py_None);
|
||||
self->lastrowid = Py_None;
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#include "connection.h"
|
||||
#include "microprotocols.h"
|
||||
#include "prepare_protocol.h"
|
||||
#include "util.h"
|
||||
#include "sqlitecompat.h"
|
||||
|
||||
/* prototypes */
|
||||
|
@ -90,7 +91,6 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con
|
|||
int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObject* parameter)
|
||||
{
|
||||
int rc = SQLITE_OK;
|
||||
PY_LONG_LONG longlongval;
|
||||
const char* buffer;
|
||||
char* string;
|
||||
Py_ssize_t buflen;
|
||||
|
@ -120,11 +120,14 @@ int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObjec
|
|||
}
|
||||
|
||||
switch (paramtype) {
|
||||
case TYPE_LONG:
|
||||
/* in the overflow error case, longval/longlongval is -1, and an exception is set */
|
||||
longlongval = PyLong_AsLongLong(parameter);
|
||||
rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)longlongval);
|
||||
case TYPE_LONG: {
|
||||
sqlite_int64 value = _pysqlite_long_as_int64(parameter);
|
||||
if (value == -1 && PyErr_Occurred())
|
||||
rc = -1;
|
||||
else
|
||||
rc = sqlite3_bind_int64(self->st, pos, value);
|
||||
break;
|
||||
}
|
||||
case TYPE_FLOAT:
|
||||
rc = sqlite3_bind_double(self->st, pos, PyFloat_AsDouble(parameter));
|
||||
break;
|
||||
|
|
|
@ -104,3 +104,69 @@ int _pysqlite_seterror(sqlite3* db, sqlite3_stmt* st)
|
|||
return errorcode;
|
||||
}
|
||||
|
||||
#ifdef WORDS_BIGENDIAN
|
||||
# define IS_LITTLE_ENDIAN 0
|
||||
#else
|
||||
# define IS_LITTLE_ENDIAN 1
|
||||
#endif
|
||||
|
||||
PyObject *
|
||||
_pysqlite_long_from_int64(sqlite3_int64 value)
|
||||
{
|
||||
#ifdef HAVE_LONG_LONG
|
||||
# if SIZEOF_LONG_LONG < 8
|
||||
if (value > PY_LLONG_MAX || value < PY_LLONG_MIN) {
|
||||
return _PyLong_FromByteArray(&value, sizeof(value),
|
||||
IS_LITTLE_ENDIAN, 1 /* signed */);
|
||||
}
|
||||
# endif
|
||||
# if SIZEOF_LONG < SIZEOF_LONG_LONG
|
||||
if (value > LONG_MAX || value < LONG_MIN)
|
||||
return PyLong_FromLongLong(value);
|
||||
# endif
|
||||
#else
|
||||
# if SIZEOF_LONG < 8
|
||||
if (value > LONG_MAX || value < LONG_MIN) {
|
||||
return _PyLong_FromByteArray(&value, sizeof(value),
|
||||
IS_LITTLE_ENDIAN, 1 /* signed */);
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
return PyLong_FromLong(value);
|
||||
}
|
||||
|
||||
sqlite3_int64
|
||||
_pysqlite_long_as_int64(PyObject * py_val)
|
||||
{
|
||||
int overflow;
|
||||
#ifdef HAVE_LONG_LONG
|
||||
PY_LONG_LONG value = PyLong_AsLongLongAndOverflow(py_val, &overflow);
|
||||
#else
|
||||
long value = PyLong_AsLongAndOverflow(py_val, &overflow);
|
||||
#endif
|
||||
if (value == -1 && PyErr_Occurred())
|
||||
return -1;
|
||||
if (!overflow) {
|
||||
#ifdef HAVE_LONG_LONG
|
||||
# if SIZEOF_LONG_LONG > 8
|
||||
if (-0x8000000000000000LL <= value && value <= 0x7FFFFFFFFFFFFFFFLL)
|
||||
# endif
|
||||
#else
|
||||
# if SIZEOF_LONG > 8
|
||||
if (-0x8000000000000000L <= value && value <= 0x7FFFFFFFFFFFFFFFL)
|
||||
# endif
|
||||
#endif
|
||||
return value;
|
||||
}
|
||||
else if (sizeof(value) < sizeof(sqlite3_int64)) {
|
||||
sqlite3_int64 int64val;
|
||||
if (_PyLong_AsByteArray((PyLongObject *)py_val,
|
||||
(unsigned char *)&int64val, sizeof(int64val),
|
||||
IS_LITTLE_ENDIAN, 1 /* signed */) >= 0) {
|
||||
return int64val;
|
||||
}
|
||||
}
|
||||
PyErr_SetString(PyExc_OverflowError,
|
||||
"Python int too large to convert to SQLite INTEGER");
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -35,4 +35,8 @@ int pysqlite_step(sqlite3_stmt* statement, pysqlite_Connection* connection);
|
|||
* Returns the error code (0 means no error occurred).
|
||||
*/
|
||||
int _pysqlite_seterror(sqlite3* db, sqlite3_stmt* st);
|
||||
|
||||
PyObject * _pysqlite_long_from_int64(sqlite3_int64 value);
|
||||
sqlite3_int64 _pysqlite_long_as_int64(PyObject * value);
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue