Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()

if pass invalid string-like object as a name.  Patch by Xiang Zhang.
This commit is contained in:
Serhiy Storchaka 2016-09-27 00:16:25 +03:00
commit 9204a20452
3 changed files with 29 additions and 2 deletions

View File

@ -25,6 +25,11 @@ import unittest
import sqlite3 as sqlite
class CollationTests(unittest.TestCase):
def CheckCreateCollationNotString(self):
con = sqlite.connect(":memory:")
with self.assertRaises(TypeError):
con.create_collation(None, lambda x, y: (x > y) - (x < y))
def CheckCreateCollationNotCallable(self):
con = sqlite.connect(":memory:")
with self.assertRaises(TypeError) as cm:
@ -36,6 +41,23 @@ class CollationTests(unittest.TestCase):
with self.assertRaises(sqlite.ProgrammingError):
con.create_collation("collä", lambda x, y: (x > y) - (x < y))
def CheckCreateCollationBadUpper(self):
class BadUpperStr(str):
def upper(self):
return None
con = sqlite.connect(":memory:")
mycoll = lambda x, y: -((x > y) - (x < y))
con.create_collation(BadUpperStr("mycoll"), mycoll)
result = con.execute("""
select x from (
select 'a' as x
union
select 'b' as x
) order by x collate mycoll
""").fetchall()
self.assertEqual(result[0][0], 'b')
self.assertEqual(result[1][0], 'a')
@unittest.skipIf(sqlite.sqlite_version_info < (3, 2, 1),
'old SQLite versions crash on this test')
def CheckCollationIsUsed(self):

View File

@ -47,6 +47,9 @@ Core and Builtins
Library
-------
- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
if pass invalid string-like object as a name. Patch by Xiang Zhang.
- Issue #18893: Fix invalid exception handling in Lib/ctypes/macholib/dyld.py.
Patch by Madison May.

View File

@ -1498,11 +1498,13 @@ pysqlite_connection_create_collation(pysqlite_Connection* self, PyObject* args)
goto finally;
}
if (!PyArg_ParseTuple(args, "O!O:create_collation(name, callback)", &PyUnicode_Type, &name, &callable)) {
if (!PyArg_ParseTuple(args, "UO:create_collation(name, callback)",
&name, &callable)) {
goto finally;
}
uppercase_name = _PyObject_CallMethodId(name, &PyId_upper, NULL);
uppercase_name = _PyObject_CallMethodIdObjArgs((PyObject *)&PyUnicode_Type,
&PyId_upper, name, NULL);
if (!uppercase_name) {
goto finally;
}