bpo-31764: Prevent a crash in sqlite3.Cursor.close() in case the Cursor object is uninitialized by orenmn · Pull Request #3958 · python/cpython
I wonder whether we should add self->initialized = 0; after the call to PyArg_ParseTuple() in pysqlite_cursor_init(). (At least test_sqlite passes when i add this change.)
This would make sure that a Cursor object wouldn't be partially initialized while self->initialized == 1 .
However, i don't know how to produce code that would create a partially initialized Cursor object such that using it would cause problems.
|
|
||
| PyObject* pysqlite_cursor_close(pysqlite_Cursor* self, PyObject* args) | ||
| { | ||
| if (self->connection == NULL) { |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style nit: I think !foo is more common than foo == NULL in sqlite3 codebase. It would be nice to keep styling consistent within the module.
| @@ -0,0 +1,2 @@ | |||
| Prevent a crash in `sqlite3.Cursor.close()` in case the `Cursor` object is | |||
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use double backticks (``). I tried to explain why single backticks shouldn't be used at #3925 (comment)
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I wasn't aware of that example in the devguide. I will update it, thanks!
| cur = Cursor(con) | ||
| with self.assertRaises(sqlite.ProgrammingError): | ||
| cur.execute("select 4+5").fetchall() | ||
| self.assertRaises(sqlite.ProgrammingError, cur.close) |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ProgrammingError is raised by a lot of things so I wonder if we should add a test for the exception message to make it more future-proof.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All right. Should i also change the assertRaises() that was already in CheckCursorConstructorCallCheck()?
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd say let's do it only for new additions to the test.
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.
Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.
However, i don't know how to produce code that would create a partially initialized Cursor object such that using it would cause problems.
I agree with you. There is no need to add additional code for hypothetical use cases. We can change it later if we find a way to create a partially initialized Cursor object.
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request
