diff options
| author | Erlend E. Aasland <erlend@python.org> | 2025-02-11 08:26:01 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-11 08:26:01 +0100 |
| commit | 3a2e7aacf6f414bbbedaf072e7cb1b48e3d402fa (patch) | |
| tree | ef0e05f896a780e54de37b21ac34cccba61ae9c9 | |
| parent | 0dbe543d70d7f014d4c1e0308f04c1d91bd815ca (diff) | |
| download | cpython-3a2e7aacf6f414bbbedaf072e7cb1b48e3d402fa.tar.gz cpython-3a2e7aacf6f414bbbedaf072e7cb1b48e3d402fa.zip | |
gh-129928: Raise more accurate exception for incorrect sqlite3 UDF creation (#129941)
Consistently raise ProgrammingError if the user tries to create an UDF
with an invalid number of parameters.
| -rw-r--r-- | Lib/test/test_sqlite3/test_userfunctions.py | 9 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2025-02-10-08-44-11.gh-issue-129928.QuiZEz.rst | 2 | ||||
| -rw-r--r-- | Modules/_sqlite/connection.c | 24 |
3 files changed, 29 insertions, 6 deletions
diff --git a/Lib/test/test_sqlite3/test_userfunctions.py b/Lib/test/test_sqlite3/test_userfunctions.py index 5bb2eff55eb..3abc43a3b1a 100644 --- a/Lib/test/test_sqlite3/test_userfunctions.py +++ b/Lib/test/test_sqlite3/test_userfunctions.py @@ -171,7 +171,7 @@ class FunctionTests(unittest.TestCase): self.con.close() def test_func_error_on_create(self): - with self.assertRaises(sqlite.OperationalError): + with self.assertRaisesRegex(sqlite.ProgrammingError, "not -100"): self.con.create_function("bla", -100, lambda x: 2*x) def test_func_too_many_args(self): @@ -507,9 +507,8 @@ class WindowFunctionTests(unittest.TestCase): self.assertEqual(self.cur.fetchall(), self.expected) def test_win_error_on_create(self): - self.assertRaises(sqlite.ProgrammingError, - self.con.create_window_function, - "shouldfail", -100, WindowSumInt) + with self.assertRaisesRegex(sqlite.ProgrammingError, "not -100"): + self.con.create_window_function("shouldfail", -100, WindowSumInt) @with_tracebacks(BadWindow) def test_win_exception_in_method(self): @@ -638,7 +637,7 @@ class AggregateTests(unittest.TestCase): self.con.close() def test_aggr_error_on_create(self): - with self.assertRaises(sqlite.OperationalError): + with self.assertRaisesRegex(sqlite.ProgrammingError, "not -100"): self.con.create_function("bla", -100, AggrSum) @with_tracebacks(AttributeError, msg_regex="AggrNoStep") diff --git a/Misc/NEWS.d/next/Library/2025-02-10-08-44-11.gh-issue-129928.QuiZEz.rst b/Misc/NEWS.d/next/Library/2025-02-10-08-44-11.gh-issue-129928.QuiZEz.rst new file mode 100644 index 00000000000..9c24eb3992c --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-02-10-08-44-11.gh-issue-129928.QuiZEz.rst @@ -0,0 +1,2 @@ +Raise :exc:`sqlite3.ProgrammingError` if a user-defined SQL function with +invalid number of parameters is created. Patch by Erlend Aasland. diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 16afd7eada1..a4191dd0a1c 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -1139,6 +1139,20 @@ destructor_callback(void *ctx) } } +static int +check_num_params(pysqlite_Connection *self, const int n, const char *name) +{ + int limit = sqlite3_limit(self->db, SQLITE_LIMIT_FUNCTION_ARG, -1); + assert(limit >= 0); + if (n < -1 || n > limit) { + PyErr_Format(self->ProgrammingError, + "'%s' must be between -1 and %d, not %d", + name, limit, n); + return -1; + } + return 0; +} + /*[clinic input] _sqlite3.Connection.create_function as pysqlite_connection_create_function @@ -1167,6 +1181,9 @@ pysqlite_connection_create_function_impl(pysqlite_Connection *self, if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) { return NULL; } + if (check_num_params(self, narg, "narg") < 0) { + return NULL; + } if (deterministic) { flags |= SQLITE_DETERMINISTIC; @@ -1307,10 +1324,12 @@ create_window_function_impl(pysqlite_Connection *self, PyTypeObject *cls, "SQLite 3.25.0 or higher"); return NULL; } - if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) { return NULL; } + if (check_num_params(self, num_params, "num_params") < 0) { + return NULL; + } int flags = SQLITE_UTF8; int rc; @@ -1367,6 +1386,9 @@ pysqlite_connection_create_aggregate_impl(pysqlite_Connection *self, if (!pysqlite_check_thread(self) || !pysqlite_check_connection(self)) { return NULL; } + if (check_num_params(self, n_arg, "n_arg") < 0) { + return NULL; + } callback_context *ctx = create_callback_context(cls, aggregate_class); if (ctx == NULL) { |