aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/Modules/_sqlite/statement.c
diff options
context:
space:
mode:
Diffstat (limited to 'Modules/_sqlite/statement.c')
-rw-r--r--Modules/_sqlite/statement.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c
index 3a18ad8331f..c4a790c424e 100644
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@@ -66,6 +66,12 @@ pysqlite_statement_create(pysqlite_Connection *connection, PyObject *sql)
Py_TYPE(sql)->tp_name);
return NULL;
}
+
+ int max_length = sqlite3_limit(connection->db, SQLITE_LIMIT_LENGTH, -1);
+ if (sql_cstr_len >= max_length) {
+ PyErr_SetString(pysqlite_DataError, "query string is too large");
+ return PYSQLITE_TOO_MUCH_SQL;
+ }
if (strlen(sql_cstr) != (size_t)sql_cstr_len) {
PyErr_SetString(PyExc_ValueError,
"the query contains a null character");
@@ -106,7 +112,7 @@ pysqlite_statement_create(pysqlite_Connection *connection, PyObject *sql)
Py_BEGIN_ALLOW_THREADS
rc = sqlite3_prepare_v2(self->db,
sql_cstr,
- -1,
+ (int)sql_cstr_len + 1,
&self->st,
&tail);
Py_END_ALLOW_THREADS
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-18 04:07:36 +0000