diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2013-02-07 16:59:34 +0200 |
|---|---|---|
| committer | Serhiy Storchaka <storchaka@gmail.com> | 2013-02-07 16:59:34 +0200 |
| commit | 35c52b687ffa044a0a5a1fe2ef477ce653d926b7 (patch) | |
| tree | 684d887a9f234d05af5126ebdd7c2137f0c0b51a /Modules/_sqlite/statement.c | |
| parent | d5327d95d2c345f384cc9d03be0d9c4e8773b277 (diff) | |
| download | cpython-git-35c52b687ffa044a0a5a1fe2ef477ce653d926b7.tar.gz | |
Issue #17073: Fix some integer overflows in sqlite3 module.
Diffstat (limited to 'Modules/_sqlite/statement.c')
| -rw-r--r-- | Modules/_sqlite/statement.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c index c777211f55..7a7a60fb71 100644 --- a/Modules/_sqlite/statement.c +++ b/Modules/_sqlite/statement.c @@ -26,6 +26,7 @@ #include "connection.h" #include "microprotocols.h" #include "prepare_protocol.h" +#include "util.h" #include "sqlitecompat.h" /* prototypes */ @@ -101,8 +102,6 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObject* parameter, int allow_8bit_chars) { int rc = SQLITE_OK; - long longval; - PY_LONG_LONG longlongval; const char* buffer; char* string; Py_ssize_t buflen; @@ -153,15 +152,19 @@ int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObjec } switch (paramtype) { - case TYPE_INT: - longval = PyInt_AsLong(parameter); - rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)longval); + case TYPE_INT: { + long longval = PyInt_AsLong(parameter); + rc = sqlite3_bind_int64(self->st, pos, longval); break; - case TYPE_LONG: - longlongval = PyLong_AsLongLong(parameter); - /* in the overflow error case, longlongval is -1, and an exception is set */ - rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)longlongval); + } + case TYPE_LONG: { + sqlite_int64 value = _pysqlite_long_as_int64(parameter); + if (value == -1 && PyErr_Occurred()) + rc = -1; + else + rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)value); break; + } case TYPE_FLOAT: rc = sqlite3_bind_double(self->st, pos, PyFloat_AsDouble(parameter)); break; @@ -198,7 +201,7 @@ static int _need_adapt(PyObject* obj) return 1; } - if (PyInt_CheckExact(obj) || PyLong_CheckExact(obj) + if (PyInt_CheckExact(obj) || PyLong_CheckExact(obj) || PyFloat_CheckExact(obj) || PyString_CheckExact(obj) || PyUnicode_CheckExact(obj) || PyBuffer_Check(obj)) { return 0; |