1 files changed, 21 insertions, 12 deletions

diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c
index 471a0676a8..66b4a52565 100644
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@@ -27,7 +27,6 @@
 #include "microprotocols.h"
 #include "prepare_protocol.h"
 #include "util.h"
-#include "sqlitecompat.h"
 
 /* prototypes */
 static int pysqlite_check_remaining_sql(const char* tail);
@@ -133,18 +132,26 @@ int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObjec
             break;
         case TYPE_UNICODE:
             string = _PyUnicode_AsStringAndSize(parameter, &buflen);
-            if (string != NULL)
-                rc = sqlite3_bind_text(self->st, pos, string, buflen, SQLITE_TRANSIENT);
-            else
-                rc = -1;
+            if (string == NULL)
+                return -1;
+            if (buflen > INT_MAX) {
+                PyErr_SetString(PyExc_OverflowError,
+                                "string longer than INT_MAX bytes");
+                return -1;
+            }
+            rc = sqlite3_bind_text(self->st, pos, string, (int)buflen, SQLITE_TRANSIENT);
             break;
         case TYPE_BUFFER:
-            if (PyObject_AsCharBuffer(parameter, &buffer, &buflen) == 0) {
-                rc = sqlite3_bind_blob(self->st, pos, buffer, buflen, SQLITE_TRANSIENT);
-            } else {
+            if (PyObject_AsCharBuffer(parameter, &buffer, &buflen) != 0) {
                 PyErr_SetString(PyExc_ValueError, "could not convert BLOB to buffer");
-                rc = -1;
+                return -1;
+            }
+            if (buflen > INT_MAX) {
+                PyErr_SetString(PyExc_OverflowError,
+                                "BLOB longer than INT_MAX bytes");
+                return -1;
             }
+            rc = sqlite3_bind_blob(self->st, pos, buffer, buflen, SQLITE_TRANSIENT);
             break;
         case TYPE_UNKNOWN:
             rc = -1;
@@ -177,7 +184,7 @@ void pysqlite_statement_bind_parameters(pysqlite_Statement* self, PyObject* para
     int i;
     int rc;
     int num_params_needed;
-    int num_params;
+    Py_ssize_t num_params;
 
     Py_BEGIN_ALLOW_THREADS
     num_params_needed = sqlite3_bind_parameter_count(self->st);
@@ -193,7 +200,9 @@ void pysqlite_statement_bind_parameters(pysqlite_Statement* self, PyObject* para
             num_params = PySequence_Size(parameters);
         }
         if (num_params != num_params_needed) {
-            PyErr_Format(pysqlite_ProgrammingError, "Incorrect number of bindings supplied. The current statement uses %d, and there are %d supplied.",
+            PyErr_Format(pysqlite_ProgrammingError,
+                         "Incorrect number of bindings supplied. The current "
+                         "statement uses %d, and there are %zd supplied.",
                          num_params_needed, num_params);
             return;
         }
@@ -249,7 +258,7 @@ void pysqlite_statement_bind_parameters(pysqlite_Statement* self, PyObject* para
                 current_param = PyDict_GetItemString(parameters, binding_name);
                 Py_XINCREF(current_param);
             } else {
-                current_param = PyMapping_GetItemString(parameters, (char*)binding_name);
+                current_param = PyMapping_GetItemString(parameters, binding_name);
             }
             if (!current_param) {
                 PyErr_Format(pysqlite_ProgrammingError, "You did not supply a value for binding %d.", i);