diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c index 28932726b74257..57daa8f5a2243f 100644 --- a/Modules/_sqlite/connection.c +++ b/Modules/_sqlite/connection.c @@ -428,7 +428,7 @@ pysqlite_connection_commit_impl(pysqlite_Connection *self) if (!sqlite3_get_autocommit(self->db)) { Py_BEGIN_ALLOW_THREADS - rc = sqlite3_prepare_v2(self->db, "COMMIT", -1, &statement, NULL); + rc = sqlite3_prepare_v2(self->db, "COMMIT", 7, &statement, NULL); Py_END_ALLOW_THREADS if (rc != SQLITE_OK) { _pysqlite_seterror(self->db); @@ -478,7 +478,7 @@ pysqlite_connection_rollback_impl(pysqlite_Connection *self) pysqlite_do_all_statements(self, ACTION_RESET, 1); Py_BEGIN_ALLOW_THREADS - rc = sqlite3_prepare_v2(self->db, "ROLLBACK", -1, &statement, NULL); + rc = sqlite3_prepare_v2(self->db, "ROLLBACK", 9, &statement, NULL); Py_END_ALLOW_THREADS if (rc != SQLITE_OK) { _pysqlite_seterror(self->db); diff --git a/Modules/_sqlite/cursor.c b/Modules/_sqlite/cursor.c index b71f780a0b4dfd..30e29b2cd0f733 100644 --- a/Modules/_sqlite/cursor.c +++ b/Modules/_sqlite/cursor.c @@ -681,6 +681,7 @@ pysqlite_cursor_executescript(pysqlite_Cursor *self, PyObject *script_obj) const char* script_cstr; sqlite3_stmt* statement; int rc; + Py_ssize_t sql_len; PyObject* result; if (!check_cursor(self)) { @@ -690,10 +691,17 @@ pysqlite_cursor_executescript(pysqlite_Cursor *self, PyObject *script_obj) self->reset = 0; if (PyUnicode_Check(script_obj)) { - script_cstr = PyUnicode_AsUTF8(script_obj); + script_cstr = PyUnicode_AsUTF8AndSize(script_obj, &sql_len); if (!script_cstr) { return NULL; } + + int max_length = sqlite3_limit(self->connection->db, + SQLITE_LIMIT_LENGTH, -1); + if (sql_len >= max_length) { + PyErr_SetString(pysqlite_DataError, "query string is too large"); + return NULL; + } } else { PyErr_SetString(PyExc_ValueError, "script argument must be unicode."); return NULL; @@ -707,12 +715,14 @@ pysqlite_cursor_executescript(pysqlite_Cursor *self, PyObject *script_obj) Py_DECREF(result); while (1) { + const char *tail; + Py_BEGIN_ALLOW_THREADS rc = sqlite3_prepare_v2(self->connection->db, script_cstr, - -1, + (int)sql_len + 1, &statement, - &script_cstr); + &tail); Py_END_ALLOW_THREADS if (rc != SQLITE_OK) { _pysqlite_seterror(self->connection->db); @@ -740,9 +750,11 @@ pysqlite_cursor_executescript(pysqlite_Cursor *self, PyObject *script_obj) goto error; } - if (*script_cstr == (char)0) { + if (*tail == (char)0) { break; } + sql_len -= (tail - script_cstr); + script_cstr = tail; } error: diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c index 57026270e1eeb5..16db81a4440d9f 100644 --- a/Modules/_sqlite/statement.c +++ b/Modules/_sqlite/statement.c @@ -66,6 +66,12 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con rc = PYSQLITE_SQL_WRONG_TYPE; return rc; } + + int max_length = sqlite3_limit(connection->db, SQLITE_LIMIT_LENGTH, -1); + if (sql_cstr_len >= max_length) { + PyErr_SetString(pysqlite_DataError, "query string is too large"); + return PYSQLITE_TOO_MUCH_SQL; + } if (strlen(sql_cstr) != (size_t)sql_cstr_len) { PyErr_SetString(PyExc_ValueError, "the query contains a null character"); return PYSQLITE_SQL_WRONG_TYPE; @@ -96,7 +102,7 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con Py_BEGIN_ALLOW_THREADS rc = sqlite3_prepare_v2(connection->db, sql_cstr, - -1, + (int)sql_cstr_len + 1, &self->st, &tail); Py_END_ALLOW_THREADS