Issue #21147: sqlite3 now raises an exception if the request contains a null

character instead of truncate it. Based on patch by Victor Stinner.
2026-01-06 15:32:22 +00:00 · 2014-09-11 13:30:48 +03:00 · 2014-09-11 13:30:48 +03:00 · 2c16df269a
commit 2c16df269a
parent c2edcdd194 42d67af87f
4 changed files with 19 additions and 1 deletions
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@ -1261,7 +1261,8 @@ PyObject* pysqlite_connection_call(pysqlite_Connection* self, PyObject* args, Py
        if (rc == PYSQLITE_TOO_MUCH_SQL) {
            PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time.");
        } else if (rc == PYSQLITE_SQL_WRONG_TYPE) {
-            PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
+            if (PyErr_ExceptionMatches(PyExc_TypeError))
+                PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string.");
        } else {
            (void)pysqlite_statement_reset(statement);
            _pysqlite_seterror(self->db, NULL);
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@ -63,6 +63,10 @@ int pysqlite_statement_create(pysqlite_Statement* self, pysqlite_Connection* con
        rc = PYSQLITE_SQL_WRONG_TYPE;
        return rc;
    }
+    if (strlen(sql_cstr) != (size_t)sql_cstr_len) {
+        PyErr_SetString(PyExc_ValueError, "the query contains a null character");
+        return PYSQLITE_SQL_WRONG_TYPE;
+    }

    self->in_weakreflist = NULL;
    Py_INCREF(sql);