commit 0aa6562913cabefa050fb6f4ab7b1289cde45286
author Serhiy Storchaka <storchaka@gmail.com> Thu Sep 11 13:27:19 2014 +0300
committer Serhiy Storchaka <storchaka@gmail.com> Thu Sep 11 13:27:19 2014 +0300
tree d5a22bfb7956d4e32dc23e014598642dd92111ea
parent 17c01785ee12331fb8cf782ded90a5eaed0b88e1

Issue #21147: sqlite3 now raises an exception if the request contains a null
character instead of truncate it.  Based on patch by Victor Stinner.

Modules/_sqlite/connection.c

diff --git a/Modules/_sqlite/connection.c b/Modules/_sqlite/connection.c
index 7a8a5a1..0ed196d 100644
--- a/Modules/_sqlite/connection.c
+++ b/Modules/_sqlite/connection.c
@@ -1215,7 +1215,8 @@
         if (rc == PYSQLITE_TOO_MUCH_SQL) {
             PyErr_SetString(pysqlite_Warning, "You can only execute one statement at a time.");
         } else if (rc == PYSQLITE_SQL_WRONG_TYPE) {
-            PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
+            if (!PyErr_Occurred() || PyErr_ExceptionMatches(PyExc_TypeError))
+                PyErr_SetString(pysqlite_Warning, "SQL is of wrong type. Must be string or unicode.");
         } else {
             (void)pysqlite_statement_reset(statement);
             _pysqlite_seterror(self->db, NULL);

Modules/_sqlite/statement.c

diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c
index 7a7a60f..edcebdd 100644
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@@ -74,12 +74,15 @@
         rc = PYSQLITE_SQL_WRONG_TYPE;
         return rc;
     }
+    sql_cstr = PyString_AsString(sql_str);
+    if (strlen(sql_cstr) != (size_t)PyString_GET_SIZE(sql_str)) {
+        PyErr_SetString(PyExc_ValueError, "the query contains a null character");
+        return PYSQLITE_SQL_WRONG_TYPE;
+    }
 
     self->in_weakreflist = NULL;
     self->sql = sql_str;
 
-    sql_cstr = PyString_AsString(sql_str);
-
     Py_BEGIN_ALLOW_THREADS
     rc = sqlite3_prepare(connection->db,
                          sql_cstr,