Issue #17073: Fix some integer overflows in sqlite3 module.
diff --git a/Modules/_sqlite/statement.c b/Modules/_sqlite/statement.c
index c777211..7a7a60f 100644
--- a/Modules/_sqlite/statement.c
+++ b/Modules/_sqlite/statement.c
@@ -26,6 +26,7 @@
#include "connection.h"
#include "microprotocols.h"
#include "prepare_protocol.h"
+#include "util.h"
#include "sqlitecompat.h"
/* prototypes */
@@ -101,8 +102,6 @@
int pysqlite_statement_bind_parameter(pysqlite_Statement* self, int pos, PyObject* parameter, int allow_8bit_chars)
{
int rc = SQLITE_OK;
- long longval;
- PY_LONG_LONG longlongval;
const char* buffer;
char* string;
Py_ssize_t buflen;
@@ -153,15 +152,19 @@
}
switch (paramtype) {
- case TYPE_INT:
- longval = PyInt_AsLong(parameter);
- rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)longval);
+ case TYPE_INT: {
+ long longval = PyInt_AsLong(parameter);
+ rc = sqlite3_bind_int64(self->st, pos, longval);
break;
- case TYPE_LONG:
- longlongval = PyLong_AsLongLong(parameter);
- /* in the overflow error case, longlongval is -1, and an exception is set */
- rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)longlongval);
+ }
+ case TYPE_LONG: {
+ sqlite_int64 value = _pysqlite_long_as_int64(parameter);
+ if (value == -1 && PyErr_Occurred())
+ rc = -1;
+ else
+ rc = sqlite3_bind_int64(self->st, pos, (sqlite_int64)value);
break;
+ }
case TYPE_FLOAT:
rc = sqlite3_bind_double(self->st, pos, PyFloat_AsDouble(parameter));
break;
@@ -198,7 +201,7 @@
return 1;
}
- if (PyInt_CheckExact(obj) || PyLong_CheckExact(obj)
+ if (PyInt_CheckExact(obj) || PyLong_CheckExact(obj)
|| PyFloat_CheckExact(obj) || PyString_CheckExact(obj)
|| PyUnicode_CheckExact(obj) || PyBuffer_Check(obj)) {
return 0;