Skip to content

[3.13] gh-139283: correctly handle size limit in cursor.fetchmany() (GH-139296) #139444

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 3.13
Choose a base branch
from
Open

[3.13] gh-139283: correctly handle size limit in cursor.fetchmany() (GH-139296) #139444

wants to merge 1 commit into from

Conversation

picnixz
Copy link
Member

@picnixz picnixz commented Sep 30, 2025
edited by github-actions bot
Loading

Passing a negative or zero size to cursor.fetchmany() made it fetch all rows instead of none.

While this could be considered a security vulnerability, it was decided to treat this issue as a regular bug as passing a non-sanitized size value in the first place is not recommended.

(cherry picked from commit bc172ee)

📚 Documentation preview 📚: https://cpython-previews--139444.org.readthedocs.build/

This was referenced Sep 30, 2025
Open
Merged
@picnixz picnixz force-pushed the backport-bc172ee-3.13 branch 2 times, most recently from 2d89809 to beaff4c Compare September 30, 2025 09:30
@picnixz picnixz marked this pull request as ready for review September 30, 2025 09:31
@picnixz
Copy link
Member Author

picnixz commented Sep 30, 2025

I'm asking for a review because we don't have the uint32_t converter in 3.13.

@picnixz picnixz changed the title [3.13] gh-139283: correctly handle size limit in cursor.fetchmany(…) (GH-139296) [3.13] gh-139283: correctly handle size limit in cursor.fetchmany(...) (GH-139296) Sep 30, 2025
@picnixz picnixz changed the title [3.13] gh-139283: correctly handle size limit in cursor.fetchmany(...) (GH-139296) [3.13] gh-139283: correctly handle size limit in cursor.fetchmany() (GH-139296) Sep 30, 2025
@picnixz
Copy link
Member Author

picnixz commented Sep 30, 2025
edited
Loading

Oh. So conversion to negative value causes an OverflowError... and not a ValueError on 3.13. What to do. Should I prefer matching the exception type as I'm anyway manually converting or should I not?

EDIT: Considering the size_t converter actually raises a ValueError instead of an OverflowError, I'll manually handle this.

@picnixz picnixz force-pushed the backport-bc172ee-3.13 branch from beaff4c to 83c3917 Compare September 30, 2025 09:44
@picnixz
[3.13] pythongh-139283: correctly handle size limit in `cursor.fetc…
d9c2a1f 
…hmany()` (pythonGH-139296)

Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.

While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
(cherry picked from commit bc172ee)

Co-authored-by: Bénédikt Tran <[email protected]>
@picnixz picnixz force-pushed the backport-bc172ee-3.13 branch from 83c3917 to d9c2a1f Compare September 30, 2025 09:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ZeroIntensity ZeroIntensity Awaiting requested review from ZeroIntensity

@berkerpeksag berkerpeksag Awaiting requested review from berkerpeksag berkerpeksag is a code owner

@erlend-aasland erlend-aasland Awaiting requested review from erlend-aasland erlend-aasland is a code owner

Assignees
No one assigned
Labels
awaiting core review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@picnixz