Skip to content

gh-143198: fix some crashes in sqlite3.executemany with concurrent mutations #143210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
picnixz wants to merge 14 commits into
base: main
Choose a base branch
from
Open

gh-143198: fix some crashes in sqlite3.executemany with concurrent mutations #143210

picnixz wants to merge 14 commits into from
+339 −144

Conversation

@picnixz
Copy link
Member

@picnixz picnixz commented Dec 27, 2025
edited
Loading

FTR, the reason why execute is actually not affected is that the iterator we are taking is built from a list we create ourselves so it's not possible to have "bad" side effects.

@bedevere-app bedevere-app bot mentioned this pull request Dec 27, 2025
Open
@picnixz picnixz added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Dec 27, 2025
@picnixz picnixz changed the title gh-143198: fix SIGSEGV in sqlite3.execute[many] with re-entrant parameter iterator gh-143198: fix SIGSEGV in sqlite3.execute[many] with concurrent mutations Dec 27, 2025
@picnixz picnixz marked this pull request as draft December 27, 2025 15:19
@picnixz picnixz changed the title gh-143198: fix SIGSEGV in sqlite3.execute[many] with concurrent mutations gh-143198: fix SIGSEGV in sqlite3.executemany with concurrent mutations Dec 27, 2025
@picnixz picnixz marked this pull request as ready for review December 27, 2025 16:42
picnixz
picnixz commented Dec 27, 2025
View reviewed changes
picnixz
picnixz commented Dec 27, 2025
View reviewed changes
@picnixz
Copy link
Member Author

picnixz commented Dec 29, 2025

There were more UAFs that I could find...

@picnixz picnixz changed the title gh-143198: fix SIGSEGV in sqlite3.executemany with concurrent mutations gh-143198: fix some crashes in sqlite3.executemany with concurrent mutations Dec 29, 2025
serhiy-storchaka
serhiy-storchaka reviewed Dec 29, 2025
View reviewed changes
serhiy-storchaka
serhiy-storchaka reviewed Dec 29, 2025
View reviewed changes
@picnixz
Copy link
Member Author

picnixz commented Dec 29, 2025

@serhiy-storchaka So the split went well but... it's now a larger code =/ I also changed some variable names since we're talking about parameters everywhere but it's more arguments in this case or values. I can revert the change if you want (I'll make a commit for reverting and then we can decide whether to keep the revert or not) but I wanted to show you how it would be if the implementations are separate.

@picnixz
Copy link
Member Author

picnixz commented Dec 29, 2025

I feel that there are a lot of tests that are really looking-alike. It's kinda annoying to have redundancy... and it won't get any better with the other PRs for sqlite where we I need to test the callbacks.

@serhiy-storchaka
Copy link
Member

serhiy-storchaka commented Dec 30, 2025
edited
Loading

I also changed some variable names since we're talking about parameters everywhere but it's more arguments in this case or values.

I understand you, the term "parameter" is used here in different meaning from what we used to. But this makes the diff unnecessary large and makes harder to follow semantic changes. Can we leave this to a separate PR?

@picnixz
Copy link
Member Author

picnixz commented Dec 30, 2025

Ok, I'll revert the naming changes and all other styling stuff. And then I'll address it separately.

picnixz
picnixz commented Dec 30, 2025
View reviewed changes
Lib/test/test_sqlite3/test_dbapi.py
self.assertEqual(result[0][0], 3, "Basic test of Connection.executemany")
self.assertEqual(result[1][0], 4, "Basic test of Connection.executemany")

@subTests("params_class", (ParamsCxCloseInIterMany, ParamsCxCloseInNext))
Copy link
Member Author

@picnixz picnixz Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should probably name this "params_factory"

picnixz
picnixz commented Dec 30, 2025
View reviewed changes
Lib/test/test_sqlite3/test_dbapi.py
cx.executemany("insert into tmp(a) values (?)", params_class(cx))

@subTests(("j", "n"), ([0, 1], [0, 3], [1, 3], [2, 3]))
@subTests("wtype", (list, lambda x: x))
Copy link
Member Author

@picnixz picnixz Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll use a better name here, as document what "j" and "n" are (they are just here to control when we close the connection)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomasr8 tomasr8 tomasr8 approved these changes

@berkerpeksag berkerpeksag Awaiting requested review from berkerpeksag berkerpeksag is a code owner

@erlend-aasland erlend-aasland Awaiting requested review from erlend-aasland erlend-aasland is a code owner

@serhiy-storchaka serhiy-storchaka Awaiting requested review from serhiy-storchaka

Assignees

No one assigned

Labels

awaiting merge needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@picnixz @serhiy-storchaka @tomasr8