HackBase/python-cx_Oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only allow up to 10,000 arguments -- any more than that likely wouldn't work

Browse Source 
anyway (or be reasonable) and this prevents a possible improper memory access
from taking place if an attempt was made to pass more than 10,000 arguments.
This commit is contained in:
Anthony Tuininga 2016-02-29 09:19:19 -07:00
parent d59bd1922b
commit 9c8cc1160b
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Cursor.c
View File

@ -1351,6 +1351,7 @@ static int Cursor_CallCalculateSize(
// assume up to 9 characters for each positional argument
// this allows up to four digits for the placeholder if the bind variale
// is a boolean value (prior to Oracle 12.1)
numPositionalArgs = 0;
if (listOfArguments) {
numPositionalArgs = PySequence_Size(listOfArguments);
if (numPositionalArgs < 0)
@ -1361,6 +1362,7 @@ static int Cursor_CallCalculateSize(
// assume up to 15 characters for each keyword argument
// this allows up to four digits for the placeholder if the bind variable
// is a boolean value (prior to Oracle 12.1)
numKeywordArgs = 0;
if (keywordArguments) {
numKeywordArgs = PyDict_Size(keywordArguments);
if (numKeywordArgs < 0)
@ -1368,6 +1370,14 @@ static int Cursor_CallCalculateSize(
*size += numKeywordArgs * 15;
}
// the above assume a maximum of 10,000 arguments; check and raise an
// error if the number of arguments exceeds this value; more than this
// number would probably be unusable in any case!
if (numPositionalArgs + numKeywordArgs > 10000) {
PyErr_SetString(g_InterfaceErrorException, "too many arguments");
return -1;
}
return 0;
}