Skip to content

[3.14] gh-139283: correctly handle size limit in cursor.fetchmany() (GH-139296) #139441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 3.14
Choose a base branch
from
Open

[3.14] gh-139283: correctly handle size limit in cursor.fetchmany() (GH-139296) #139441

wants to merge 1 commit into from
+134 −19

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Sep 30, 2025
edited by github-actions bot
Loading

Passing a negative or zero size to cursor.fetchmany() made it fetch all rows
instead of none.

While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized size value in the first
place is not recommended.
(cherry picked from commit bc172ee)

Co-authored-by: Bénédikt Tran 10796600+picnixz@users.noreply.github.com

📚 Documentation preview 📚: https://cpython-previews--139441.org.readthedocs.build/

@picnixz @miss-islington
pythongh-139283: correctly handle size limit in cursor.fetchmany() (
39b6fed 
pythonGH-139296)

Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.

While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
(cherry picked from commit bc172ee)

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
This was referenced Sep 30, 2025
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@picnixz picnixz picnixz approved these changes

@berkerpeksag berkerpeksag Awaiting requested review from berkerpeksag berkerpeksag is a code owner

@erlend-aasland erlend-aasland Awaiting requested review from erlend-aasland erlend-aasland is a code owner

Assignees

@hugovk hugovk

Labels
awaiting merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@miss-islington @picnixz @hugovk