diff -r cb632988bc09 Lib/sqlite3/test/regression.py --- a/Lib/sqlite3/test/regression.py Tue Apr 08 09:14:21 2014 +0200 +++ b/Lib/sqlite3/test/regression.py Wed Apr 09 02:23:30 2014 +0200 @@ -336,6 +336,13 @@ class RegressionTests(unittest.TestCase) sqlite.connect, ":memory:", isolation_level=123) + def CheckNullCharacter(self): + # Issue #21147 + cursor = sqlite.connect(":memory:") + self.assertRaises(ValueError, cursor.execute, "\0select 1") + self.assertRaises(ValueError, cursor.execute, "select 1\0") + + def suite(): regression_suite = unittest.makeSuite(RegressionTests, "Check") return unittest.TestSuite((regression_suite,)) diff -r cb632988bc09 Modules/_sqlite/cursor.c --- a/Modules/_sqlite/cursor.c Tue Apr 08 09:14:21 2014 +0200 +++ b/Modules/_sqlite/cursor.c Wed Apr 09 02:23:30 2014 +0200 @@ -511,6 +511,11 @@ PyObject* _pysqlite_query_execute(pysqli pysqlite_statement_reset(self->statement); } + if (PyUnicode_FindChar(operation, '\0', 0, operation_len, 1) != -1) { + PyErr_SetString(PyExc_ValueError, "the query contains a null character"); + goto error; + } + operation_cstr = _PyUnicode_AsStringAndSize(operation, &operation_len); if (operation_cstr == NULL) goto error;