Reject non-finite floats (nan, inf) in parameter substitution

Author: james-willis

tests/test_cursor.py

@@ -78,6 +78,18 @@ def test_non_primitive_uses_str(self):
 
         assert _quote_value(date(2024, 1, 15)) == "'2024-01-15'"
 
+    def test_nan_raises(self):
+        with pytest.raises(ProgrammingError, match="Cannot convert float"):
+            _quote_value(float("nan"))
+
+    def test_inf_raises(self):
+        with pytest.raises(ProgrammingError, match="Cannot convert float"):
+            _quote_value(float("inf"))
+
+    def test_negative_inf_raises(self):
+        with pytest.raises(ProgrammingError, match="Cannot convert float"):
+            _quote_value(float("-inf"))
+
 
 # ---------------------------------------------------------------------------
 # cursor.execute() end-to-end tests

wherobots/db/cursor.py

@@ -1,3 +1,4 @@
+import math
 import queue
 import re
 from typing import Any, List, Tuple, Dict
@@ -21,6 +22,10 @@ def _quote_value(value: Any) -> str:
     if isinstance(value, bool):
         return "TRUE" if value else "FALSE"
     if isinstance(value, (int, float)):
+        if isinstance(value, float) and (math.isnan(value) or math.isinf(value)):
+            raise ProgrammingError(
+                f"Cannot convert float value {value!r} to SQL literal"
+            )
         return str(value)
     if isinstance(value, bytes):
         return "X'" + value.hex() + "'"