Message-ID: <gh-postgresql-interfaces-psqlodbc-151@github.com>
From: "0xYashwanth (@0xYashwanth)" <noreply+0xYashwanth@github.com>
To: "postgresql-interfaces/psqlodbc" <noreply+postgresql-interfaces-psqlodbc@github.com>
Date: Sun, 04 Jan 2026 16:57:18 +0000
Subject: [postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status
List-Id: <gh-postgresql-interfaces-psqlodbc.github.com>
X-GitHub-Author-Id: 106170210
X-GitHub-Author-Login: 0xYashwanth
X-GitHub-Issue: 151
X-GitHub-Repo: postgresql-interfaces/psqlodbc
X-GitHub-State: merged
X-GitHub-Type: pull_request
X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/pull/151
Content-Type: text/plain; charset=utf-8

**bug causing out-of-bounds memory access in `AddUpdated()` when updating cached row status.**

In the `else if (upd_idx >= 0)` branch at line 2691, the code updates `res->updated_keyset[upd_idx].status` but then incorrectly accesses `res->added_tuples + num_fields * upd_add_idx` to clear cached data.

When a row's status in the `updated_keyset` array is modified, the corresponding cached tuple data must be invalidated. 
The invariant is: **for any index `i`, the tuple cache entry is stored at `base_array + num_fields * i`**. Since we're modifying `updated_keyset[upd_idx]`, the corresponding tuple cache is at `updated_tuples + num_fields * upd_idx`. 
Using the wrong base array (`added_tuples`) or wrong index (`upd_add_idx = -1`) violates this and produces undefined behavior.

## Fix
```c
tuple = res->updated_tuples + num_fields * upd_idx;
```