Message-ID: <gh-postgresql-interfaces-psqlodbc-174@github.com>
From: "davecramer (@davecramer)" <noreply+davecramer@github.com>
To: "postgresql-interfaces/psqlodbc" <noreply+postgresql-interfaces-psqlodbc@github.com>
Date: Wed, 22 Apr 2026 11:05:24 +0000
Subject: [postgresql-interfaces/psqlodbc] PR #174: Fix stack buffer overflow in getPrecisionPart() (GitHub #173)
List-Id: <gh-postgresql-interfaces-psqlodbc.github.com>
X-GitHub-Author-Id: 406518
X-GitHub-Author-Login: davecramer
X-GitHub-Issue: 174
X-GitHub-Repo: postgresql-interfaces/psqlodbc
X-GitHub-State: merged
X-GitHub-Type: pull_request
X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/pull/174
Content-Type: text/plain; charset=utf-8

Clamp precision to the buffer size (9) before writing the NUL terminator in getPrecisionPart(). Previously, a precision value > 9 would write past the end of the local fraction[] buffer, corrupting the stack.

Also fix SQLSetDescField for ARD records: setting SQL_DESC_PRECISION, SQL_DESC_SCALE, or SQL_DESC_OCTET_LENGTH no longer nulls the data buffer. The unbind logic was incorrectly applied to these metadata fields, causing any descriptor precision override to silently unbind the column.

Add interval-overflow regression test that exercises both fixes by fetching an interval with fractional seconds using precision=20 via the ARD.

Fixes Issue #173

Reported by [@jarvis24young](https://github.com/jarvis24young) in [#173](https://github.com/postgresql-interfaces/psqlodbc/issues/173)