Message-ID: From: "jarvis24young (@jarvis24young)" To: "postgresql-interfaces/psqlodbc" Date: Thu, 23 Apr 2026 09:18:52 +0000 Subject: Re: [postgresql-interfaces/psqlodbc] PR #175: Validate percent escapes before decoding connection-string values In-Reply-To: References: List-Id: X-GitHub-Author-Login: jarvis24young X-GitHub-Comment-Id: 4303214448 X-GitHub-Comment-Type: issue_comment X-GitHub-Issue: 175 X-GitHub-Repo: postgresql-interfaces/psqlodbc X-GitHub-Type: comment X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/pull/175#issuecomment-4303214448 Content-Type: text/plain; charset=utf-8 I updated the regression test to make it stronger. Instead of using `PWD=...` and accepting an authentication failure, the test now uses `pqopt=application_name=...`. That still exercises the same `decode_or_remove_braces()` / `decode()` path for connection-string percent decoding, but it does not override the DSN password, so `SQLDriverConnect()` is expected to succeed for each case. For reference, before this patch the truncated percent case triggers UBSan in my local ASan/UBSan build: ```text dlg_specific.c:1584:12: runtime error: left shift of negative value -48 #0 conv_from_hex /home/yjw/psqlodbc-build/dlg_specific.c:1584 #1 decode /home/yjw/psqlodbc-build/dlg_specific.c:1612 #2 decode_or_remove_braces /home/yjw/psqlodbc-build/dlg_specific.c:1658 #3 copyConnAttributes /home/yjw/psqlodbc-build/dlg_specific.c:639 #4 dconn_get_attributes /home/yjw/psqlodbc-build/drvconn.c:577 #5 PGAPI_DriverConnect /home/yjw/psqlodbc-build/drvconn.c:157 #6 SQLDriverConnect /home/yjw/psqlodbc-build/odbcapi.c:213 ``` The `ok` output in the committed regression test represents the fixed behavior: malformed percent escapes no longer reach `conv_from_hex()`, and the connection path completes successfully.