[postgresql-interfaces/psqlodbc] PR #178: Reject overlong cursor names

postgresql-interfaces/psqlodbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

From: jarvis24young (@jarvis24young) <[email protected]>
To: postgresql-interfaces/psqlodbc <[email protected]>
Subject: [postgresql-interfaces/psqlodbc] PR #178: Reject overlong cursor names
Date: Tue, 28 Apr 2026 03:26:23 +0000
Message-ID: <[email protected]> (raw)

## Summary

This patch makes `SQLSetCursorName()` reject cursor names longer than the length advertised by the driver through `SQLGetInfo(SQL_MAX_CURSOR_NAME_LEN)`.

The driver reports `MAX_CURSOR_LEN` (`32`) for `SQL_MAX_CURSOR_NAME_LEN`, but `PGAPI_SetCursorName()` previously accepted and stored longer application-provided cursor names. The new check validates the fully materialized cursor name before replacing the statement's current cursor name.

## Details

`PGAPI_SetCursorName()` now:

- builds the requested cursor name into a temporary buffer first;
- reports `STMT_NO_MEMORY_ERROR` if allocation fails;
- rejects names longer than `MAX_CURSOR_LEN` with `STMT_INVALID_CURSOR_NAME`;
- only replaces `stmt->cursor_name` after allocation and validation both succeed.

This keeps the statement state unchanged on failure and makes `SQLSetCursorName()` consistent with the driver's advertised ODBC cursor-name limit.

## Regression test

The existing `cursor-name` black-box ODBC test now:

- queries `SQL_MAX_CURSOR_NAME_LEN` from the connected driver;
- builds an invalid cursor name with length `SQL_MAX_CURSOR_NAME_LEN + 1`;
- verifies that `SQLSetCursorName()` rejects it;
- verifies the diagnostic SQLSTATE is `34000`;
- then continues through the existing valid cursor-name path.

Verified in WSL against the unixODBC test path with an ASan/UBSan/gcov build:

```sh
cd ~/psqlodbc-build
make -j4
cd test
make LIBODBC='-lodbc' exe/cursor-name-test
ODBCSYSINI=. ODBCINSTINI=./odbcinst.ini ODBCINI=./odbc.ini \
  ASAN_OPTIONS=verify_asan_link_order=0:detect_leaks=0 \
  LD_PRELOAD=/lib/x86_64-linux-gnu/libasan.so.8 \
  ./runsuite cursor-name --inputdir=.
```

Result:

```text
TAP version 13
1..1
ok 1 - cursor-name
```

view thread (3+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: github://postgresql-interfaces/psqlodbc
  Cc: [email protected], [email protected]
  Subject: Re: [postgresql-interfaces/psqlodbc] PR #178: Reject overlong cursor names
  In-Reply-To: <<[email protected]>>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox