Describe the bug
This code:
may invoke
PQsendPrepare with a C-style string that's missing a null terminator.
To Reproduce
Execute an SQL statement with a DbConnection, passing an std::string_view that doesn't have a null terminator in order to call this function:
|
internal::SqlBinder operator<<(const std::string_view &sql) |
|
{ |
|
return internal::SqlBinder(sql.data(), sql.length(), *this, type_); |
|
} |
Expected behavior
We add a null terminator if we can't be sure we already have one.
Desktop (please complete the following information):
- OS: NixOS
- Browser: Firefox
- Version: 1.9.10
Additional context
This gist is my code and log output when I initially encountered this; here, the symptom is that multiple SQL statements are incorrectly combined: https://gist.github.com/LordMZTE/9b707013112b870196ae9f95e4a748f5
Describe the bug
This code:
drogon/orm_lib/src/postgresql_impl/PgBatchConnection.cc
Line 304 in 8d640ba
PQsendPreparewith a C-style string that's missing a null terminator.To Reproduce
Execute an SQL statement with a
DbConnection, passing anstd::string_viewthat doesn't have a null terminator in order to call this function:drogon/orm_lib/inc/drogon/orm/DbClient.h
Lines 252 to 255 in 8d640ba
Expected behavior
We add a null terminator if we can't be sure we already have one.
Desktop (please complete the following information):
Additional context
This gist is my code and log output when I initially encountered this; here, the symptom is that multiple SQL statements are incorrectly combined: https://gist.github.com/LordMZTE/9b707013112b870196ae9f95e4a748f5