-
Vadim Zeitlin authored
ODBC documentation[1] states that "StrLen_or_IndPtr" parameter may contain the length of the parameter value being bound and that this length is "ignored except for character or binary C data", however MySQL ODBC driver[2] misinterprets this and considers that if the value of this parameter is SQL_NTS, it must still find the parameter length as if it were a nul-terminated string, i.e. by using strlen() which, of course, fails horribly when the data is binary, resulting in accessing data beyond the allocated heap block and possibly crashing -- and, at the very least, tripping address sanitizer checks. Work around this apparent MySQL driver bug by explicitly _not_ passing SQL_NTS for non-character data. This is enough to fix the problem for it as length is really not used in this case, and shouldn't have any negative implications for the other databases. [1]: https://docs.microsoft.com/en-us/sql/odbc/reference/syntax/sqlbindparameter-function [2]: https://github.com/mysql/mysql-connector-odbc
2aeb3287