Skip to content

Keep SetConnectAttrW buffers alive#1472

Open
bkline wants to merge 1 commit intomkleehammer:masterfrom
bkline:1469-attr_before-bytes
Open

Keep SetConnectAttrW buffers alive#1472
bkline wants to merge 1 commit intomkleehammer:masterfrom
bkline:1469-attr_before-bytes

Conversation

@bkline
Copy link
Copy Markdown
Contributor

@bkline bkline commented Mar 30, 2026

According to the ODBC specification, only a small handful of API functions are allowed to keep pointers for buffers of non-scalar values for use after the function has returned. The spec identifies each of those functions, and SetConnectAttrW is not one of them. However, Microsoft's ODBC Driver 18 for SQL Server does not comply with this restriction, and if we don't keep such buffers valid until after SQLDriverConnectW has returned, the application can crash. See microsoft/msphpsql#1594 for further details.

Closes #1469

@bkline
Keep SetConnectAttrW buffers alive
e1ca22e 
According to the ODBC specification, only a small handful of API
functions are allowed to keep pointers for buffers of non-scalar
values for use after the function has returned. The spec identifies
each of those functions, and SetConnectAttrW is not one of them.
However, Microsoft's ODBC Driver 18 for SQL Server does not comply
with this restriction, and if we don't keep such buffers valid
until after SQLDriverConnectW has returned, the application can
crash. See microsoft/msphpsql#1594 for
further details.

Closes mkleehammer#1469
@bkline bkline mentioned this pull request Mar 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use-after-free in pyodbc.connect(): attrs_before bytes buffer passed to GIL-released SQLSetConnectAttrW() without a strong reference

1 participant

@bkline