PgBatchConnection may pass strings without a null terminator to libpq APIs

**Describe the bug**
This code: https://github.com/drogonframework/drogon/blob/8d640bafb45e95eaa8931ae12d75ed2dbeff7043/orm_lib/src/postgresql_impl/PgBatchConnection.cc#L304 may invoke `PQsendPrepare` with a C-style string that's missing a null terminator.

**To Reproduce**
Execute an SQL statement with a `DbConnection`, passing an `std::string_view` that doesn't have a null terminator in order to call this function: https://github.com/drogonframework/drogon/blob/8d640bafb45e95eaa8931ae12d75ed2dbeff7043/orm_lib/inc/drogon/orm/DbClient.h#L252-L255

**Expected behavior**
We add a null terminator if we can't be sure we already have one.

**Desktop (please complete the following information):**
 - OS: NixOS
 - Browser: Firefox
 - Version: 1.9.10

**Additional context**
This gist is my code and log output when I initially encountered this; here, the symptom is that multiple SQL statements are incorrectly combined: https://gist.github.com/LordMZTE/9b707013112b870196ae9f95e4a748f5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

PgBatchConnection may pass strings without a null terminator to libpq APIs #2328

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	internal::SqlBinder operator<<(const std::string_view &sql)
	{
	return internal::SqlBinder(sql.data(), sql.length(), *this, type_);
	}

Uh oh!

PgBatchConnection may pass strings without a null terminator to libpq APIs #2328

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions