From db1ff663f60ec80bca774c8a15c57f79fa305326 Mon Sep 17 00:00:00 2001
From: rfm <richardfrithmacdonald@gmail.com>
Date: Tue, 18 Feb 2025 17:32:45 +0000
Subject: [PATCH] Fix buffer overrun

---
 SQLClient.m | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/SQLClient.m b/SQLClient.m
index d9d5cb4..3b6b793 100644
--- a/SQLClient.m
+++ b/SQLClient.m
@@ -3256,6 +3256,7 @@ static int	        poolConnections = 0;
       unsigned char		*buf;
       unsigned char		*ptr;
       const unsigned char	*from = (const unsigned char*)statement;
+      const unsigned char	*end = from + strlen((const char*)statement);
 
       /*
        * Calculate length of buffer needed.
@@ -3274,10 +3275,10 @@ static int	        poolConnections = 0;
        * Merge quoted data objects into statement.
        */
       i = 1;
-      from = (unsigned char*)statement;
-      while (*from != 0)
+      while (from < end)
 	{
 	  if (*from == *(unsigned char*)marker
+	    && (from + mLength) < end
 	    && memcmp(from, marker, mLength) == 0)
 	    {
 	      NSData	*d = [blobs objectAtIndex: i++];