From 07cb5c880c90cbb325d2ed20d99863a0ab248c09 Mon Sep 17 00:00:00 2001
From: Anton Popovichenko <anton.popovichenko@mendix.com>
Date: Tue, 11 Feb 2025 17:24:56 +0100
Subject: [PATCH] fix(Core/SQLField): Fix heap-buffer-overflow issue when
 interacting with mysql field value. (#21393)

---
 src/server/database/Database/Field.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/server/database/Database/Field.cpp b/src/server/database/Database/Field.cpp
index 1120b754e..83158aab9 100644
--- a/src/server/database/Database/Field.cpp
+++ b/src/server/database/Database/Field.cpp
@@ -212,7 +212,7 @@ T Field::GetData() const
     if (data.raw)
         result = *reinterpret_cast<T const*>(data.value);
     else
-        result = Acore::StringTo<T>(data.value);
+        result = Acore::StringTo<T>(std::string_view(data.value, data.length));
 
     // Correct double fields... this undefined behavior :/
     if constexpr (std::is_same_v<T, double>)
@@ -220,7 +220,7 @@ T Field::GetData() const
         if (data.raw && !IsType(DatabaseFieldTypes::Decimal))
             result = *reinterpret_cast<double const*>(data.value);
         else
-            result = Acore::StringTo<float>(data.value);
+            result = Acore::StringTo<float>(std::string_view(data.value, data.length));
     }
 
     // Check -1 for *_dbc db tables
@@ -230,7 +230,7 @@ T Field::GetData() const
 
         if (!tableName.empty() && tableName.size() > 4)
         {
-            auto signedResult = Acore::StringTo<int32>(data.value);
+            auto signedResult = Acore::StringTo<int32>(std::string_view(data.value, data.length));
 
             if (signedResult && !result && tableName.substr(tableName.length() - 4) == "_dbc")
             {