From 2c0eec689e2a37f6818efca870be7a6ac6b83d82 Mon Sep 17 00:00:00 2001
From: detule <ogjoneski@gmail.com>
Date: Thu, 18 Jun 2026 01:32:56 +0000
Subject: [PATCH] nanodbc: wvarchar: make sure to not read past pdata_ end

---
 src/nanodbc/nanodbc.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/nanodbc/nanodbc.cpp b/src/nanodbc/nanodbc.cpp
index a4a65b57..80db8fa4 100644
--- a/src/nanodbc/nanodbc.cpp
+++ b/src/nanodbc/nanodbc.cpp
@@ -4082,8 +4082,11 @@ inline void result::result_impl::get_ref_impl<string_type>(short column, string_
             // Type is unicode in the database, convert if necessary
             const SQLWCHAR* s =
                 reinterpret_cast<SQLWCHAR*>(col.pdata_ + rowset_position_ * col.clen_);
-            const string_type::size_type str_size =
-                col.cbdata_[rowset_position_] / sizeof(SQLWCHAR);
+            // Defensive programming: clamp so we never read past pdata_.
+            // See #1011 / Snowflake for SQLTables REMARKS
+            const string_type::size_type str_size = std::min<string_type::size_type>(
+                col.cbdata_[rowset_position_] / sizeof(SQLWCHAR),
+                col.clen_ / sizeof(SQLWCHAR));
             wide_string_type temp(s, s + str_size);
             convert(temp, result);
         }