ext/pdo_firebird: Throw ValueError if cursor name is too long (#17173)

Co-authored-by: Saki Takamachi <34942839+SakiTakamachi@users.noreply.github.com>

Author: Girgias

ext/pdo_firebird/firebird_statement.c

@@ -887,15 +887,25 @@ static int pdo_firebird_stmt_set_attribute(pdo_stmt_t *stmt, zend_long attr, zva
 		default:
 			return 0;
 		case PDO_ATTR_CURSOR_NAME:
-			if (!try_convert_to_string(val)) {
+			zend_string *str_val = zval_try_get_string(val);
+			if (str_val == NULL) {
+				return 0;
+			}
+			// TODO Check cursor name does not have null bytes?
+			if (ZSTR_LEN(str_val) >= sizeof(S->name)) {
+				zend_value_error("Cursor name must not be longer than %zu bytes", sizeof(S->name) - 1);
+				zend_string_release(str_val);
 				return 0;
 			}
 
-			if (isc_dsql_set_cursor_name(S->H->isc_status, &S->stmt, Z_STRVAL_P(val),0)) {
+			if (isc_dsql_set_cursor_name(S->H->isc_status, &S->stmt, ZSTR_VAL(str_val), 0)) {
 				php_firebird_error_stmt(stmt);
+				zend_string_release(str_val);
 				return 0;
 			}
-			strlcpy(S->name, Z_STRVAL_P(val), sizeof(S->name));
+			/* Include trailing nul byte */
+			memcpy(S->name, ZSTR_VAL(str_val), ZSTR_LEN(str_val) + 1);
+			zend_string_release(str_val);
 			break;
 	}
 	return 1;

ext/pdo_firebird/tests/setCursorAttribute.phpt

@@ -0,0 +1,26 @@
+--TEST--
+Throw value error if cursor name is too long
+--EXTENSIONS--
+pdo_firebird
+--SKIPIF--
+<?php require 'skipif.inc'; ?>
+--XLEAK--
+A bug in firebird causes a memory leak when calling `isc_attach_database()`.
+See https://github.com/FirebirdSQL/firebird/issues/7849
+--FILE--
+<?php
+require 'testdb.inc';
+
+$dbh = getDbConnection();
+$query = 'SELECT 1 FROM RDB$DATABASE';
+$stmt = $dbh->query($query);
+
+try {
+    $stmt->setAttribute(PDO::ATTR_CURSOR_NAME, str_repeat('a', 35));
+} catch (Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), PHP_EOL;
+}
+
+?>
+--EXPECT--
+ValueError: Cursor name must not be longer than 31 bytes