Fix boolean buffer overflow

[richardm90]

Summary

Fix a buffer overread in the native addon that caused garbage characters to be appended to string values returned from queries. The bug is most easily reproduced with BOOLEAN columns, where querying a FALSE value returns "FALSEdנ" or similar corrupted data.

Root cause

Three issues contribute to the bug:

1. Undersized bind buffer for BOOLEAN — bindColData() uses colPrecise * 4 + 1 to size the bind buffer. BOOLEAN has colPrecise=1 (it's logically a 1-bit value), giving a 5-byte buffer. The DB2 CLI converts BOOLEAN to its string representation "FALSE" (5 chars), which fills the buffer with no room for a null terminator.

2. Missing null terminator in result copy — fetchData() allocates calloc(colLen, ...) for the result buffer and copies colLen bytes via memcpy, with no extra byte for null termination.

3. Null-terminated string creation — buildJsObject() passes the result buffer to Napi::String::New(env, data), which reads until \0. Without a null terminator, it reads past the buffer into heap memory, producing garbage characters.

Changes

• bindColData() — enforce a minimum bind buffer size of 6 bytes in the default case, ensuring BOOLEAN's "FALSE" representation (5 chars + null) always fits
• fetchData() — allocate colLen + 1 bytes for the result buffer, ensuring null termination after memcpy
• buildJsObject() — use the length-aware Napi::String::New(env, data, rlength) overload as defense in depth, so string creation is bounded by the known data length rather than relying on null termination
• dberror.h — update SQL_DATALINK comment to note its value changed from 16 to -400 in IBM i 7.5 (value 16 is now SQL_BOOLEAN)

Observations

• The sqlcli-devel yum package does not yet include a SQL_BOOLEAN definition, even though the system header QSYSINC/H(SQLCLI) has been updated in IBM i 7.5
• There does not appear to be an existing mechanism in the codebase to determine the IBM i OS version at build or run time, so we could not conditionally handle BOOLEAN vs DATALINK for type 16
• The SQL BOOLEAN data type is returned as a string ("TRUE" or "FALSE"), not as a native boolean

Test plan

• New tests added for BOOLEAN (true, false, null), CHAR, VARCHAR, and multi-byte UTF-8 characters
• BOOLEAN false test fails without fix, passes with fix
• Multi-byte UTF-8 (4-byte emoji) test passes with and without fix - I added this test to check I'd not broken anything with CHAR or VARCHAR columns
• All 93 tests pass with fix applied
• Tested on IBM i 7.5 / Node.js 22

[kadler]

TBH I think we should bind booleans as a boolean type not as a string anyway. As mentioned in the PR description, the value of SQL_DATALINK was changed in 7.5 so that SQL_BOOLEAN could use its value for consistency with Db2 LUW. I argued against this change, but it was determined that there would be minimal impact because basically nobody uses DATALINKs anyway so we may as well do the same.

• add code define SQL_BOOLEAN (and redefine SQL_DATALINK) if not defined
• adjust db2a.js to set SQL_DATALINK to -400.
• add SQL_BOOLEAN to db2a.js with value 16

[richardm90]

@kadler, apologies for the delay, I'd turned off notifications some time ago and had forgotten that fact when I raised this PR. I'll have a look at the changes you suggest.