From aaf3d854a533cdeff5bbcea7793e5795465f984a Mon Sep 17 00:00:00 2001
From: gargsaumya <saumyagarg.100@gmail.com>
Date: Mon, 29 Sep 2025 21:25:53 +0530
Subject: [PATCH 1/2] fixes memory leak issue-AB#37606

---
 mssql_python/pybind/connection/connection.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/mssql_python/pybind/connection/connection.cpp b/mssql_python/pybind/connection/connection.cpp
index c90529ef..ebf3c52e 100644
--- a/mssql_python/pybind/connection/connection.cpp
+++ b/mssql_python/pybind/connection/connection.cpp
@@ -173,16 +173,16 @@ SQLRETURN Connection::setAttribute(SQLINTEGER attribute, py::object value) {
     LOG("Setting SQL attribute");
     SQLPOINTER ptr = nullptr;
     SQLINTEGER length = 0;
+    std::string buffer; // to hold sensitive data temporarily
 
     if (py::isinstance<py::int_>(value)) {
         int intValue = value.cast<int>();
         ptr = reinterpret_cast<SQLPOINTER>(static_cast<uintptr_t>(intValue));
         length = SQL_IS_INTEGER;
     } else if (py::isinstance<py::bytes>(value) || py::isinstance<py::bytearray>(value)) {
-        static std::vector<std::string> buffers;
-        buffers.emplace_back(value.cast<std::string>());
-        ptr = const_cast<char*>(buffers.back().c_str());
-        length = static_cast<SQLINTEGER>(buffers.back().size());
+        buffer = value.cast<std::string>();  // stack buffer
+        ptr = const_cast<char*>(buffer.c_str());
+        length = static_cast<SQLINTEGER>(buffer.size());
     } else {
         LOG("Unsupported attribute value type");
         return SQL_ERROR;
@@ -195,6 +195,11 @@ SQLRETURN Connection::setAttribute(SQLINTEGER attribute, py::object value) {
     else {
         LOG("Set attribute successfully");
     }
+    
+    // Zero out sensitive data if used
+    if (!buffer.empty()) {
+        std::fill(buffer.begin(), buffer.end(), static_cast<char>(0));
+    }
     return ret;
 }
 

From aaa1da0ed20b3671dd9626fa514b887d58830d01 Mon Sep 17 00:00:00 2001
From: gargsaumya <saumyagarg.100@gmail.com>
Date: Mon, 29 Sep 2025 21:32:44 +0530
Subject: [PATCH 2/2] copilot comment

---
 mssql_python/pybind/connection/connection.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mssql_python/pybind/connection/connection.cpp b/mssql_python/pybind/connection/connection.cpp
index ebf3c52e..3311c697 100644
--- a/mssql_python/pybind/connection/connection.cpp
+++ b/mssql_python/pybind/connection/connection.cpp
@@ -181,7 +181,7 @@ SQLRETURN Connection::setAttribute(SQLINTEGER attribute, py::object value) {
         length = SQL_IS_INTEGER;
     } else if (py::isinstance<py::bytes>(value) || py::isinstance<py::bytearray>(value)) {
         buffer = value.cast<std::string>();  // stack buffer
-        ptr = const_cast<char*>(buffer.c_str());
+        ptr = buffer.data();
         length = static_cast<SQLINTEGER>(buffer.size());
     } else {
         LOG("Unsupported attribute value type");