Index: driver/execute.c
===================================================================
--- driver/execute.c	(revision 649)
+++ driver/execute.c	(working copy)
@@ -263,7 +263,12 @@
             {
 #ifndef strnlen
                 length=strlen(data);
-                if ( length > param->ValueMax )
+                /* 
+                For safety reasons add checking for SQL_SETPARAM_VALUE_MAX (-1)
+                The negative length can be passed through the deprecated 
+                function SQLSetParam 
+                */
+                if ( length > param->ValueMax && param->ValueMax > 0 )
                     length = param->ValueMax;
 #else
                 length=strnlen(data,param->ValueMax);
Index: test/my_prepare.c
===================================================================
--- test/my_prepare.c	(revision 649)
+++ test/my_prepare.c	(working copy)
@@ -1027,6 +1027,27 @@
 }
 
 
+DECLARE_TEST(t_bug29871)
+{
+  SQLCHAR *param= "1";
+
+  ok_sql(hstmt, "DROP TABLE IF EXISTS t_bug29871");
+  ok_sql(hstmt, "CREATE TABLE t_bug29871 (a INT)");
+  
+  /* The bug is relaged to calling deprecated SQLSetParam */
+  ok_stmt(hstmt, SQLSetParam(hstmt, 1, SQL_C_CHAR, SQL_INTEGER, 10, 0, 
+                             param, 0));
+  ok_stmt(hstmt, SQLExecDirect(hstmt,"INSERT INTO t_bug29871 VALUES (?)",
+	                       SQL_NTS));
+  ok_stmt(hstmt, SQLSetParam(hstmt, 1, SQL_C_CHAR, SQL_INTEGER, 10, 0, 
+                             param, 0));
+  ok_stmt(hstmt, SQLExecDirect(hstmt,"SELECT * FROM t_bug29871 WHERE a=?",
+	                       SQL_NTS));
+  ok_sql(hstmt, "DROP TABLE t_bug29871");
+  return OK;
+}
+
+
 BEGIN_TESTS
   ADD_TEST(t_prep_basic)
   ADD_TEST(t_prep_buffer_length)
@@ -1041,6 +1062,7 @@
   ADD_TEST(tmysql_bindcol)
   ADD_TEST(tmysql_bindparam)
   ADD_TEST(t_acc_update)
+  ADD_TEST(t_bug29871)
 END_TESTS