diff --git a/NEWS b/NEWS
index 00ba31fd248..ab565d58ae5 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,10 @@ PHP                                                                        NEWS
   . Support for building against Oracle Client libraries 10.1 and 10.2 has been
     dropped. Oracle Client libraries 11.2 or newer are now required.
 
+- PDO_ODBC:
+  . Fixed bug #80909 (crash with persistent connections in PDO_ODBC). (Calvin
+    Buckley)
+
 - Standard:
   . net_get_interfaces() also reports wireless network interfaces on Windows.
     (Yurun)
diff --git a/ext/pdo_odbc/odbc_driver.c b/ext/pdo_odbc/odbc_driver.c
index 4f59913937a..840b7aeb8be 100644
--- a/ext/pdo_odbc/odbc_driver.c
+++ b/ext/pdo_odbc/odbc_driver.c
@@ -487,8 +487,16 @@ static int pdo_odbc_handle_factory(pdo_dbh_t *dbh, zval *driver_options) /* {{{
 		/* Force UID and PWD to be set in the DSN */
 		if (dbh->username && *dbh->username && !strstr(dbh->data_source, "uid")
 				&& !strstr(dbh->data_source, "UID")) {
-			char *dsn;
-			spprintf(&dsn, 0, "%s;UID=%s;PWD=%s", dbh->data_source, dbh->username, dbh->password);
+			/* XXX: Do we check if password is null? */
+			size_t new_dsn_size = strlen(dbh->data_source)
+				+ strlen(dbh->username) + strlen(dbh->password)
+				+ strlen(";UID=;PWD=") + 1;
+			char *dsn = pemalloc(new_dsn_size, dbh->is_persistent);
+			if (dsn == NULL) {
+				/* XXX: Do we inform the caller? */
+				goto fail;
+			}
+			snprintf(dsn, new_dsn_size, "%s;UID=%s;PWD=%s", dbh->data_source, dbh->username, dbh->password);
 			pefree((char*)dbh->data_source, dbh->is_persistent);
 			dbh->data_source = dsn;
 		}