Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
a72a9816
Commit
a72a9816
authored
Jul 15, 2011
by
Tor Didriksen
Browse files
Options
Browse Files
Download
Plain Diff
merge 5.0-security => 5.1-security
parents
9827d4aa
cfe3489b
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
44 additions
and
5 deletions
+44
-5
client/sql_string.cc
client/sql_string.cc
+4
-2
include/m_string.h
include/m_string.h
+9
-0
mysql-test/r/type_float.result
mysql-test/r/type_float.result
+12
-0
mysql-test/t/type_float.test
mysql-test/t/type_float.test
+15
-0
sql/sql_string.cc
sql/sql_string.cc
+4
-2
sql/unireg.h
sql/unireg.h
+0
-1
No files found.
client/sql_string.cc
View file @
a72a9816
...
@@ -118,7 +118,7 @@ bool String::set(ulonglong num, CHARSET_INFO *cs)
...
@@ -118,7 +118,7 @@ bool String::set(ulonglong num, CHARSET_INFO *cs)
bool
String
::
set
(
double
num
,
uint
decimals
,
CHARSET_INFO
*
cs
)
bool
String
::
set
(
double
num
,
uint
decimals
,
CHARSET_INFO
*
cs
)
{
{
char
buff
[
331
];
char
buff
[
FLOATING_POINT_BUFFER
];
uint
dummy_errors
;
uint
dummy_errors
;
str_charset
=
cs
;
str_charset
=
cs
;
...
@@ -188,7 +188,9 @@ end:
...
@@ -188,7 +188,9 @@ end:
#else
#else
#ifdef HAVE_SNPRINTF
#ifdef HAVE_SNPRINTF
buff
[
sizeof
(
buff
)
-
1
]
=
0
;
// Safety
buff
[
sizeof
(
buff
)
-
1
]
=
0
;
// Safety
snprintf
(
buff
,
sizeof
(
buff
)
-
1
,
"%.*f"
,(
int
)
decimals
,
num
);
int
num_chars
=
snprintf
(
buff
,
sizeof
(
buff
)
-
1
,
"%.*f"
,(
int
)
decimals
,
num
);
DBUG_ASSERT
(
num_chars
>
0
);
DBUG_ASSERT
(
num_chars
<
(
int
)
sizeof
(
buff
));
#else
#else
sprintf
(
buff
,
"%.*f"
,(
int
)
decimals
,
num
);
sprintf
(
buff
,
"%.*f"
,(
int
)
decimals
,
num
);
#endif
#endif
...
...
include/m_string.h
View file @
a72a9816
...
@@ -179,6 +179,15 @@ extern int is_prefix(const char *, const char *);
...
@@ -179,6 +179,15 @@ extern int is_prefix(const char *, const char *);
double
my_strtod
(
const
char
*
str
,
char
**
end
,
int
*
error
);
double
my_strtod
(
const
char
*
str
,
char
**
end
,
int
*
error
);
double
my_atof
(
const
char
*
nptr
);
double
my_atof
(
const
char
*
nptr
);
#ifndef NOT_FIXED_DEC
#define NOT_FIXED_DEC 31
#endif
/*
Max length of a floating point number.
*/
#define FLOATING_POINT_BUFFER (311 + NOT_FIXED_DEC)
extern
char
*
llstr
(
longlong
value
,
char
*
buff
);
extern
char
*
llstr
(
longlong
value
,
char
*
buff
);
extern
char
*
ullstr
(
longlong
value
,
char
*
buff
);
extern
char
*
ullstr
(
longlong
value
,
char
*
buff
);
#ifndef HAVE_STRTOUL
#ifndef HAVE_STRTOUL
...
...
mysql-test/r/type_float.result
View file @
a72a9816
...
@@ -407,4 +407,16 @@ SELECT f1 FROM t1;
...
@@ -407,4 +407,16 @@ SELECT f1 FROM t1;
f1
f1
-1.79769313486231e+308
-1.79769313486231e+308
DROP TABLE t1;
DROP TABLE t1;
#
# Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
#
select format(-1.7976931348623157E+307,256) as foo;
foo
ignore_float_result
select least(-1.1111111111111111111111111,
- group_concat(1.7976931348623157E+308)) as foo;
foo
ignore_float_result
select concat((truncate((-1.7976931348623157E+307),(0x1e))),
(99999999999999999999999999999999999999999999999999999999999999999)) into @a;
End of 5.0 tests
End of 5.0 tests
mysql-test/t/type_float.test
View file @
a72a9816
...
@@ -276,4 +276,19 @@ INSERT INTO t1 VALUES(-1.79769313486231e+308);
...
@@ -276,4 +276,19 @@ INSERT INTO t1 VALUES(-1.79769313486231e+308);
SELECT
f1
FROM
t1
;
SELECT
f1
FROM
t1
;
DROP
TABLE
t1
;
DROP
TABLE
t1
;
--
echo
#
--
echo
# Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
--
echo
#
let
$nine_65
=
99999999999999999999999999999999999999999999999999999999999999999
;
--
replace_column
1
ignore_float_result
select
format
(
-
1.7976931348623157E+307
,
256
)
as
foo
;
--
replace_column
1
ignore_float_result
select
least
(
-
1.1111111111111111111111111
,
-
group_concat
(
1.7976931348623157E+308
))
as
foo
;
eval
select
concat
((
truncate
((
-
1.7976931348623157E+307
),(
0x1e
))),
(
$nine_65
))
into
@
a
;
--
echo
End
of
5.0
tests
--
echo
End
of
5.0
tests
sql/sql_string.cc
View file @
a72a9816
...
@@ -130,7 +130,7 @@ bool String::set_int(longlong num, bool unsigned_flag, CHARSET_INFO *cs)
...
@@ -130,7 +130,7 @@ bool String::set_int(longlong num, bool unsigned_flag, CHARSET_INFO *cs)
bool
String
::
set_real
(
double
num
,
uint
decimals
,
CHARSET_INFO
*
cs
)
bool
String
::
set_real
(
double
num
,
uint
decimals
,
CHARSET_INFO
*
cs
)
{
{
char
buff
[
331
];
char
buff
[
FLOATING_POINT_BUFFER
];
uint
dummy_errors
;
uint
dummy_errors
;
str_charset
=
cs
;
str_charset
=
cs
;
...
@@ -200,7 +200,9 @@ end:
...
@@ -200,7 +200,9 @@ end:
#else
#else
#ifdef HAVE_SNPRINTF
#ifdef HAVE_SNPRINTF
buff
[
sizeof
(
buff
)
-
1
]
=
0
;
// Safety
buff
[
sizeof
(
buff
)
-
1
]
=
0
;
// Safety
snprintf
(
buff
,
sizeof
(
buff
)
-
1
,
"%.*f"
,(
int
)
decimals
,
num
);
int
num_chars
=
snprintf
(
buff
,
sizeof
(
buff
)
-
1
,
"%.*f"
,(
int
)
decimals
,
num
);
DBUG_ASSERT
(
num_chars
>
0
);
DBUG_ASSERT
(
num_chars
<
(
int
)
sizeof
(
buff
));
#else
#else
sprintf
(
buff
,
"%.*f"
,(
int
)
decimals
,
num
);
sprintf
(
buff
,
"%.*f"
,(
int
)
decimals
,
num
);
#endif
#endif
...
...
sql/unireg.h
View file @
a72a9816
...
@@ -210,7 +210,6 @@
...
@@ -210,7 +210,6 @@
*/
*/
#define BIN_LOG_HEADER_SIZE 4
#define BIN_LOG_HEADER_SIZE 4
#define FLOATING_POINT_BUFFER 331
#define DEFAULT_KEY_CACHE_NAME "default"
#define DEFAULT_KEY_CACHE_NAME "default"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment