Commit d89abfc0 authored by unknown's avatar unknown

Fix for bug#17602 Server crash on AVG/SUM over DECIMAL column(2nd ver)

The table may be corrupted and decimal columns may have invalid values in this case.
To prevent crash we need to check that decimal column has allowable value.
In case of invalid value generate warning and set the value to 0.

parent fedf6131
...@@ -1347,6 +1347,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale) ...@@ -1347,6 +1347,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
} }
from+=i; from+=i;
*buf=x ^ mask; *buf=x ^ mask;
if (((uint32)*buf) >= powers10[intg0x+1])
goto err;
if (buf > to->buf || *buf != 0) if (buf > to->buf || *buf != 0)
buf++; buf++;
else else
...@@ -1356,6 +1358,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale) ...@@ -1356,6 +1358,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
{ {
DBUG_ASSERT(sizeof(dec1) == 4); DBUG_ASSERT(sizeof(dec1) == 4);
*buf=mi_sint4korr(from) ^ mask; *buf=mi_sint4korr(from) ^ mask;
if (((uint32)*buf) > DIG_MAX)
goto err;
if (buf > to->buf || *buf != 0) if (buf > to->buf || *buf != 0)
buf++; buf++;
else else
...@@ -1366,6 +1370,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale) ...@@ -1366,6 +1370,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
{ {
DBUG_ASSERT(sizeof(dec1) == 4); DBUG_ASSERT(sizeof(dec1) == 4);
*buf=mi_sint4korr(from) ^ mask; *buf=mi_sint4korr(from) ^ mask;
if (((uint32)*buf) > DIG_MAX)
goto err;
buf++; buf++;
} }
if (frac0x) if (frac0x)
...@@ -1381,10 +1387,17 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale) ...@@ -1381,10 +1387,17 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
default: DBUG_ASSERT(0); default: DBUG_ASSERT(0);
} }
*buf=(x ^ mask) * powers10[DIG_PER_DEC1 - frac0x]; *buf=(x ^ mask) * powers10[DIG_PER_DEC1 - frac0x];
if (((uint32)*buf) > DIG_MAX)
goto err;
buf++; buf++;
} }
my_afree(d_copy); my_afree(d_copy);
return error; return error;
err:
my_afree(d_copy);
decimal_make_zero(((decimal_t*) to));
return(E_DEC_BAD_NUM);
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment