Commit 193b7327 authored by unknown's avatar unknown

bug #28361 Buffer overflow in DECIMAL code on Windows

my_decimal in some cases can contain more decimal digits than
is officially supported (DECIMAL_MAX_PRECISION), so we need to
prepare bigger buffer for the resulting string.


mysql-test/r/type_newdecimal.result:
  bug #28361 Buffer overflow in DECIMAL code on Windows
  test result
mysql-test/t/type_newdecimal.test:
  bug #28361 Buffer overflow in DECIMAL code on Windows
  test case
  This test case doesn't fall in most cases even without the fix
  Still valgrind shows the problemn
sql/my_decimal.h:
  bug #28361 Buffer overflow in DECIMAL code on Windows
  DECIMAL_MAX_POSSIBLE_PRECISION introduced to be used in places,
  when we need to check for the number of digits technicaly possible
  in my_decimal.
  DECIMAL_MAX_STR_LENGTH fixed as it has to fit for the MAX_POSSIBLE_PRECISION
parent 1cccaaed
...@@ -1465,4 +1465,7 @@ Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at r ...@@ -1465,4 +1465,7 @@ Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at r
Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at row 1 Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at row 1
Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at row 1 Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at row 1
Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at row 1 Error 1264 Out of range value adjusted for column 'cast(a as DECIMAL(3,2))' at row 1
create table t1 (s varchar(100));
insert into t1 values (0.00000000010000000000000000364321973154977415791655470655996396089904010295867919921875);
drop table t1;
End of 5.0 tests End of 5.0 tests
...@@ -1149,4 +1149,12 @@ select cast(a as DECIMAL(3,2)), count(*) ...@@ -1149,4 +1149,12 @@ select cast(a as DECIMAL(3,2)), count(*)
UNION select 12.1234 UNION select 12.1234
) t group by 1; ) t group by 1;
#
# Bug #28361 Buffer overflow in DECIMAL code on Windows
#
create table t1 (s varchar(100));
insert into t1 values (0.00000000010000000000000000364321973154977415791655470655996396089904010295867919921875);
drop table t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -36,13 +36,17 @@ C_MODE_END ...@@ -36,13 +36,17 @@ C_MODE_END
/* maximum length of buffer in our big digits (uint32) */ /* maximum length of buffer in our big digits (uint32) */
#define DECIMAL_BUFF_LENGTH 9 #define DECIMAL_BUFF_LENGTH 9
/* the number of digits that my_decimal can possibly contain */
#define DECIMAL_MAX_POSSIBLE_PRECISION (DECIMAL_BUFF_LENGTH * 9)
/* /*
maximum guaranteed precision of number in decimal digits (number of our maximum guaranteed precision of number in decimal digits (number of our
digits * number of decimal digits in one our big digit - number of decimal digits * number of decimal digits in one our big digit - number of decimal
digits in one our big digit decreased on 1 (because we always put decimal digits in one our big digit decreased by 1 (because we always put decimal
point on the border of our big digits)) point on the border of our big digits))
*/ */
#define DECIMAL_MAX_PRECISION ((DECIMAL_BUFF_LENGTH * 9) - 8*2) #define DECIMAL_MAX_PRECISION (DECIMAL_MAX_POSSIBLE_PRECISION - 8*2)
#define DECIMAL_MAX_SCALE 30 #define DECIMAL_MAX_SCALE 30
#define DECIMAL_NOT_SPECIFIED 31 #define DECIMAL_NOT_SPECIFIED 31
...@@ -50,7 +54,7 @@ C_MODE_END ...@@ -50,7 +54,7 @@ C_MODE_END
maximum length of string representation (number of maximum decimal maximum length of string representation (number of maximum decimal
digits + 1 position for sign + 1 position for decimal point) digits + 1 position for sign + 1 position for decimal point)
*/ */
#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_PRECISION + 2) #define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2)
/* /*
maximum size of packet length maximum size of packet length
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment