From: Tor Didriksen Date: October 7 2010 8:14am Subject: bzr commit into mysql-5.5-bugteam branch (tor.didriksen:3096) Bug#57209 List-Archive: http://lists.mysql.com/commits/120193 X-Bug: 57209 Message-Id: <20101007081435.5C1EA379F@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9116361342659088038==" --===============9116361342659088038== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bugteam-bug57209/ based on revid:alexander.nozdrin@stripped 3096 Tor Didriksen 2010-10-07 Bug#57209 valgrind + Assertion failed: dst > buf Buffer overrun when trying to format DBL_MAX @ mysql-test/r/func_math.result Add test case for Bug#57209 @ mysql-test/t/func_math.test Add test case for Bug#57209 @ sql/item_strfunc.cc Allocate a larger buffer for the result. modified: mysql-test/r/func_math.result mysql-test/t/func_math.test sql/item_strfunc.cc === modified file 'mysql-test/r/func_math.result' --- a/mysql-test/r/func_math.result 2010-04-11 06:52:42 +0000 +++ b/mysql-test/r/func_math.result 2010-10-07 08:14:27 +0000 @@ -600,3 +600,14 @@ NULL SELECT -9223372036854775808 MOD -1; -9223372036854775808 MOD -1 0 +# +# Bug #57209 valgrind + Assertion failed: dst > buf +# +select floor(log10(format(concat_ws(5445796E25, 5306463, 30837), +period_diff(0.2286, 2989582)) +) +) +as foo +; +foo +2 === modified file 'mysql-test/t/func_math.test' --- a/mysql-test/t/func_math.test 2010-03-18 10:38:29 +0000 +++ b/mysql-test/t/func_math.test 2010-10-07 08:14:27 +0000 @@ -458,3 +458,13 @@ SELECT 2 DIV -2; SELECT -(1 DIV 0); # Crashed the server with SIGFPE before the bugfix SELECT -9223372036854775808 MOD -1; + +--echo # +--echo # Bug #57209 valgrind + Assertion failed: dst > buf +--echo # +select floor(log10(format(concat_ws(5445796E25, 5306463, 30837), + period_diff(0.2286, 2989582)) + ) + ) + as foo +; === modified file 'sql/item_strfunc.cc' --- a/sql/item_strfunc.cc 2010-08-20 11:14:11 +0000 +++ b/sql/item_strfunc.cc 2010-10-07 08:14:27 +0000 @@ -2299,7 +2299,8 @@ String *Item_func_format::val_str_ascii( if (lc->grouping[0] > 0 && str_length >= dec_length + 1 + lc->grouping[0]) { - char buf[DECIMAL_MAX_STR_LENGTH * 2]; /* 2 - in the worst case when grouping=1 */ + /* We need space for ',' between each triplet of digits as well. */ + char buf[FLOATING_POINT_BUFFER + FLOATING_POINT_BUFFER/3]; int count; const char *grouping= lc->grouping; char sign_length= *str->ptr() == '-' ? 1 : 0; --===============9116361342659088038== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # 5z5v3lw8tkq297k9 # target_branch: file:///export/home/didrik/repo/5.5-bugteam-bug57209/ # testament_sha1: 802f68eddbc446335ab0a588beb445bfb4239f8e # timestamp: 2010-10-07 10:14:34 +0200 # base_revision_id: alexander.nozdrin@stripped\ # ls60rb2tq5dpyb5c # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWfT3whEAA3b/gEAwgQBY//// d6fWyr////BgB0uz752elFFW+73jZ6yfWRVyxDJFTzTUnpBmkae0ynqamh5QAAGgNNAAJKBJip7M hqDSmT9KaGgAek2UG1AABoNTUTEBpoAAAaA0AA0MQ0wTAyaKmFNDTJp6EehBoZNMgAAAGgA2pE0m TRkMieU2hTyaZE3ojRAAAAAJJCNDRGTEmEbTVT9ExNpTT0I0DTQAHkkg7EvUP7VbD8YkQZvPLLKH 4mvwhyQ1MKxgWvSgglAjQwTMYwS35y2bZVUUvdLmhJ8SSNIwFAUlxPvmw0rpyXvNcsGZgw9fIDNE 7hlitw4oo1AHkQQTpTznCaBXC0XZXr/FmQsEwdvGcBp0BMFGXPV+uzOLGzBZWgEhQFcM89Zuqpsg ly26IiMYTnVTR5CVIQclQQJeQIK1OLzQSIYnj3+LS7m0ngc6UTncYm066Vv2q4X9AG+KwoVlEIuR zIk0ta8oNK1ONj51zzkr85inxinUJ0EoKZMYULf23c5CeVqBpr8xmu576B43JWIpKkQEA9CQYgsC XKKQKvAxM0WhQHkMNVce4ipbKUCdwjurEOgTVocmpGYJKhUjx0W/6ZdL7QxnHJ43f2jQAPgwB4ss I7jHHwlquJVUlFNJAUmz21ybVerFOzXEYihxcIovd+rq1EWNZgSpYVX7sYZYrlffe1i1KzE2vQPM izsv6KzFPlYQ0igwA9wvZPPS431loGBWsjZs34/eSNu86sREom7SBpxo/0REneclAriuk/fItJAm UZKKnsv2qyvQ60enqbWDCwwIhnCoahOGTqC83FdErc+ctEjknlFxL0UwjO7iqHrCk0LjWG9oDNWd DzUwhrNdxBiFRsoNkIkbU3uakblsLAaoa81KHavNWZ6M+poHBbOFqnwo6h48lA7jUV6qhbXrCePB GWscTgjYx22JiT2KBipOO1TX1iMxFdeJtK9uK96rF1E2wYsFRMTNQOPVcc30jzovH2MiVpWa7jWV yfVQGosEQqVoiaLc2Fy9eeBGY1XldhjcURJjAHUD3otYo4GokXEw8y1wLruzERetCZRETJiHXjZT GlzailOHyqgNvdhLA6xDeZZUnKhq9CcrIT+ueJZjPUQW62otVIiIxvjdGE08IvLY2HjioTzotOxW 5DxrrCCskyiDwcEG5mIgm1GQERIpgUmlxfrEU3rIz2YMdEHKWu5DKePLICb4dDmEyRk5oIxGIvkQ 4SEAiQFIJNgfxEhAIQmERknQAeZ6Dy08yotoK4c+/QS9DqL1kmW5hfSIf7fg4WSGJ+mOAs6YcuJ5 SXF4D8vKdtqC89knIynbGLpPC9UYU71dujagu0c7JmpDEwRBM3dCy0GLyK4cOg9XFZFplUYGbpOW w3k8uCvUs0ENOpawI8zFkiaNvLzXkl3RoeukRpqIjj2UHFGrPSbL5OfVz/C9PcwSrQGnH8jJRJ7a k8wH/gnG3bpNeBbkMpIkequpGRAxn4PUgXlYuK1rJIU1guS6ktNPtMxOkcBoFGYx8OYy2L/cI4IS aG1W0LENnhdPFaonZDgRTMYnYURoyUQh1kazngXhBek34uxLhZt6xp3BKrJxT1GtHazPSKtghPZR I4JXDCrsV9LPLdJsUrONelKNCZpkW7nIcJ4dq8J5Lo0mSDsy5GtxvHkCEDeTlPJTFKjQOFqNKYIn SsbV6Lx60ysVSYjJsyeAHiNE2I+Xavk5ydpKWK1bufqOBfYGy6i2F8q5E8Zf0eNZxEY7YkmfVveY O4sCM8U5kWLFxQvd1AnyOCNIvCMxErYkVowSX3xokYGnACq+DC4YW7lJUVOLTVTaj0ZaX4ziEQRW WzzeJG/uVaFMTG1Iya1jKWUaWogOGItkcR30HRxkGIkyCcZd+CIpghn7enR1mg4qArybHIRPw6QC xrEckdIhoLALzVSUrtVUqKApfknnz1FegpGyOZNoZKIiBOsIAOWCAkxE95gJMBpKIthMF5hMVEhv pmOJB+Xm1EqwccJjjVBqQleEzJMtsxBSqhPPO2JUAq0DIejW4i0uU+gp6Eig73Q0sMBMHz65Swsy jQ72LcqDARbcDlMt7eVyW6ydUhnkM42sCedjET0hbax4l0JWNVW9LIKWNpqgKB5NWLAL3xunwTBH gynzTVpxxT9vlsCVVBqNgLCQsBg0jSCxx6BFGQ0tMkklcn3y7CsBjMxQBgGqQgdsPXrFmGAVKHgI oy0vWgZbsshjKCzhmV+aNaMcDiGJOOeJ2SqQn+53GGAy94h+ajebwZR8sSKS1ZSyIUsGqneJ1lw4 6qTRx6heZDKM4YUYGTgGr0SHZIbULW/OqTBSP7jTVlRuwxIWY2TK7rKSc3LgXGMlJt9ArRgzpk3S YSQcPjJRQVaFcUcxaErGqVf/i7kinChIenvhCIA= --===============9116361342659088038==--