From: Tor Didriksen Date: October 8 2010 8:53am Subject: bzr commit into mysql-5.5-bugteam branch (tor.didriksen:3221) Bug#57209 List-Archive: http://lists.mysql.com/commits/120349 X-Bug: 57209 Message-Id: <20101008085345.3CDE0379D@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3307062346224825824==" --===============3307062346224825824== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bugteam-bug57209/ based on revid:holyfoot@stripped 3221 Tor Didriksen 2010-10-07 Bug#57209 valgrind + Assertion failed: dst > buf Buffer overrun when trying to format DBL_MAX @ mysql-test/r/func_math.result Add test case for Bug#57209 @ mysql-test/t/func_math.test Add test case for Bug#57209 @ sql/item_strfunc.cc Allocate a larger buffer for the result. modified: mysql-test/r/func_math.result mysql-test/t/func_math.test sql/item_strfunc.cc === modified file 'mysql-test/r/func_math.result' --- a/mysql-test/r/func_math.result 2010-04-11 06:52:42 +0000 +++ b/mysql-test/r/func_math.result 2010-10-07 08:14:27 +0000 @@ -600,3 +600,14 @@ NULL SELECT -9223372036854775808 MOD -1; -9223372036854775808 MOD -1 0 +# +# Bug #57209 valgrind + Assertion failed: dst > buf +# +select floor(log10(format(concat_ws(5445796E25, 5306463, 30837), +period_diff(0.2286, 2989582)) +) +) +as foo +; +foo +2 === modified file 'mysql-test/t/func_math.test' --- a/mysql-test/t/func_math.test 2010-03-18 10:38:29 +0000 +++ b/mysql-test/t/func_math.test 2010-10-07 08:14:27 +0000 @@ -458,3 +458,13 @@ SELECT 2 DIV -2; SELECT -(1 DIV 0); # Crashed the server with SIGFPE before the bugfix SELECT -9223372036854775808 MOD -1; + +--echo # +--echo # Bug #57209 valgrind + Assertion failed: dst > buf +--echo # +select floor(log10(format(concat_ws(5445796E25, 5306463, 30837), + period_diff(0.2286, 2989582)) + ) + ) + as foo +; === modified file 'sql/item_strfunc.cc' --- a/sql/item_strfunc.cc 2010-08-20 11:14:11 +0000 +++ b/sql/item_strfunc.cc 2010-10-07 08:14:27 +0000 @@ -2299,7 +2299,8 @@ String *Item_func_format::val_str_ascii( if (lc->grouping[0] > 0 && str_length >= dec_length + 1 + lc->grouping[0]) { - char buf[DECIMAL_MAX_STR_LENGTH * 2]; /* 2 - in the worst case when grouping=1 */ + /* We need space for ',' between each triplet of digits as well. */ + char buf[FLOATING_POINT_BUFFER + FLOATING_POINT_BUFFER/3]; int count; const char *grouping= lc->grouping; char sign_length= *str->ptr() == '-' ? 1 : 0; --===============3307062346224825824== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # 7zkat6exzmkdqayi # target_branch: file:///export/home/didrik/repo/5.5-bugteam-bug57209/ # testament_sha1: a4b15623aa35513f41053cfa220f5e1b6df3afdf # timestamp: 2010-10-08 10:53:45 +0200 # base_revision_id: holyfoot@stripped # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWSVsZMQAA2B/gEAwgQBY//// d6fWyr////BgB0uz7vvPu8y+ge3t93jR93dtbLeycYSSIaFHpTyejVPNMRpBlNDGkaAyep6mmjQN BJUp+Kj9TU80ak0eo9Q9Q0AAAANAAbKBkkp+noRMTT1QbUHpHqDQ0AAAAAaBIiRpGqPJMn6TRonp B+qD1GBADQDQABtSIJk2iGIjaKeJgU0eU8oANAAABJQRpoAJhGhDQptJ/pU9QB6gZAAD1I1isx/J stmkjY79+47YW6J7cpna7FleZHvwXMSBHjaF7nSCXVMQwPYxz2NovOg2cgjOJAThQWI+cqOBdNix KKY2xnVvB+KZJHGBMGD3AdIIMGO65YrA2iWfy76vHmvUCUr9K4QmURKOUnhn/1ffWoTSj09gjTCf b4cOtUOr5rWn10Ggu0XMsVHBtSiZC47BhuJhi92cpKykfibeWzKPYyw+Q2iiU9hibzwitd6uF/CA 1gqkiuhzeRVCfZJpsVhqRTcLYFcFnqVuio0X0UDpkiRNOkUKlC38vBcSUzNrGvz3zq6Zp0JzDM8b orkVlgrBBOkZAk0lKhRAo0CyWU0mglWqjv+xM0HCRcmsqQ6GVDTqNhpVVmylCtP3wRtBQ1MMgTHt BGggDIhq6FsEbIV0hXuCuic0NBnSMZr7FlnUxOb6GsKUh0fymp9ApFfL1A+PMxPdZUsMYxknUbVT gZuQPOZX45ZVLEdTWPtE9iAc0XxyysLVzqGgYlC4GeH2kTSc1uSIwNKgKrv7lJHHCQUzLDWcfdhk whoYF0zSdXDXO9kTbQMwtiERLwwBSqYoCV5YELcAxiqVzMkzmi4wC1B+UtxUWl0hporFt4CxKAiV GTjEYkRrfc+8lpM4p5lAume1fO5wzpvKQibiwni1qT+rDp5VC+5ozMs2upU1TXE48o2EZTKVZc7k vPfGtfRHbIOMZ9BOb3VGo84smabq4Y+vRs8TMZm/U3Dxwq5cSuDZhp8FZs6egeTDc2IpNxSX2HJp S5giMFIUpEkysEo0w2YLv+HswHl2hdXXYYPLoxIGANnHORFhvIzFBaUyj04rr8d0VetBFtEQsFim sSISDZMBpbOTJpbF462598p65TqWepaOr9tUDKI1cHlaoiMJK7XQklkeTde42wUmNKKie9zxrq3s kVVLHqttgUC2LGixRNkSE0ti4UQ6ni/rRw69s6zY1gFsTaPUoLb65lAFeeJ+eRSrhWBMmO/yOt8Z IwUkPgLT+djLiBkm3PjC0uGFJaSlLyZvDwQMu4sMxVprfYuURPV6IFrQ1mlGyuolXHIuPzq/mKzH PkeIEj2Sci059a3HllsK72GqEBLBXtatR2peNCZ4yFBNVEu0RdkIh+bq7ODrH9ZQr/bOPgbYEllc 2knMd3YuJWxkQ0+5aAW9zF2I+oOmRWMwzLnBARAqGnp2SL70NsqbL4fhonuYCgIN2fuOagS1Tpxc O4ppnnzW7It5DFQig76Z0aDyRilSkJ8zY7S69ZAvM8Q439xtQqUERvKrTv4zR1r/S444mAtfL3K6 pYBtN0mLBHuNW0dVsppXsTLBSi7ssIdfaoGcZDEeokjOnTygzbbHkS55rnZIzVa/y45lFaGuyaCy DqmI38Dy5R6zd5FjVd2BKIYygXHyaJo5LIR7zrClaWnNBmY9pyODxbi0aQY4QuMBMXhAYi+UAlE5 zqjlOxcUM5gUC8DXkkRvTC6BpStG7YtznJ2EnZZS7W+9dKnZJqr1njnLcRTIT5+1XCJB2tJNtIre EQ4h4i8soSuBlpsWBdd5iPfYCdGLkoIUyFknnF60FVGPLtvkgRWQTqRXTq7n11pydnUysr52taHo WRW3rQaZhGpYBFjP0oiNZw5qgywIG0RZ2KstYUiWojQ4i1yPSwnHfOFQJkEYy2VEEwRatttHKUDx YiKnRHmVzICllKPBHEQx6wC8ujyEMnXsVFMYhO7sTj1DwKqlMNW5k2dtwxEkNcRgOUJRKJ7iBNAq fsJwkYTFpKaa5zkRvx9WgmVHGBghKqjQQNIJTiZkmGtagMVJcNXoy8vBbwTBOFS1PDm0t3dAVa2u itZMBGHlyTz04VRbLM7GuhTENVgjieulSLM3VSI1Z6q8O3xJwsWC46KkiDHclBsDfc70htoutc+C FWnElAtwXuhbLgmBDtYpe9MpTRu/PIJ4wVxkhYSpgd9i1ExbVLFh5rgyZrWta3SPUTmFgdVFQCoK 9ECxJ7GdNneLPBNCFCrwTnobOGqRqVVZyCdBvMTry2U3UaMDiDQVIkUa1ehTzxmpgNeWdRLHYrkm HdMKLDMsrxXomrg8Tsu4cb8Rk5bxedDKQ4wRQycA2TNeO28bNT8qrKKx/Mz2Wo4G+mPIdlC5SlZS blxPCYSYv7qlmGElcmTbCMlHFCFFKTIKjTqpbAoyEU+Qh06oVX/i7kinChIErYyYgA== --===============3307062346224825824==--