From: Tor Didriksen Date: October 8 2010 9:52am Subject: bzr commit into mysql-5.5-bugteam branch (tor.didriksen:3221) Bug#57209 List-Archive: http://lists.mysql.com/commits/120355 X-Bug: 57209 Message-Id: <20101008095214.66995379D@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1773345739388001594==" --===============1773345739388001594== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bugteam-bug57209/ based on revid:holyfoot@stripped 3221 Tor Didriksen 2010-10-08 Bug#57209 valgrind + Assertion failed: dst > buf Buffer overrun when trying to format DBL_MAX @ mysql-test/r/func_math.result Add test case for Bug#57209 @ mysql-test/t/func_math.test Add test case for Bug#57209 @ sql/item_strfunc.cc Allocate a larger buffer for the result. modified: mysql-test/r/func_math.result mysql-test/t/func_math.test sql/item_strfunc.cc === modified file 'mysql-test/r/func_math.result' --- a/mysql-test/r/func_math.result 2010-04-11 06:52:42 +0000 +++ b/mysql-test/r/func_math.result 2010-10-08 09:52:09 +0000 @@ -600,3 +600,10 @@ NULL SELECT -9223372036854775808 MOD -1; -9223372036854775808 MOD -1 0 +# +# Bug #57209 valgrind + Assertion failed: dst > buf +# +SELECT floor(log10(format(concat_ws(5445796E25, 5306463, 30837), -358821))) +as foo; +foo +2 === modified file 'mysql-test/t/func_math.test' --- a/mysql-test/t/func_math.test 2010-03-18 10:38:29 +0000 +++ b/mysql-test/t/func_math.test 2010-10-08 09:52:09 +0000 @@ -458,3 +458,9 @@ SELECT 2 DIV -2; SELECT -(1 DIV 0); # Crashed the server with SIGFPE before the bugfix SELECT -9223372036854775808 MOD -1; + +--echo # +--echo # Bug #57209 valgrind + Assertion failed: dst > buf +--echo # +SELECT floor(log10(format(concat_ws(5445796E25, 5306463, 30837), -358821))) +as foo; === modified file 'sql/item_strfunc.cc' --- a/sql/item_strfunc.cc 2010-08-20 11:14:11 +0000 +++ b/sql/item_strfunc.cc 2010-10-08 09:52:09 +0000 @@ -2299,7 +2299,8 @@ String *Item_func_format::val_str_ascii( if (lc->grouping[0] > 0 && str_length >= dec_length + 1 + lc->grouping[0]) { - char buf[DECIMAL_MAX_STR_LENGTH * 2]; /* 2 - in the worst case when grouping=1 */ + /* We need space for ',' between each group of digits as well. */ + char buf[2 * FLOATING_POINT_BUFFER]; int count; const char *grouping= lc->grouping; char sign_length= *str->ptr() == '-' ? 1 : 0; @@ -2323,7 +2324,7 @@ String *Item_func_format::val_str_ascii( count will be initialized to -1 and we'll never get into this "if" anymore. */ - if (!count) + if (count == 0) { *--dst= lc->thousand_sep; if (grouping[1]) --===============1773345739388001594== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # p0put8p4wdltlxi4 # target_branch: file:///export/home/didrik/repo/5.5-bugteam-bug57209/ # testament_sha1: 88be41fb7f61444fd93aaf9e040ef971f1415515 # timestamp: 2010-10-08 11:52:14 +0200 # base_revision_id: holyfoot@stripped # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWQeISXwAA1DfgFAQWP///3+n 3sq////wYAcuT765ekSmeHdXtuudMtqeXASSKbQmmjVMyaj2SeknmpqflIbU9TTQAepp6TaagEko aaaEemppk0SafpNQAGgHqAZAAaDhppkYjCaYCGATTCMExMhpkaGgEkTRU/IEUzaSP1TTQHqaAaAA 0AAAG1QQTKeRiZTU3lPTSbRJ6bSjTQAAAABJIgyAjCaBT9EbUamp5T1BpoZGmgDQ00efFuanH8mx 5ayKhx3boj6VVYJqas9HNkc6fPAIpWo53RjxyS8+BjwNaTzlsi66c8VmMKSyXtPtOltexdQ4l7lq TDMMMdn6fFH4neNs6E3kYtm2A0OTkQ7j2sG5aG+Paw6PCzSoiBltUwSL5ko5R76v7vq/WdSeEo9P YIkwn6J+tTu1VlsvVkNOhq6+paXU6kXmSXTrGG5WGLHcpWOiNiOv+YMCwm8WCQuMTpaoYKsXwAIm yC3eEru01IjtZ0uLlhQSoWx8y1POckfqngpFOoEpwWYCkrEdfPBS1wbkmojQrfGKROyZstGHG0Xo WApEBLaQ5JCYShOncT0sKVS1czN1VUZmHGuKqBKDC9JQIknuZkWVU5Z1fZ3/e4RpqRQncnOoId3Q aUAPBlbrJthxwwO+89dEDEhGhSiqbHOai2F6sPzUiiigloMdFploFAuhjExOdlRVGRy2O2rnsrs3 NQtVRcrCcqNsiDsvMyHR+6Kj/LOuFkwBrctwhl5PC9ZmA4VIpzjgb/aZF5qISm6cVFdMnCQVWp1h +tqzdmtC5MdtuqU+lV4jlTSMzRLx6mbDfzPHwVoyt3Gk2FNjzDRwUjU93UrI8irnVUd6DAkWbmC0 a5tM5MXl8tRPkZTmUSpMVmOtU89Mw2+Q8Lhr+5WnxTfHRchHYSG5dee8yWZcaxG3a+Z4+32DjfEg VbqBdZV60dsh2RL9VBSuI0rulZiOfdyq1zQUtNI8gJ/KOGg873f1rWyIXFww6NthsvqVsoyLFJUE E6RnEXZQQLmIz1k6mutHkw8HQHvRq1c5yntZWKi58qKBa0Jz3WnQmeS3z2EkSUrkVj7b7qTGwiGI jBYsIxTxPbhxyH6eJUsCcZbXMiitPVv486kNycCnnUvKYyIHldCaau1NC3qTCAo82RNPNnCIg6QT nNH5uLWBT2ZcawplQLUmhbtTlsulUaR0HfvuUiwGJMmG3fzZeiIMPGMhH3nibzjDh9sV8hZh4E3i +FBwOGDkv4b13GifjjWZMszC2iH93a4VaGU9JrLoIxMr51r/KbpJSOUi19hs2zN6EiZ8pyOLqYgg KC23i5dtWS2VYR9MUGPA26jchkwhybX0Lm28fhxOjjRxknjbXlshv+S4qmeZDj3rBBhmy4I05bDf qJRE1I4+/8A2bybsGN8CTUlEOHzoVE7JEEBhs6V1k6Nagd0nisstVgQRXE7YwRE9xPMoJXHmUlkt quSNAymzEe9UiHm8o2kvf0mixf6N4D61CxVzLOXtvXXlHog2MyOwj1MnzRFSKJrlmPwIHcT63Fap n155zv11Nuw64/HFZVvZy2/B8aUcH4uSPIPSmRuyNvCPWEOblzzCYQzUirYWceluNcJlJltrQNzm i49dujMxWVnnipJIzFThiO5MqHjg2jFR5GSwCgtXDJf8tfemVqqTE+jdxM9fQYjkmRrAXe4Hxa0b oUjDWrOx241EjAZZiXwSFdJPCUS4bFaIiG7kkzAfZweNJ+R0JKE60LGgrVV/sEdMUieHVOh4KpC2 pxjQtwtMMM+Gt0FsFgLfmMMuNw0b0kZfdkzWyK80l/UYLaWzy4IeYmXapSUlN6RTsVBUwUKWsgQ0 f1QuO6g24SpVgmJFagGBPz+vhX0Kx4tZJaI7ZWEbVxYAqapGiOAhpFcGs10EV1VHOEAi/0p58g0K rCKa9zDcW70ykSGdBAA1TRCT3NJjNMZ3YmaQImCYaSM11S+IgdW8yyWj0aVJxcvGrVmILkMwMdvS njKwuJl62iSSNyQwniqcpAzpjIW7MRGPQFOvpEep8+bJgKQttktNrqZoCL15FA5rq15U5ZN5rhG6 L1WG/NNMtGSPORSPQGjkHiGTY+DwuRCZqNAVipFgF0JtU0L0wQ9DKfomqTh2/LYFMZzYCvlTBnau gmXlgtjHKtGq7u7vw274pMZB3lZOCgV6HFuJa9NadjkZx063ollB3OLriK6KqpyiaBmyJcd844Ub czmGwnHPE7NUoT/U6yTAZOmEclPgbwZT/VqFerVwcJ0dMzhNt3jTVSWct4vMhihMpkczE0CxN58U K6Q4SGDY1Uc1Q7wl2mtExvmsO5C2TLKIqM5uXI4lJmNG7QmoVw0LUxMxHkQ0dCRpKZcSedKSRkRG Sf8XckU4UJAHiEl8 --===============1773345739388001594==--