3222 Tor Didriksen 2010-10-08
Bug#57209 valgrind + Assertion failed: dst > buf
Buffer overrun when trying to format DBL_MAX
@ mysql-test/r/func_math.result
Add test case for Bug#57209
@ mysql-test/t/func_math.test
Add test case for Bug#57209
@ sql/item_strfunc.cc
Allocate a larger buffer for the result.
modified:
mysql-test/r/func_math.result
mysql-test/t/func_math.test
sql/item_strfunc.cc
3221 Sergey Vojtovich 2010-10-08
Fixed plugin_load_option failure, when example storage
engine is not available. We need to add loose prefix
to example load option.
@ mysql-test/t/plugin_load_option-master.opt
Fixed plugin_load_option failure, when example storage
engine is not available. We need to add loose prefix
to example load option.
modified:
mysql-test/t/plugin_load_option-master.opt
=== modified file 'mysql-test/r/func_math.result'
--- a/mysql-test/r/func_math.result 2010-04-11 06:52:42 +0000
+++ b/mysql-test/r/func_math.result 2010-10-08 09:52:09 +0000
@@ -600,3 +600,10 @@ NULL
SELECT -9223372036854775808 MOD -1;
-9223372036854775808 MOD -1
0
+#
+# Bug #57209 valgrind + Assertion failed: dst > buf
+#
+SELECT floor(log10(format(concat_ws(5445796E25, 5306463, 30837), -358821)))
+as foo;
+foo
+2
=== modified file 'mysql-test/t/func_math.test'
--- a/mysql-test/t/func_math.test 2010-03-18 10:38:29 +0000
+++ b/mysql-test/t/func_math.test 2010-10-08 09:52:09 +0000
@@ -458,3 +458,9 @@ SELECT 2 DIV -2;
SELECT -(1 DIV 0);
# Crashed the server with SIGFPE before the bugfix
SELECT -9223372036854775808 MOD -1;
+
+--echo #
+--echo # Bug #57209 valgrind + Assertion failed: dst > buf
+--echo #
+SELECT floor(log10(format(concat_ws(5445796E25, 5306463, 30837), -358821)))
+as foo;
=== modified file 'sql/item_strfunc.cc'
--- a/sql/item_strfunc.cc 2010-08-20 11:14:11 +0000
+++ b/sql/item_strfunc.cc 2010-10-08 09:52:09 +0000
@@ -2299,7 +2299,8 @@ String *Item_func_format::val_str_ascii(
if (lc->grouping[0] > 0 &&
str_length >= dec_length + 1 + lc->grouping[0])
{
- char buf[DECIMAL_MAX_STR_LENGTH * 2]; /* 2 - in the worst case when grouping=1 */
+ /* We need space for ',' between each group of digits as well. */
+ char buf[2 * FLOATING_POINT_BUFFER];
int count;
const char *grouping= lc->grouping;
char sign_length= *str->ptr() == '-' ? 1 : 0;
@@ -2323,7 +2324,7 @@ String *Item_func_format::val_str_ascii(
count will be initialized to -1 and
we'll never get into this "if" anymore.
*/
- if (!count)
+ if (count == 0)
{
*--dst= lc->thousand_sep;
if (grouping[1])
Attachment: [text/bzr-bundle] bzr/tor.didriksen@oracle.com-20101008095209-leoru3qeg7s3k42c.bundle
| Thread |
|---|
| • bzr push into mysql-5.5-bugteam branch (tor.didriksen:3221 to 3222) Bug#57209 | Tor Didriksen | 8 Oct |
