From: Alexander Nozdrin
Date: November 19 2010 11:50am
Subject: Re: bzr commit into mysql-5.5-bugteam branch (bar:3135) Bug#58175
List-Archive: http://lists.mysql.com/commits/124427
Message-Id: <4CE6646A.9000500@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi Alexander,

thank you for working on this.

As discussed on IRC, that function actually has another bug --
the function returns (number_of_decimals + 1) instead
of number_of_decimals.

The thing is that the function is not really used to return number
of decimals (lol!), that's why this bug is not visible.

Although it seems pretty safe to fix also that new bug,
it's proposed to leave it as it is because of 5.5 nature.

However, could you please
   1) Report a new bug about that issue
   2) Put a comment in the code about that flaw

Wrt Bug#58175 itself, I think the patch is Ok and can be pushed.

Thanks!

On 18.11.2010 18:38, Alexander Barkov wrote:
> #At file:///home/bar/mysql-bzr/mysql-5.5-bugteam.b58175/ based on revid:bar@stripped
>
>   3135 Alexander Barkov	2010-11-18
>        Bug#58175 xml functions read initialized bytes when conversions happen
>
>        Problem:
>
>        nr_of_decimals could read behind the end of the buffer
>        in case of a non-null-terminated string, which caused
>        valgring warnings.
>
>        Fix:
>
>        fixing nr_of_decimals not to read behind the "end" pointer.
>
>      modified:
>        mysql-test/r/xml.result
>        mysql-test/t/xml.test
>        sql/item.cc