#At file:///Users/tnurnberg/forest/11762799/55-11762799/ based on revid:dao-gang.qu@stripped
3229 Tatiana Azundris Nurnberg 2011-05-05 [merge]
manual merge fix for Bug#55436/Bug#11762799
modified:
mysql-test/r/type_newdecimal.result
mysql-test/t/type_newdecimal.test
sql/field.cc
sql/my_decimal.cc
sql/my_decimal.h
strings/decimal.c
=== modified file 'mysql-test/r/type_newdecimal.result'
--- a/mysql-test/r/type_newdecimal.result 2010-09-23 12:38:24 +0000
+++ b/mysql-test/r/type_newdecimal.result 2011-05-05 06:40:33 +0000
@@ -1909,6 +1909,19 @@ mult v_net_with_discount v_total
1.0000 27.18 27.180000
DROP TABLE currencies, payments, sub_tasks;
#
+# Bug#55436: buffer overflow in debug binary of dbug_buff in
+# Field_new_decimal::store_value
+#
+SET SQL_MODE='';
+CREATE TABLE t1(f1 DECIMAL(44,24)) ENGINE=MYISAM;
+INSERT INTO t1 SET f1 = -64878E-85;
+Warnings:
+Note 1265 Data truncated for column 'f1' at row 1
+SELECT f1 FROM t1;
+f1
+0.000000000000000000000000
+DROP TABLE IF EXISTS t1;
+#
# BUG#52171: distinct aggregates on unsigned decimal fields trigger assertions
#
CREATE TABLE t1 (a DECIMAL(4,4) UNSIGNED);
=== modified file 'mysql-test/t/type_newdecimal.test'
--- a/mysql-test/t/type_newdecimal.test 2010-09-23 12:38:24 +0000
+++ b/mysql-test/t/type_newdecimal.test 2011-05-05 06:40:33 +0000
@@ -1510,6 +1510,19 @@ group by PAY.id + 1;
DROP TABLE currencies, payments, sub_tasks;
--echo #
+--echo # Bug#55436: buffer overflow in debug binary of dbug_buff in
+--echo # Field_new_decimal::store_value
+--echo #
+
+# this threw memory warnings on Windows. Also make sure future changes
+# don't change these results, as per usual.
+SET SQL_MODE='';
+CREATE TABLE t1(f1 DECIMAL(44,24)) ENGINE=MYISAM;
+INSERT INTO t1 SET f1 = -64878E-85;
+SELECT f1 FROM t1;
+DROP TABLE IF EXISTS t1;
+
+--echo #
--echo # BUG#52171: distinct aggregates on unsigned decimal fields trigger assertions
--echo #
=== modified file 'sql/field.cc'
--- a/sql/field.cc 2010-12-29 00:26:31 +0000
+++ b/sql/field.cc 2011-05-05 06:40:33 +0000
@@ -2608,7 +2608,7 @@ bool Field_new_decimal::store_value(cons
DBUG_ENTER("Field_new_decimal::store_value");
#ifndef DBUG_OFF
{
- char dbug_buff[DECIMAL_MAX_STR_LENGTH+1];
+ char dbug_buff[DECIMAL_MAX_STR_LENGTH+2];
DBUG_PRINT("enter", ("value: %s", dbug_decimal_as_string(dbug_buff, decimal_value)));
}
#endif
@@ -2623,7 +2623,7 @@ bool Field_new_decimal::store_value(cons
}
#ifndef DBUG_OFF
{
- char dbug_buff[DECIMAL_MAX_STR_LENGTH+1];
+ char dbug_buff[DECIMAL_MAX_STR_LENGTH+2];
DBUG_PRINT("info", ("saving with precision %d scale: %d value %s",
(int)precision, (int)dec,
dbug_decimal_as_string(dbug_buff, decimal_value)));
@@ -2692,7 +2692,7 @@ int Field_new_decimal::store(const char
}
#ifndef DBUG_OFF
- char dbug_buff[DECIMAL_MAX_STR_LENGTH+1];
+ char dbug_buff[DECIMAL_MAX_STR_LENGTH+2];
DBUG_PRINT("enter", ("value: %s",
dbug_decimal_as_string(dbug_buff, &decimal_value)));
#endif
=== modified file 'sql/my_decimal.cc'
--- a/sql/my_decimal.cc 2010-12-21 12:00:26 +0000
+++ b/sql/my_decimal.cc 2011-05-05 06:40:33 +0000
@@ -99,10 +99,11 @@ int my_decimal2string(uint mask, const m
UNSIGNED. Hence the buffer for a ZEROFILLed value is the length
the user requested, plus one for a possible decimal point, plus
one if the user only wanted decimal places, but we force a leading
- zero on them. Because the type is implicitly UNSIGNED, we do not
- need to reserve a character for the sign. For all other cases,
- fixed_prec will be 0, and my_decimal_string_length() will be called
- instead to calculate the required size of the buffer.
+ zero on them, plus one for the '\0' terminator. Because the type
+ is implicitly UNSIGNED, we do not need to reserve a character for
+ the sign. For all other cases, fixed_prec will be 0, and
+ my_decimal_string_length() will be called instead to calculate the
+ required size of the buffer.
*/
int length= (fixed_prec
? (fixed_prec + ((fixed_prec == fixed_dec) ? 1 : 0) + 1)
@@ -332,7 +333,7 @@ print_decimal_buff(const my_decimal *dec
const char *dbug_decimal_as_string(char *buff, const my_decimal *val)
{
- int length= DECIMAL_MAX_STR_LENGTH;
+ int length= DECIMAL_MAX_STR_LENGTH + 1; /* minimum size for buff */
if (!val)
return "NULL";
(void)decimal2string((decimal_t*) val, buff, &length, 0,0,0);
=== modified file 'sql/my_decimal.h'
--- a/sql/my_decimal.h 2010-10-19 22:51:34 +0000
+++ b/sql/my_decimal.h 2011-05-05 06:40:33 +0000
@@ -62,7 +62,7 @@ typedef struct st_mysql_time MYSQL_TIME;
/**
maximum length of string representation (number of maximum decimal
- digits + 1 position for sign + 1 position for decimal point)
+ digits + 1 position for sign + 1 position for decimal point, no terminator)
*/
#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2)
@@ -225,6 +225,7 @@ inline uint32 my_decimal_precision_to_le
inline
int my_decimal_string_length(const my_decimal *d)
{
+ /* length of string representation including terminating '\0' */
return decimal_string_size(d);
}
=== modified file 'strings/decimal.c'
--- a/strings/decimal.c 2010-07-20 19:30:10 +0000
+++ b/strings/decimal.c 2011-05-05 06:40:33 +0000
@@ -314,8 +314,8 @@ int decimal_actual_fraction(decimal_t *f
from - value to convert
to - points to buffer where string representation
should be stored
- *to_len - in: size of to buffer
- out: length of the actually written string
+ *to_len - in: size of to buffer (incl. terminating '\0')
+ out: length of the actually written string (excl. '\0')
fixed_precision - 0 if representation can be variable length and
fixed_decimals will not be checked in this case.
Put number as with fixed point position with this
@@ -332,6 +332,7 @@ int decimal2string(decimal_t *from, char
int fixed_precision, int fixed_decimals,
char filler)
{
+ /* {intg_len, frac_len} output widths; {intg, frac} places in input */
int len, intg, frac= from->frac, i, intg_len, frac_len, fill;
/* number digits before decimal point */
int fixed_intg= (fixed_precision ?
No bundle (reason: revision is a merge (you can force generation of a bundle with env var BZR_FORCE_BUNDLE=1)).
| Thread |
|---|
| • bzr commit into mysql-5.5-bugteam branch (azundris:3229) Bug#55436Bug#11762799 | Tatiana Azundris Nurnberg | 5 May |
