From: Date: February 27 2006 3:02pm
Subject: bk commit into 5.0 tree (gluh:1.2085) BUG#17602
List-Archive: http://lists.mysql.com/commits/3189
X-Bug: 17602
Message-Id: <20060227140227.658FF303AF@eagle.intranet.mysql.r18.ru>

Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2085 06/02/27 18:02:16 gluh@stripped +1 -0
  Fix for bug#17602 Server crash on AVG/SUM over DECIMAL column
    The table may be corrupted and decimal columns may have invalid values in this case.
    To prevent crash we need to check that decimal column has allowable value.
    In case of invalid value generate warning and set the value to 0.

  strings/decimal.c
    1.67 06/02/27 18:00:55 gluh@stripped +13 -0
    Fix for bug#17602 Server crash on AVG/SUM over DECIMAL column
      The table may be corrupted and decimal columns may have invalid values in this case.
      To prevent crash we need to check that decimal column has allowable value.
      In case of invalid value generate warning and set the value to 0.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.intranet.mysql.r18.ru
# Root:	/home/gluh/MySQL/Bugs/5.0.17602

--- 1.66/strings/decimal.c	Fri Dec 23 23:50:09 2005
+++ 1.67/strings/decimal.c	Mon Feb 27 18:00:55 2006
@@ -1347,6 +1347,8 @@ int bin2decimal(char *from, decimal_t *t
     }
     from+=i;
     *buf=x ^ mask;
+    if (*buf < 0 || *buf >=  powers10[intg0x+1])
+      goto err;
     if (buf > to->buf || *buf != 0)
       buf++;
     else
@@ -1356,6 +1358,8 @@ int bin2decimal(char *from, decimal_t *t
   {
     DBUG_ASSERT(sizeof(dec1) == 4);
     *buf=mi_sint4korr(from) ^ mask;
+    if (*buf < 0 || *buf > DIG_MAX)
+      goto err;
     if (buf > to->buf || *buf != 0)
       buf++;
     else
@@ -1366,6 +1370,8 @@ int bin2decimal(char *from, decimal_t *t
   {
     DBUG_ASSERT(sizeof(dec1) == 4);
     *buf=mi_sint4korr(from) ^ mask;
+    if (*buf < 0 || *buf > DIG_MAX)
+      goto err;
     buf++;
   }
   if (frac0x)
@@ -1381,10 +1387,17 @@ int bin2decimal(char *from, decimal_t *t
       default: DBUG_ASSERT(0);
     }
     *buf=(x ^ mask) * powers10[DIG_PER_DEC1 - frac0x];
+    if (*buf < 0 || *buf > DIG_MAX)
+      goto err;
     buf++;
   }
   my_afree(d_copy);
   return error;
+
+err:
+  my_afree(d_copy);
+  decimal_make_zero(((decimal_t*) to));
+  return(E_DEC_BAD_NUM);
 }
 
 /*