List:Commits« Previous MessageNext Message »
From:gluh Date:February 28 2006 10:36am
Subject:bk commit into 5.0 tree (gluh:1.2088) BUG#17602
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2088 06/02/28 13:36:41 gluh@stripped +1 -0
  Fix for bug#17602 Server crash on AVG/SUM over DECIMAL column(2nd ver)
  The table may be corrupted and decimal columns may have invalid values in this case.
  To prevent crash we need to check that decimal column has allowable value.
  In case of invalid value generate warning and set the value to 0.

  strings/decimal.c
    1.67 06/02/28 13:36:35 gluh@stripped +13 -0
    Fix for bug#17602 Server crash on AVG/SUM over DECIMAL column(2nd ver)
    The table may be corrupted and decimal columns may have invalid values in this case.
    To prevent crash we need to check that decimal column has allowable value.
    In case of invalid value generate warning and set the value to 0.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.intranet.mysql.r18.ru
# Root:	/home/gluh/MySQL/Bugs/5.0.17602

--- 1.66/strings/decimal.c	Fri Dec 23 23:50:09 2005
+++ 1.67/strings/decimal.c	Tue Feb 28 13:36:35 2006
@@ -1347,6 +1347,8 @@ int bin2decimal(char *from, decimal_t *t
     }
     from+=i;
     *buf=x ^ mask;
+    if (((uint32)*buf) >=  powers10[intg0x+1])
+      goto err;
     if (buf > to->buf || *buf != 0)
       buf++;
     else
@@ -1356,6 +1358,8 @@ int bin2decimal(char *from, decimal_t *t
   {
     DBUG_ASSERT(sizeof(dec1) == 4);
     *buf=mi_sint4korr(from) ^ mask;
+    if (((uint32)*buf) > DIG_MAX)
+      goto err;
     if (buf > to->buf || *buf != 0)
       buf++;
     else
@@ -1366,6 +1370,8 @@ int bin2decimal(char *from, decimal_t *t
   {
     DBUG_ASSERT(sizeof(dec1) == 4);
     *buf=mi_sint4korr(from) ^ mask;
+    if (((uint32)*buf) > DIG_MAX)
+      goto err;
     buf++;
   }
   if (frac0x)
@@ -1381,10 +1387,17 @@ int bin2decimal(char *from, decimal_t *t
       default: DBUG_ASSERT(0);
     }
     *buf=(x ^ mask) * powers10[DIG_PER_DEC1 - frac0x];
+    if (((uint32)*buf) > DIG_MAX)
+      goto err;
     buf++;
   }
   my_afree(d_copy);
   return error;
+
+err:
+  my_afree(d_copy);
+  decimal_make_zero(((decimal_t*) to));
+  return(E_DEC_BAD_NUM);
 }
 
 /*
Thread
bk commit into 5.0 tree (gluh:1.2088) BUG#17602gluh28 Feb