thank you for working on this.
As discussed on IRC, that function actually has another bug --
the function returns (number_of_decimals + 1) instead
The thing is that the function is not really used to return number
of decimals (lol!), that's why this bug is not visible.
Although it seems pretty safe to fix also that new bug,
it's proposed to leave it as it is because of 5.5 nature.
However, could you please
1) Report a new bug about that issue
2) Put a comment in the code about that flaw
Wrt Bug#58175 itself, I think the patch is Ok and can be pushed.
On 18.11.2010 18:38, Alexander Barkov wrote:
> #At file:///home/bar/mysql-bzr/mysql-5.5-bugteam.b58175/ based on
> 3135 Alexander Barkov 2010-11-18
> Bug#58175 xml functions read initialized bytes when conversions happen
> nr_of_decimals could read behind the end of the buffer
> in case of a non-null-terminated string, which caused
> valgring warnings.
> fixing nr_of_decimals not to read behind the "end" pointer.