Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL

The buffer was simply too small. In 5.5 and trunk, the size is 311 + 31, in 5.1 and below, the size is 331 client/sql_string.cc: Increase buffer size in String::set(double, ...) include/m_string.h: Increase FLOATING_POINT_BUFFER mysql-test/r/type_float.result: New test cases. mysql-test/t/type_float.test: New test cases. sql/sql_string.cc: Increase buffer size in String::set(double, ...) sql/unireg.h: Move definition of FLOATING_POINT_BUFFER
author: Tor Didriksen <tor.didriksen@oracle.com> 2011-07-15 14:07:38 +0200
committer: Tor Didriksen <tor.didriksen@oracle.com> 2011-07-15 14:07:38 +0200
commit: cfcd49b467dc5de004310db1ff0810842ea3bb56 (patch)
tree: 5f91199b06f3efec177a65cf2102fda39e2b97c5 /include
parent: 8e90c61923c72bc316e450b512089b65a5b53504 (diff)
download: mariadb-git-cfcd49b467dc5de004310db1ff0810842ea3bb56.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/include/m_string.h b/include/m_string.h
index a03254ead11..94de334a050 100644
--- a/include/m_string.h
+++ b/include/m_string.h
@@ -216,6 +216,15 @@ extern int is_prefix(const char *, const char *);
 double my_strtod(const char *str, char **end, int *error);
 double my_atof(const char *nptr);
 
+#ifndef NOT_FIXED_DEC
+#define NOT_FIXED_DEC			31
+#endif
+
+/*
+  Max length of a floating point number.
+ */
+#define FLOATING_POINT_BUFFER (311 + NOT_FIXED_DEC)
+
 extern char *llstr(longlong value,char *buff);
 extern char *ullstr(longlong value,char *buff);
 #ifndef HAVE_STRTOUL
author	Tor Didriksen <tor.didriksen@oracle.com>	2011-07-15 14:07:38 +0200
committer	Tor Didriksen <tor.didriksen@oracle.com>	2011-07-15 14:07:38 +0200
commit	cfcd49b467dc5de004310db1ff0810842ea3bb56 (patch)
tree	5f91199b06f3efec177a65cf2102fda39e2b97c5 /include
parent	8e90c61923c72bc316e450b512089b65a5b53504 (diff)
download	mariadb-git-cfcd49b467dc5de004310db1ff0810842ea3bb56.tar.gz