diff options
| author | cmiller@zippy.cornsilk.net <> | 2008-04-01 12:19:20 -0400 |
|---|---|---|
| committer | cmiller@zippy.cornsilk.net <> | 2008-04-01 12:19:20 -0400 |
| commit | 15b1a5ff548a55fc63140c1998fc4345a41ebe2e (patch) | |
| tree | 5183d59a343bde1ac1ada477245436ea92e30b26 /sql/item_create.cc | |
| parent | e39ceb99fc3197e9eb7970ba766fc700a5dd4feb (diff) | |
| download | mariadb-git-15b1a5ff548a55fc63140c1998fc4345a41ebe2e.tar.gz | |
Bug#15776: 32-bit signed int used for length of blob
Based on contributed patch from Martin Friebe, CLA from 2007-02-24.
The parser lacked support for field sizes after signed long,
when it should extend to 2**32-1.
Now, we correct that limitation, and also make the error handling
consistent for casts.
---
Fix minor complaints of Marc Alff, for patch against B-g#15776.
---
Merge zippy.cornsilk.net:/home/cmiller/work/mysql/bug15776/my50-bug15776
into zippy.cornsilk.net:/home/cmiller/work/mysql/bug15776/my51-bug15776
---
Merge zippy.cornsilk.net:/home/cmiller/work/mysql/bug15776/my51-bug15776
into zippy.cornsilk.net:/home/cmiller/work/mysql/mysql-5.1-build
---
testing
Diffstat (limited to 'sql/item_create.cc')
| -rw-r--r-- | sql/item_create.cc | 54 |
1 files changed, 51 insertions, 3 deletions
diff --git a/sql/item_create.cc b/sql/item_create.cc index 49cc33b95a7..427857c58ad 100644 --- a/sql/item_create.cc +++ b/sql/item_create.cc @@ -5057,8 +5057,41 @@ create_func_cast(THD *thd, Item *a, Cast_target cast_type, break; case ITEM_CAST_DECIMAL: { - len= c_len ? atoi(c_len) : 0; - dec= c_dec ? atoi(c_dec) : 0; + if (c_len == NULL) + { + len= 0; + } + else + { + ulong decoded_size; + errno= 0; + decoded_size= strtoul(c_len, NULL, 10); + if (errno != 0) + { + my_error(ER_TOO_BIG_PRECISION, MYF(0), c_len, a->name, + DECIMAL_MAX_PRECISION); + return NULL; + } + len= decoded_size; + } + + if (c_dec == NULL) + { + dec= 0; + } + else + { + ulong decoded_size; + errno= 0; + decoded_size= strtoul(c_dec, NULL, 10); + if ((errno != 0) || (decoded_size > UINT_MAX)) + { + my_error(ER_TOO_BIG_SCALE, MYF(0), c_dec, a->name, + DECIMAL_MAX_SCALE); + return NULL; + } + dec= decoded_size; + } my_decimal_trim(&len, &dec); if (len < dec) { @@ -5083,7 +5116,22 @@ create_func_cast(THD *thd, Item *a, Cast_target cast_type, case ITEM_CAST_CHAR: { CHARSET_INFO *real_cs= (cs ? cs : thd->variables.collation_connection); - len= c_len ? atoi(c_len) : -1; + if (c_len == NULL) + { + len= LL(-1); + } + else + { + ulong decoded_size; + errno= 0; + decoded_size= strtoul(c_len, NULL, 10); + if (errno != 0) + { + my_error(ER_TOO_BIG_DISPLAYWIDTH, MYF(0), "cast as char", MAX_FIELD_BLOBLENGTH); + return NULL; + } + len= decoded_size; + } res= new (thd->mem_root) Item_char_typecast(a, len, real_cs); break; } |