diff options
| author | unknown <holyfoot/hf@mysql.com/hfmain.(none)> | 2007-05-20 21:22:57 +0500 |
|---|---|---|
| committer | unknown <holyfoot/hf@mysql.com/hfmain.(none)> | 2007-05-20 21:22:57 +0500 |
| commit | 59a7e066e3a86bb4371ce5027b4ad6b79ac91ce2 (patch) | |
| tree | 02abebc14d64d25a68e4845a50e8f39f7ca0adb0 /sql/my_decimal.h | |
| parent | 8b33c41554b1f9ac173a047f55fa0c522f28af35 (diff) | |
| download | mariadb-git-59a7e066e3a86bb4371ce5027b4ad6b79ac91ce2.tar.gz | |
bug #28361 Buffer overflow in DECIMAL code on Windows
my_decimal in some cases can contain more decimal digits than
is officially supported (DECIMAL_MAX_PRECISION), so we need to
prepare bigger buffer for the resulting string.
mysql-test/r/type_newdecimal.result:
bug #28361 Buffer overflow in DECIMAL code on Windows
test result
mysql-test/t/type_newdecimal.test:
bug #28361 Buffer overflow in DECIMAL code on Windows
test case
This test case doesn't fall in most cases even without the fix
Still valgrind shows the problemn
sql/my_decimal.h:
bug #28361 Buffer overflow in DECIMAL code on Windows
DECIMAL_MAX_POSSIBLE_PRECISION introduced to be used in places,
when we need to check for the number of digits technicaly possible
in my_decimal.
DECIMAL_MAX_STR_LENGTH fixed as it has to fit for the MAX_POSSIBLE_PRECISION
Diffstat (limited to 'sql/my_decimal.h')
| -rw-r--r-- | sql/my_decimal.h | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sql/my_decimal.h b/sql/my_decimal.h index 9558b00f0cf..0affa07557e 100644 --- a/sql/my_decimal.h +++ b/sql/my_decimal.h @@ -36,13 +36,17 @@ C_MODE_END /* maximum length of buffer in our big digits (uint32) */ #define DECIMAL_BUFF_LENGTH 9 + +/* the number of digits that my_decimal can possibly contain */ +#define DECIMAL_MAX_POSSIBLE_PRECISION (DECIMAL_BUFF_LENGTH * 9) + /* maximum guaranteed precision of number in decimal digits (number of our digits * number of decimal digits in one our big digit - number of decimal - digits in one our big digit decreased on 1 (because we always put decimal + digits in one our big digit decreased by 1 (because we always put decimal point on the border of our big digits)) */ -#define DECIMAL_MAX_PRECISION ((DECIMAL_BUFF_LENGTH * 9) - 8*2) +#define DECIMAL_MAX_PRECISION (DECIMAL_MAX_POSSIBLE_PRECISION - 8*2) #define DECIMAL_MAX_SCALE 30 #define DECIMAL_NOT_SPECIFIED 31 @@ -50,7 +54,7 @@ C_MODE_END maximum length of string representation (number of maximum decimal digits + 1 position for sign + 1 position for decimal point) */ -#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_PRECISION + 2) +#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2) /* maximum size of packet length */ |