bug #28361 Buffer overflow in DECIMAL code on Windows

my_decimal in some cases can contain more decimal digits than
is officially supported (DECIMAL_MAX_PRECISION), so we need to
prepare bigger buffer for the resulting string.

1 files changed, 7 insertions, 3 deletions

diff --git a/sql/my_decimal.h b/sql/my_decimal.h
index 9558b00f0cf..0affa07557e 100644
--- a/sql/my_decimal.h
+++ b/sql/my_decimal.h
@@ -36,13 +36,17 @@ C_MODE_END
 
 /* maximum length of buffer in our big digits (uint32) */
 #define DECIMAL_BUFF_LENGTH 9
+
+/* the number of digits that my_decimal can possibly contain */
+#define DECIMAL_MAX_POSSIBLE_PRECISION (DECIMAL_BUFF_LENGTH * 9)
+
 /*
   maximum guaranteed precision of number in decimal digits (number of our
   digits * number of decimal digits in one our big digit - number of decimal
-  digits in one our big digit decreased on 1 (because we always put decimal
+  digits in one our big digit decreased by 1 (because we always put decimal
   point on the border of our big digits))
 */
-#define DECIMAL_MAX_PRECISION ((DECIMAL_BUFF_LENGTH * 9) - 8*2)
+#define DECIMAL_MAX_PRECISION (DECIMAL_MAX_POSSIBLE_PRECISION - 8*2)
 #define DECIMAL_MAX_SCALE 30
 #define DECIMAL_NOT_SPECIFIED 31
 
@@ -50,7 +54,7 @@ C_MODE_END
   maximum length of string representation (number of maximum decimal
   digits + 1 position for sign + 1 position for decimal point)
 */
-#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_PRECISION + 2)
+#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2)
 /*
   maximum size of packet length
 */