diff options
| author | Tatiana A. Nurnberg <azundris@mysql.com> | 2010-11-11 09:46:49 +0000 |
|---|---|---|
| committer | Tatiana A. Nurnberg <azundris@mysql.com> | 2010-11-11 09:46:49 +0000 |
| commit | ccbc24b45a79b6407487550fa19b40752d22fa7f (patch) | |
| tree | 37756177474cec058aad2e54b7fe51395c380c84 /sql/my_decimal.h | |
| parent | 58dfba2899474553592479be24ef73947775eeaf (diff) | |
| download | mariadb-git-ccbc24b45a79b6407487550fa19b40752d22fa7f.tar.gz | |
Bug#55436: buffer overflow in debug binary of dbug_buff in Field_new_decimal::store_value
There were some misunderstandings about parameters pertaining to buffer-size.
Patches fixes the reported off by one and
clarifies the documentation.
mysql-test/r/type_newdecimal.result:
add test
mysql-test/t/type_newdecimal.test:
add test
sql/field.cc:
adjust buffer size by one to account for terminator.
sql/my_decimal.cc:
adjust buffer size by one to account for terminator.
clarify needs in comments.
sql/my_decimal.h:
clarify buffer-size needs to prevent future off-by-one bugs.
strings/decimal.c:
clarify buffer-size needs and parameters to prevent future off-by-one bugs
Diffstat (limited to 'sql/my_decimal.h')
| -rw-r--r-- | sql/my_decimal.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sql/my_decimal.h b/sql/my_decimal.h index 21669e82c44..2c13142bb60 100644 --- a/sql/my_decimal.h +++ b/sql/my_decimal.h @@ -55,7 +55,7 @@ C_MODE_END /** maximum length of string representation (number of maximum decimal - digits + 1 position for sign + 1 position for decimal point) + digits + 1 position for sign + 1 position for decimal point, no terminator) */ #define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2) @@ -212,6 +212,7 @@ inline uint32 my_decimal_precision_to_length(uint precision, uint8 scale, inline int my_decimal_string_length(const my_decimal *d) { + /* length of string representation including terminating '\0' */ return decimal_string_size(d); } |