MDEV-16810 AddressSanitizer: stack-buffer-overflow in int10_to_str

truncate incorrect values in convert_period_to_month() so that PERIOD_DIFF never returns a value outside of 2^23 range. And, for safety, increase buffer sizes for int10_to_str to be sufficienly big for any int10_to_str result.
author: Sergei Golubchik <serg@mariadb.org> 2018-08-11 12:11:59 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2018-08-11 12:19:46 +0200
commit: 3ff0801c7397e3ae5fc538ffca3d58891cd4f27b (patch)
tree: 89524f2af473f00e1dddc247fa37ede2fe95349c /sql/sql_time.cc
parent: ad577091edf288e549c730933c514852b471991c (diff)
download: mariadb-git-3ff0801c7397e3ae5fc538ffca3d58891cd4f27b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_time.cc b/sql/sql_time.cc
index d912a7b78d6..33bb9a460b0 100644
--- a/sql/sql_time.cc
+++ b/sql/sql_time.cc
@@ -190,7 +190,7 @@ bool get_date_from_daynr(long daynr,uint *ret_year,uint *ret_month,
 ulong convert_period_to_month(ulong period)
 {
   ulong a,b;
-  if (period == 0)
+  if (period == 0 || period > 999912)
     return 0L;
   if ((a=period/100) < YY_PART_YEAR)
     a+=2000;
author	Sergei Golubchik <serg@mariadb.org>	2018-08-11 12:11:59 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2018-08-11 12:19:46 +0200
commit	3ff0801c7397e3ae5fc538ffca3d58891cd4f27b (patch)
tree	89524f2af473f00e1dddc247fa37ede2fe95349c /sql/sql_time.cc
parent	ad577091edf288e549c730933c514852b471991c (diff)
download	mariadb-git-3ff0801c7397e3ae5fc538ffca3d58891cd4f27b.tar.gz