diff options
| -rw-r--r-- | mysql-test/r/func_str.result | 35 | ||||
| -rw-r--r-- | mysql-test/t/func_str.test | 19 | ||||
| -rw-r--r-- | strings/dtoa.c | 7 |
3 files changed, 59 insertions, 2 deletions
diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result index 81fe2413725..755763e6994 100644 --- a/mysql-test/r/func_str.result +++ b/mysql-test/r/func_str.result @@ -2785,5 +2785,40 @@ format(123,2,'no_NO') 123,00 DROP TABLE t1; # +# Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY +# +SELECT (rpad(1.0,2048,1)) IS NOT FALSE; +(rpad(1.0,2048,1)) IS NOT FALSE +1 +SELECT ((+0) IN +((0b111111111111111111111111111111111111111111111111111),(rpad(1.0,2048,1)), +(32767.1))); +((+0) IN +((0b111111111111111111111111111111111111111111111111111),(rpad(1.0,2048,1)), +(32767.1))) +0 +SELECT ((rpad(1.0,2048,1)) = ('4(') ^ (0.1)); +((rpad(1.0,2048,1)) = ('4(') ^ (0.1)) +0 +Warnings: +Warning 1292 Truncated incorrect INTEGER value: '4(' +SELECT +pow((rpad(1.0,2048,1)),(b'1111111111111111111111111111111111111111111')); +ERROR 22003: DOUBLE value is out of range in 'pow(rpad(1.0,2048,1),0x07ffffffffff)' +SELECT ((rpad(1.0,2048,1)) + (0) ^ ('../')); +((rpad(1.0,2048,1)) + (0) ^ ('../')) +1.011111111111111 +Warnings: +Warning 1292 Truncated incorrect INTEGER value: '../' +SELECT stddev_samp(rpad(1.0,2048,1)); +stddev_samp(rpad(1.0,2048,1)) +NULL +SELECT ((127.1) not in ((rpad(1.0,2048,1)),(''),(-1.1))); +((127.1) not in ((rpad(1.0,2048,1)),(''),(-1.1))) +1 +SELECT ((0xf3) * (rpad(1.0,2048,1)) << (0xcc)); +((0xf3) * (rpad(1.0,2048,1)) << (0xcc)) +0 +# # End of 5.5 tests # diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test index 9a9a8110a74..2a14648d6f6 100644 --- a/mysql-test/t/func_str.test +++ b/mysql-test/t/func_str.test @@ -1437,5 +1437,24 @@ SELECT * FROM t1; DROP TABLE t1; --echo # +--echo # Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY +--echo # + +SELECT (rpad(1.0,2048,1)) IS NOT FALSE; +SELECT ((+0) IN +((0b111111111111111111111111111111111111111111111111111),(rpad(1.0,2048,1)), +(32767.1))); +SELECT ((rpad(1.0,2048,1)) = ('4(') ^ (0.1)); + +--error 1690 +SELECT +pow((rpad(1.0,2048,1)),(b'1111111111111111111111111111111111111111111')); +SELECT ((rpad(1.0,2048,1)) + (0) ^ ('../')); +SELECT stddev_samp(rpad(1.0,2048,1)); +SELECT ((127.1) not in ((rpad(1.0,2048,1)),(''),(-1.1))); +SELECT ((0xf3) * (rpad(1.0,2048,1)) << (0xcc)); + + +--echo # --echo # End of 5.5 tests --echo # diff --git a/strings/dtoa.c b/strings/dtoa.c index e4eb10bb6f8..05c9bb6e529 100644 --- a/strings/dtoa.c +++ b/strings/dtoa.c @@ -46,7 +46,7 @@ see if it is possible to get rid of malloc(). this constant is sufficient to avoid malloc() on all inputs I have tried. */ -#define DTOA_BUFF_SIZE (420 * sizeof(void *)) +#define DTOA_BUFF_SIZE (460 * sizeof(void *)) /* Magic value returned by dtoa() to indicate overflow */ #define DTOA_OVERFLOW 9999 @@ -659,6 +659,7 @@ typedef struct Stack_alloc static Bigint *Balloc(int k, Stack_alloc *alloc) { Bigint *rv; + DBUG_ASSERT(k <= Kmax); if (k <= Kmax && alloc->freelist[k]) { rv= alloc->freelist[k]; @@ -1005,7 +1006,7 @@ static Bigint p5_a[]= static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc) { - Bigint *b1, *p5, *p51; + Bigint *b1, *p5, *p51=NULL; int i; static int p05[3]= { 5, 25, 125 }; @@ -1037,6 +1038,8 @@ static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc) p5= p51; } } + if (p51) + Bfree(p51, alloc); return b; } |