From cfe3489b9577f9736f115c6f4d21055274cf509b Mon Sep 17 00:00:00 2001
From: Tor Didriksen <tor.didriksen@oracle.com>
Date: Fri, 15 Jul 2011 14:07:38 +0200
Subject: Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL

The buffer was simply too small.
In 5.5 and trunk, the size is 311 + 31,
in 5.1 and below, the size is 331
---
 include/m_string.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'include')

diff --git a/include/m_string.h b/include/m_string.h
index a03254ead11..94de334a050 100644
--- a/include/m_string.h
+++ b/include/m_string.h
@@ -216,6 +216,15 @@ extern int is_prefix(const char *, const char *);
 double my_strtod(const char *str, char **end, int *error);
 double my_atof(const char *nptr);
 
+#ifndef NOT_FIXED_DEC
+#define NOT_FIXED_DEC			31
+#endif
+
+/*
+  Max length of a floating point number.
+ */
+#define FLOATING_POINT_BUFFER (311 + NOT_FIXED_DEC)
+
 extern char *llstr(longlong value,char *buff);
 extern char *ullstr(longlong value,char *buff);
 #ifndef HAVE_STRTOUL
-- 
cgit v1.2.1