From cfcd49b467dc5de004310db1ff0810842ea3bb56 Mon Sep 17 00:00:00 2001
From: Tor Didriksen <tor.didriksen@oracle.com>
Date: Fri, 15 Jul 2011 14:07:38 +0200
Subject: Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL

The buffer was simply too small.
In 5.5 and trunk, the size is 311 + 31,
in 5.1 and below, the size is 331


client/sql_string.cc:
  Increase buffer size in String::set(double, ...)
include/m_string.h:
  Increase FLOATING_POINT_BUFFER
mysql-test/r/type_float.result:
  New test cases.
mysql-test/t/type_float.test:
  New test cases.
sql/sql_string.cc:
  Increase buffer size in String::set(double, ...)
sql/unireg.h:
  Move definition of FLOATING_POINT_BUFFER
---
 mysql-test/r/type_float.result | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'mysql-test/r/type_float.result')

diff --git a/mysql-test/r/type_float.result b/mysql-test/r/type_float.result
index d3a136d53d2..c37b77b302d 100644
--- a/mysql-test/r/type_float.result
+++ b/mysql-test/r/type_float.result
@@ -407,4 +407,16 @@ SELECT f1 FROM t1;
 f1
 -1.79769313486231e+308
 DROP TABLE t1;
+#
+# Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
+# 
+select format(-1.7976931348623157E+307,256) as foo;
+foo
+ignore_float_result
+select least(-1.1111111111111111111111111,
+- group_concat(1.7976931348623157E+308)) as foo;
+foo
+ignore_float_result
+select concat((truncate((-1.7976931348623157E+307),(0x1e))),
+(99999999999999999999999999999999999999999999999999999999999999999)) into @a;
 End of 5.0 tests
-- 
cgit v1.2.1