From 1b8ba5e424ae9cddd0c196af7a2df977ff21a34a Mon Sep 17 00:00:00 2001
From: "holyfoot/hf@mysql.com/hfmain.(none)" <>
Date: Sun, 20 May 2007 21:22:57 +0500
Subject: bug #28361 Buffer overflow in DECIMAL code on Windows

my_decimal in some cases can contain more decimal digits than
is officially supported (DECIMAL_MAX_PRECISION), so we need to
prepare bigger buffer for the resulting string.
---
 sql/my_decimal.h | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'sql/my_decimal.h')

diff --git a/sql/my_decimal.h b/sql/my_decimal.h
index 9558b00f0cf..0affa07557e 100644
--- a/sql/my_decimal.h
+++ b/sql/my_decimal.h
@@ -36,13 +36,17 @@ C_MODE_END
 
 /* maximum length of buffer in our big digits (uint32) */
 #define DECIMAL_BUFF_LENGTH 9
+
+/* the number of digits that my_decimal can possibly contain */
+#define DECIMAL_MAX_POSSIBLE_PRECISION (DECIMAL_BUFF_LENGTH * 9)
+
 /*
   maximum guaranteed precision of number in decimal digits (number of our
   digits * number of decimal digits in one our big digit - number of decimal
-  digits in one our big digit decreased on 1 (because we always put decimal
+  digits in one our big digit decreased by 1 (because we always put decimal
   point on the border of our big digits))
 */
-#define DECIMAL_MAX_PRECISION ((DECIMAL_BUFF_LENGTH * 9) - 8*2)
+#define DECIMAL_MAX_PRECISION (DECIMAL_MAX_POSSIBLE_PRECISION - 8*2)
 #define DECIMAL_MAX_SCALE 30
 #define DECIMAL_NOT_SPECIFIED 31
 
@@ -50,7 +54,7 @@ C_MODE_END
   maximum length of string representation (number of maximum decimal
   digits + 1 position for sign + 1 position for decimal point)
 */
-#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_PRECISION + 2)
+#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2)
 /*
   maximum size of packet length
 */
-- 
cgit v1.2.1