From ccbc24b45a79b6407487550fa19b40752d22fa7f Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Thu, 11 Nov 2010 09:46:49 +0000 Subject: Bug#55436: buffer overflow in debug binary of dbug_buff in Field_new_decimal::store_value There were some misunderstandings about parameters pertaining to buffer-size. Patches fixes the reported off by one and clarifies the documentation. mysql-test/r/type_newdecimal.result: add test mysql-test/t/type_newdecimal.test: add test sql/field.cc: adjust buffer size by one to account for terminator. sql/my_decimal.cc: adjust buffer size by one to account for terminator. clarify needs in comments. sql/my_decimal.h: clarify buffer-size needs to prevent future off-by-one bugs. strings/decimal.c: clarify buffer-size needs and parameters to prevent future off-by-one bugs --- sql/my_decimal.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sql/my_decimal.h') diff --git a/sql/my_decimal.h b/sql/my_decimal.h index 21669e82c44..2c13142bb60 100644 --- a/sql/my_decimal.h +++ b/sql/my_decimal.h @@ -55,7 +55,7 @@ C_MODE_END /** maximum length of string representation (number of maximum decimal - digits + 1 position for sign + 1 position for decimal point) + digits + 1 position for sign + 1 position for decimal point, no terminator) */ #define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2) @@ -212,6 +212,7 @@ inline uint32 my_decimal_precision_to_length(uint precision, uint8 scale, inline int my_decimal_string_length(const my_decimal *d) { + /* length of string representation including terminating '\0' */ return decimal_string_size(d); } -- cgit v1.2.1