Bug#55436: buffer overflow in debug binary of dbug_buff in Field_new_decimal::store_value

There were some misunderstandings about parameters pertaining to buffer-size. Patches fixes the reported off by one and clarifies the documentation.
2025-07-29 05:21:33 +03:00 · 2010-11-11 09:46:49 +00:00
parent d47e8991cb
commit 1d0a11fd15
6 changed files with 41 additions and 11 deletions
--- a/strings/decimal.c
+++ b/strings/decimal.c
@ -320,8 +320,8 @@ int decimal_actual_fraction(decimal_t *from)
      from            - value to convert
      to              - points to buffer where string representation
                        should be stored
-      *to_len         - in:  size of to buffer
-                        out: length of the actually written string
+      *to_len         - in:  size of to buffer (incl. terminating '\0')
+                        out: length of the actually written string (excl. '\0')
      fixed_precision - 0 if representation can be variable length and
                        fixed_decimals will not be checked in this case.
                        Put number as with fixed point position with this
@ -338,6 +338,7 @@ int decimal2string(decimal_t *from, char *to, int *to_len,
                   int fixed_precision, int fixed_decimals,
                   char filler)
 {
+  /* {intg_len, frac_len} output widths; {intg, frac} places in input */
  int len, intg, frac= from->frac, i, intg_len, frac_len, fill;
  /* number digits before decimal point */
  int fixed_intg= (fixed_precision ?