Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS

This was a buffer overrun in do_div_mod(), overwriting the internal buffer of auto variable 'tmp' in Item_func_int_div::val_int. Result on windows: 'this' is set to zero, and crash. Ran fine on other platforms (no valgrind warnings), but this is undefined behaviour on any platform of course.
2025-12-24 11:21:21 +03:00 · 2011-03-03 15:25:41 +01:00
parent 6ebf55aff9
commit 4148b03910
5 changed files with 69 additions and 49 deletions
--- a/mysql-test/t/func_math.test
+++ b/mysql-test/t/func_math.test
@@ -500,3 +500,8 @@ SELECT ((@a:=@b:=1.0) div (@b:=@a:=get_format(datetime, 'usa')));
 --echo # Bug #59498 div function broken in mysql-trunk
 --echo #
 SELECT 1 div null;
+
+--echo #
+--echo # Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS
+--echo #
+select (1.175494351E-37 div 1.7976931348623157E+308);