database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug #59241 invalid memory read in do_div_mod with doubly assigned variables

Browse Source 
Fix: copy my_decimal by value, to avoid dangling pointers.
This commit is contained in:
Tor Didriksen
2011-01-14 10:05:14 +01:00
parent cfa9a4bde6
commit 8dfab82ee0
7 changed files with 44 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sql/sql_analyse.cc
View File

@ -1,4 +1,4 @@
/* Copyright (C) 2000-2006 MySQL AB
/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -521,9 +521,6 @@ void field_decimal::add()
{
found = 1;
min_arg = max_arg = sum[0] = *dec;
min_arg.fix_buffer_pointer();
max_arg.fix_buffer_pointer();
sum[0].fix_buffer_pointer();
my_decimal_mul(E_DEC_FATAL_ERROR, sum_sqr, dec, dec);
cur_sum= 0;
min_length = max_length = length;
@ -545,12 +542,10 @@ void field_decimal::add()
if (my_decimal_cmp(dec, &min_arg) < 0)
{
min_arg= *dec;
min_arg.fix_buffer_pointer();
}
if (my_decimal_cmp(dec, &max_arg) > 0)
{
max_arg= *dec;
max_arg.fix_buffer_pointer();
}
}
}