MDEV-25778 Overrun buffer in to_string_native()

Problem was that str->alloc(length) needed a buffer of length+1 as decimals2string() will add an end null.
2025-07-29 05:21:33 +03:00 · 2021-06-07 18:15:39 +03:00
parent be84f9cea7
commit b1009ddfc9
3 changed files with 19 additions and 1 deletions
--- a/mysql-test/main/strings.test
+++ b/mysql-test/main/strings.test
@ -15,3 +15,12 @@ START SLAVE sql_thread;
 CHANGE MASTER TO master_user='user',master_password='pwd';
 STOP SLAVE;
 RESET SLAVE ALL;
+
+--echo #
+--echo # MDEV-25778 Overrun buffer in to_string_native()
+--echo #
+
+CREATE TABLE t1 (a DECIMAL(15,11) ZEROFILL);
+INSERT INTO t1 (a) VALUES (0.1),(0.2);
+SELECT length(ENCRYPT(a)) AS f, COUNT(*) FROM t1 GROUP BY f;
+DROP TABLE t1;