database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug#55436: buffer overflow in debug binary of dbug_buff in Field_new_decimal::store_value

Browse Source 
There were some misunderstandings about parameters pertaining to buffer-size.

Patches fixes the reported off by one and
clarifies the documentation.

mysql-test/r/type_newdecimal.result:
  add test
mysql-test/t/type_newdecimal.test:
  add test
sql/field.cc:
  adjust buffer size by one to account for terminator.
sql/my_decimal.cc:
  adjust buffer size by one to account for terminator.
  clarify needs in comments.
sql/my_decimal.h:
  clarify buffer-size needs to prevent future off-by-one bugs.
strings/decimal.c:
  clarify buffer-size needs and parameters to prevent future off-by-one bugs
This commit is contained in:
Tatiana A. Nurnberg
2010-11-11 09:46:49 +00:00
parent 58dfba2899
commit ccbc24b45a
6 changed files with 41 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sql/my_decimal.h
View File

@ -55,7 +55,7 @@ C_MODE_END
/**
maximum length of string representation (number of maximum decimal
digits + 1 position for sign + 1 position for decimal point)
digits + 1 position for sign + 1 position for decimal point, no terminator)
*/
#define DECIMAL_MAX_STR_LENGTH (DECIMAL_MAX_POSSIBLE_PRECISION + 2)
@ -212,6 +212,7 @@ inline uint32 my_decimal_precision_to_length(uint precision, uint8 scale,
inline
int my_decimal_string_length(const my_decimal *d)
{
/* length of string representation including terminating '\0' */
return decimal_string_size(d);
}