Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL

The buffer was simply too small. In 5.5 and trunk, the size is 311 + 31, in 5.1 and below, the size is 331 client/sql_string.cc: Increase buffer size in String::set(double, ...) include/m_string.h: Increase FLOATING_POINT_BUFFER mysql-test/r/type_float.result: New test cases. mysql-test/t/type_float.test: New test cases. sql/sql_string.cc: Increase buffer size in String::set(double, ...) sql/unireg.h: Move definition of FLOATING_POINT_BUFFER
2025-08-07 00:04:31 +03:00 · 2011-07-15 14:07:38 +02:00
parent 8e90c61923
commit cfcd49b467
6 changed files with 44 additions and 5 deletions
--- a/include/m_string.h
+++ b/include/m_string.h
@@ -216,6 +216,15 @@ extern int is_prefix(const char *, const char *);
 double my_strtod(const char *str, char **end, int *error);
 double my_atof(const char *nptr);

+#ifndef NOT_FIXED_DEC
+#define NOT_FIXED_DEC			31
+#endif
+
+/*
+  Max length of a floating point number.
+ */
+#define FLOATING_POINT_BUFFER (311 + NOT_FIXED_DEC)
+
 extern char *llstr(longlong value,char *buff);
 extern char *ullstr(longlong value,char *buff);
 #ifndef HAVE_STRTOUL