Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL

The buffer was simply too small. In 5.5 and trunk, the size is 311 + 31, in 5.1 and below, the size is 331 client/sql_string.cc: Increase buffer size in String::set(double, ...) include/m_string.h: Increase FLOATING_POINT_BUFFER mysql-test/r/type_float.result: New test cases. mysql-test/t/type_float.test: New test cases. sql/sql_string.cc: Increase buffer size in String::set(double, ...) sql/unireg.h: Move definition of FLOATING_POINT_BUFFER
2025-07-30 16:24:05 +03:00 · 2011-07-15 14:07:38 +02:00
parent 8e90c61923
commit cfcd49b467
6 changed files with 44 additions and 5 deletions
--- a/mysql-test/r/type_float.result
+++ b/mysql-test/r/type_float.result
@ -407,4 +407,16 @@ SELECT f1 FROM t1;
 f1
 -1.79769313486231e+308
 DROP TABLE t1;
+#
+# Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
+# 
+select format(-1.7976931348623157E+307,256) as foo;
+foo
+ignore_float_result
+select least(-1.1111111111111111111111111,
+- group_concat(1.7976931348623157E+308)) as foo;
+foo
+ignore_float_result
+select concat((truncate((-1.7976931348623157E+307),(0x1e))),
+(99999999999999999999999999999999999999999999999999999999999999999)) into @a;
 End of 5.0 tests
--- a/mysql-test/t/type_float.test
+++ b/mysql-test/t/type_float.test
@ -276,4 +276,19 @@ INSERT INTO t1 VALUES(-1.79769313486231e+308);
 SELECT f1 FROM t1;
 DROP TABLE t1;

+--echo #
+--echo # Bug#12406055 BUFFER OVERFLOW OF VARIABLE 'BUFF' IN STRING::SET_REAL
+--echo # 
+
+let $nine_65=
+99999999999999999999999999999999999999999999999999999999999999999;
+
+--replace_column 1 ignore_float_result
+select format(-1.7976931348623157E+307,256) as foo;
+--replace_column 1 ignore_float_result
+select least(-1.1111111111111111111111111,
+             - group_concat(1.7976931348623157E+308)) as foo;
+eval select concat((truncate((-1.7976931348623157E+307),(0x1e))),
+                   ($nine_65)) into @a;
+
 --echo End of 5.0 tests