Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY

mysql-test/r/func_str.result: New test cases. mysql-test/t/func_str.test: New test cases. strings/dtoa.c: Increasing the buffer size slightly made some queries pass without leaks. Adding Bfree(p51, alloc) fixed the remaining leaks.
2025-08-08 11:22:35 +03:00 · 2011-09-20 10:59:48 +02:00
parent 3ad46f8111
commit dbcdad7d4a
3 changed files with 59 additions and 2 deletions
--- a/mysql-test/r/func_str.result
+++ b/mysql-test/r/func_str.result
@@ -2785,5 +2785,40 @@ format(123,2,'no_NO')
 123,00
 DROP TABLE t1;
 #
+# Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY
+#
+SELECT (rpad(1.0,2048,1)) IS NOT FALSE;
+(rpad(1.0,2048,1)) IS NOT FALSE
+1
+SELECT ((+0) IN
+((0b111111111111111111111111111111111111111111111111111),(rpad(1.0,2048,1)),
+(32767.1)));
+((+0) IN
+((0b111111111111111111111111111111111111111111111111111),(rpad(1.0,2048,1)),
+(32767.1)))
+0
+SELECT ((rpad(1.0,2048,1)) = ('4(') ^ (0.1));
+((rpad(1.0,2048,1)) = ('4(') ^ (0.1))
+0
+Warnings:
+Warning	1292	Truncated incorrect INTEGER value: '4('
+SELECT
+pow((rpad(1.0,2048,1)),(b'1111111111111111111111111111111111111111111'));
+ERROR 22003: DOUBLE value is out of range in 'pow(rpad(1.0,2048,1),0x07ffffffffff)'
+SELECT ((rpad(1.0,2048,1)) + (0) ^ ('../'));
+((rpad(1.0,2048,1)) + (0) ^ ('../'))
+1.011111111111111
+Warnings:
+Warning	1292	Truncated incorrect INTEGER value: '../'
+SELECT stddev_samp(rpad(1.0,2048,1));
+stddev_samp(rpad(1.0,2048,1))
+NULL
+SELECT ((127.1) not in ((rpad(1.0,2048,1)),(''),(-1.1)));
+((127.1) not in ((rpad(1.0,2048,1)),(''),(-1.1)))
+1
+SELECT ((0xf3) * (rpad(1.0,2048,1)) << (0xcc));
+((0xf3) * (rpad(1.0,2048,1)) << (0xcc))
+0
+#
 # End of 5.5 tests
 #
--- a/mysql-test/t/func_str.test
+++ b/mysql-test/t/func_str.test
@@ -1436,6 +1436,25 @@ SHOW CREATE TABLE t1;
 SELECT * FROM t1;
 DROP TABLE t1;

+--echo #
+--echo # Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY
+--echo #
+
+SELECT (rpad(1.0,2048,1)) IS NOT FALSE;
+SELECT ((+0) IN
+((0b111111111111111111111111111111111111111111111111111),(rpad(1.0,2048,1)),
+(32767.1)));
+SELECT ((rpad(1.0,2048,1)) = ('4(') ^ (0.1));
+
+--error 1690
+SELECT
+pow((rpad(1.0,2048,1)),(b'1111111111111111111111111111111111111111111'));
+SELECT ((rpad(1.0,2048,1)) + (0) ^ ('../'));
+SELECT stddev_samp(rpad(1.0,2048,1));
+SELECT ((127.1) not in ((rpad(1.0,2048,1)),(''),(-1.1)));
+SELECT ((0xf3) * (rpad(1.0,2048,1)) << (0xcc));
+
+
 --echo #
 --echo # End of 5.5 tests
 --echo #
--- a/strings/dtoa.c
+++ b/strings/dtoa.c
@@ -46,7 +46,7 @@
     see if it is possible to get rid of malloc().
     this constant is sufficient to avoid malloc() on all inputs I have tried.
 */
-#define DTOA_BUFF_SIZE (420 * sizeof(void *))
+#define DTOA_BUFF_SIZE (460 * sizeof(void *))

 /* Magic value returned by dtoa() to indicate overflow */
 #define DTOA_OVERFLOW 9999
@@ -659,6 +659,7 @@ typedef struct Stack_alloc
 static Bigint *Balloc(int k, Stack_alloc *alloc)
 {
  Bigint *rv;
+  DBUG_ASSERT(k <= Kmax);
  if (k <= Kmax &&  alloc->freelist[k])
  {
    rv= alloc->freelist[k];
@@ -1005,7 +1006,7 @@ static Bigint p5_a[]=

 static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc)
 {
-  Bigint *b1, *p5, *p51;
+  Bigint *b1, *p5, *p51=NULL;
  int i;
  static int p05[3]= { 5, 25, 125 };

@@ -1037,6 +1038,8 @@ static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc)
      p5= p51;
    }
  }
+  if (p51)
+    Bfree(p51, alloc);
  return b;
 }