Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS

This was a buffer overrun in do_div_mod(), overwriting the internal buffer of auto variable 'tmp' in Item_func_int_div::val_int. Result on windows: 'this' is set to zero, and crash. Ran fine on other platforms (no valgrind warnings), but this is undefined behaviour on any platform of course. include/decimal.h: Add const qualifiers to function prototypes which are used by sql/my_decimal.h mysql-test/r/func_math.result: New test case. mysql-test/t/func_math.test: New test case. sql/my_decimal.h: Remove several C-style casts: - some of the were up-casts, and thus un-necessary - some of them should have been const-casts, but it is better to make the underlying library functions in (decimal.[h|c]) const instead. strings/decimal.c: Check for buffer overrun in do_div_mod() Add const qualifiers to functions which are used by sql/my_decimal.h
2025-07-30 16:24:05 +03:00 · 2011-03-03 15:25:41 +01:00
parent 4d63adff26
commit ef19b3b6cf
5 changed files with 69 additions and 49 deletions
--- a/include/decimal.h
+++ b/include/decimal.h
@ -29,14 +29,14 @@ typedef struct st_decimal_t {

 int internal_str2dec(const char *from, decimal_t *to, char **end,
                     my_bool fixed);
-int decimal2string(decimal_t *from, char *to, int *to_len,
+int decimal2string(const decimal_t *from, char *to, int *to_len,
                   int fixed_precision, int fixed_decimals,
                   char filler);
 int decimal2ulonglong(decimal_t *from, ulonglong *to);
 int ulonglong2decimal(ulonglong from, decimal_t *to);
 int decimal2longlong(decimal_t *from, longlong *to);
 int longlong2decimal(longlong from, decimal_t *to);
-int decimal2double(decimal_t *from, double *to);
+int decimal2double(const decimal_t *from, double *to);
 int double2decimal(double from, decimal_t *to);
 int decimal_actual_fraction(decimal_t *from);
 int decimal2bin(decimal_t *from, uchar *to, int precision, int scale);
@ -47,17 +47,17 @@ int decimal_bin_size(int precision, int scale);
 int decimal_result_size(decimal_t *from1, decimal_t *from2, char op,
                        int param);

-int decimal_intg(decimal_t *from);
-int decimal_add(decimal_t *from1, decimal_t *from2, decimal_t *to);
-int decimal_sub(decimal_t *from1, decimal_t *from2, decimal_t *to);
-int decimal_cmp(decimal_t *from1, decimal_t *from2);
-int decimal_mul(decimal_t *from1, decimal_t *from2, decimal_t *to);
-int decimal_div(decimal_t *from1, decimal_t *from2, decimal_t *to,
+int decimal_intg(const decimal_t *from);
+int decimal_add(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_sub(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_cmp(const decimal_t *from1, const decimal_t *from2);
+int decimal_mul(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_div(const decimal_t *from1, const decimal_t *from2, decimal_t *to,
                int scale_incr);
-int decimal_mod(decimal_t *from1, decimal_t *from2, decimal_t *to);
-int decimal_round(decimal_t *from, decimal_t *to, int new_scale,
+int decimal_mod(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_round(const decimal_t *from, decimal_t *to, int new_scale,
                  decimal_round_mode mode);
-int decimal_is_zero(decimal_t *from);
+int decimal_is_zero(const decimal_t *from);
 void max_decimal(int precision, int frac, decimal_t *to);

 #define string2decimal(A,B,C) internal_str2dec((A), (B), (C), 0)