Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS

This was a buffer overrun in do_div_mod(), overwriting the internal buffer of auto variable 'tmp' in Item_func_int_div::val_int. Result on windows: 'this' is set to zero, and crash. Ran fine on other platforms (no valgrind warnings), but this is undefined behaviour on any platform of course. include/decimal.h: Add const qualifiers to function prototypes which are used by sql/my_decimal.h mysql-test/r/func_math.result: New test case. mysql-test/t/func_math.test: New test case. sql/my_decimal.h: Remove several C-style casts: - some of the were up-casts, and thus un-necessary - some of them should have been const-casts, but it is better to make the underlying library functions in (decimal.[h|c]) const instead. strings/decimal.c: Check for buffer overrun in do_div_mod() Add const qualifiers to functions which are used by sql/my_decimal.h
2025-07-29 05:21:33 +03:00 · 2011-03-03 15:25:41 +01:00
parent 4d63adff26
commit ef19b3b6cf
5 changed files with 69 additions and 49 deletions
--- a/mysql-test/r/func_math.result
+++ b/mysql-test/r/func_math.result
@ -656,3 +656,11 @@ Warning	1366	Incorrect decimal value: '' for column '' at row -1
 SELECT 1 div null;
 1 div null
 NULL
+#
+# Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS
+#
+select (1.175494351E-37 div 1.7976931348623157E+308);
+(1.175494351E-37 div 1.7976931348623157E+308)
+0
+Warnings:
+Warning	1292	Truncated incorrect DECIMAL value: ''