Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
5dc553cd
Commit
5dc553cd
authored
Oct 14, 2011
by
Tor Didriksen
Browse files
Options
Browse Files
Download
Plain Diff
merge 5.0-security => 5.1 security
parents
a2cbf835
a6145f4b
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
108 additions
and
8 deletions
+108
-8
mysql-test/r/type_newdecimal.result
mysql-test/r/type_newdecimal.result
+44
-0
mysql-test/t/type_newdecimal.test
mysql-test/t/type_newdecimal.test
+21
-0
sql/my_decimal.h
sql/my_decimal.h
+30
-0
strings/decimal.c
strings/decimal.c
+13
-8
No files found.
mysql-test/r/type_newdecimal.result
View file @
5dc553cd
...
@@ -1549,6 +1549,50 @@ select * from t1;
...
@@ -1549,6 +1549,50 @@ select * from t1;
5.05 / 0.014
5.05 / 0.014
360.714286
360.714286
DROP TABLE t1;
DROP TABLE t1;
#
# Bug#12563865
# ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
#
SELECT substring(('M') FROM (999999999999999999999999999999999999999999999999999999999999999999999999999999999)) AS foo;
foo
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
Error 1292 Truncated incorrect DECIMAL value: ''
SELECT min(999999999999999999999999999999999999999999999999999999999999999999999999999999999) AS foo;
foo
999999999999999999999999999999999999999999999999999999999999999999999999999999999
SELECT multipolygonfromtext(('4294967294.1'),(999999999999999999999999999999999999999999999999999999999999999999999999999999999)) AS foo;
foo
NULL
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
SELECT convert((999999999999999999999999999999999999999999999999999999999999999999999999999999999), decimal(30,30)) AS foo;
foo
0.999999999999999999999999999999
Warnings:
Error 1264 Out of range value for column 'foo' at row 1
SELECT bit_xor(999999999999999999999999999999999999999999999999999999999999999999999999999999999) AS foo;
foo
9223372036854775807
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
SELECT -(999999999999999999999999999999999999999999999999999999999999999999999999999999999) AS foo;
foo
-999999999999999999999999999999999999999999999999999999999999999999999999999999999
SELECT date_sub((999999999999999999999999999999999999999999999999999999999999999999999999999999999),
interval ((SELECT date_add((0x77500000),
interval ('Oml') second)))
day_minute)
AS foo;
foo
NULL
Warnings:
Error 1292 Truncated incorrect DECIMAL value: ''
Warning 1292 Incorrect datetime value: '9223372036854775807'
SELECT truncate(999999999999999999999999999999999999999999999999999999999999999999999999999999999, 28) AS foo;
foo
999999999999999999999999999999999999999999999999999999999999999999999999999999999
End of 5.0 tests
End of 5.0 tests
select cast(143.481 as decimal(4,1));
select cast(143.481 as decimal(4,1));
cast(143.481 as decimal(4,1))
cast(143.481 as decimal(4,1))
...
...
mysql-test/t/type_newdecimal.test
View file @
5dc553cd
...
@@ -1245,6 +1245,27 @@ show create table t1;
...
@@ -1245,6 +1245,27 @@ show create table t1;
select
*
from
t1
;
select
*
from
t1
;
DROP
TABLE
t1
;
DROP
TABLE
t1
;
--
echo
#
--
echo
# Bug#12563865
--
echo
# ROUNDED,TMP_BUF,DECIMAL_VALUE STACK CORRUPTION IN ALL VERSIONS >=5.0
--
echo
#
let
$nine_81
=
999999999999999999999999999999999999999999999999999999999999999999999999999999999
;
eval
SELECT
substring
((
'M'
)
FROM
(
$nine_81
))
AS
foo
;
eval
SELECT
min
(
$nine_81
)
AS
foo
;
eval
SELECT
multipolygonfromtext
((
'4294967294.1'
),(
$nine_81
))
AS
foo
;
eval
SELECT
convert
((
$nine_81
),
decimal
(
30
,
30
))
AS
foo
;
eval
SELECT
bit_xor
(
$nine_81
)
AS
foo
;
eval
SELECT
-
(
$nine_81
)
AS
foo
;
eval
SELECT
date_sub
((
$nine_81
),
interval
((
SELECT
date_add
((
0x77500000
),
interval
(
'Oml'
)
second
)))
day_minute
)
AS
foo
;
eval
SELECT
truncate
(
$nine_81
,
28
)
AS
foo
;
--
echo
End
of
5.0
tests
--
echo
End
of
5.0
tests
#
#
...
...
sql/my_decimal.h
View file @
5dc553cd
...
@@ -93,12 +93,31 @@ inline int my_decimal_int_part(uint precision, uint decimals)
...
@@ -93,12 +93,31 @@ inline int my_decimal_int_part(uint precision, uint decimals)
class
my_decimal
:
public
decimal_t
class
my_decimal
:
public
decimal_t
{
{
/*
Several of the routines in strings/decimal.c have had buffer
overrun/underrun problems. These are *not* caught by valgrind.
To catch them, we allocate dummy fields around the buffer,
and test that their values do not change.
*/
#if !defined(DBUG_OFF)
int
foo1
;
#endif
decimal_digit_t
buffer
[
DECIMAL_BUFF_LENGTH
];
decimal_digit_t
buffer
[
DECIMAL_BUFF_LENGTH
];
#if !defined(DBUG_OFF)
int
foo2
;
static
const
int
test_value
=
123
;
#endif
public:
public:
void
init
()
void
init
()
{
{
#if !defined(DBUG_OFF)
foo1
=
test_value
;
foo2
=
test_value
;
#endif
len
=
DECIMAL_BUFF_LENGTH
;
len
=
DECIMAL_BUFF_LENGTH
;
buf
=
buffer
;
buf
=
buffer
;
}
}
...
@@ -107,6 +126,17 @@ public:
...
@@ -107,6 +126,17 @@ public:
{
{
init
();
init
();
}
}
~
my_decimal
()
{
sanity_check
();
}
void
sanity_check
()
{
DBUG_ASSERT
(
foo1
==
test_value
);
DBUG_ASSERT
(
foo2
==
test_value
);
}
void
fix_buffer_pointer
()
{
buf
=
buffer
;
}
void
fix_buffer_pointer
()
{
buf
=
buffer
;
}
bool
sign
()
const
{
return
decimal_t
::
sign
;
}
bool
sign
()
const
{
return
decimal_t
::
sign
;
}
...
...
strings/decimal.c
View file @
5dc553cd
...
@@ -1494,9 +1494,8 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
...
@@ -1494,9 +1494,8 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
{
{
int
frac0
=
scale
>
0
?
ROUND_UP
(
scale
)
:
scale
/
DIG_PER_DEC1
,
int
frac0
=
scale
>
0
?
ROUND_UP
(
scale
)
:
scale
/
DIG_PER_DEC1
,
frac1
=
ROUND_UP
(
from
->
frac
),
UNINIT_VAR
(
round_digit
),
frac1
=
ROUND_UP
(
from
->
frac
),
UNINIT_VAR
(
round_digit
),
intg0
=
ROUND_UP
(
from
->
intg
),
error
=
E_DEC_OK
,
len
=
to
->
len
,
intg0
=
ROUND_UP
(
from
->
intg
),
error
=
E_DEC_OK
,
len
=
to
->
len
;
intg1
=
ROUND_UP
(
from
->
intg
+
(((
intg0
+
frac0
)
>
0
)
&&
(
from
->
buf
[
0
]
==
DIG_MAX
)));
dec1
*
buf0
=
from
->
buf
,
*
buf1
=
to
->
buf
,
x
,
y
,
carry
=
0
;
dec1
*
buf0
=
from
->
buf
,
*
buf1
=
to
->
buf
,
x
,
y
,
carry
=
0
;
int
first_dig
;
int
first_dig
;
...
@@ -1511,6 +1510,12 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
...
@@ -1511,6 +1510,12 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
default:
DBUG_ASSERT
(
0
);
default:
DBUG_ASSERT
(
0
);
}
}
/*
For my_decimal we always use len == DECIMAL_BUFF_LENGTH == 9
For internal testing here (ifdef MAIN) we always use len == 100/4
*/
DBUG_ASSERT
(
from
->
len
==
to
->
len
);
if
(
unlikely
(
frac0
+
intg0
>
len
))
if
(
unlikely
(
frac0
+
intg0
>
len
))
{
{
frac0
=
len
-
intg0
;
frac0
=
len
-
intg0
;
...
@@ -1524,17 +1529,17 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
...
@@ -1524,17 +1529,17 @@ decimal_round(decimal_t *from, decimal_t *to, int scale,
return
E_DEC_OK
;
return
E_DEC_OK
;
}
}
if
(
to
!=
from
||
intg1
>
intg0
)
if
(
to
!=
from
)
{
{
dec1
*
p0
=
buf0
+
intg0
+
max
(
frac1
,
frac0
);
dec1
*
p0
=
buf0
+
intg0
+
max
(
frac1
,
frac0
);
dec1
*
p1
=
buf1
+
intg1
+
max
(
frac1
,
frac0
);
dec1
*
p1
=
buf1
+
intg0
+
max
(
frac1
,
frac0
);
DBUG_ASSERT
(
p0
-
buf0
<=
len
);
DBUG_ASSERT
(
p1
-
buf1
<=
len
);
while
(
buf0
<
p0
)
while
(
buf0
<
p0
)
*
(
--
p1
)
=
*
(
--
p0
);
*
(
--
p1
)
=
*
(
--
p0
);
if
(
unlikely
(
intg1
>
intg0
))
to
->
buf
[
0
]
=
0
;
intg0
=
intg1
;
buf0
=
to
->
buf
;
buf0
=
to
->
buf
;
buf1
=
to
->
buf
;
buf1
=
to
->
buf
;
to
->
sign
=
from
->
sign
;
to
->
sign
=
from
->
sign
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment