mirror of
https://github.com/MariaDB/server.git
synced 2026-04-23 08:45:33 +02:00
Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS
This was a buffer overrun in do_div_mod(), overwriting the internal buffer
of auto variable 'tmp' in Item_func_int_div::val_int.
Result on windows: 'this' is set to zero, and crash.
Ran fine on other platforms (no valgrind warnings),
but this is undefined behaviour on any platform of course.
include/decimal.h:
Add const qualifiers to function prototypes which are used by sql/my_decimal.h
mysql-test/r/func_math.result:
New test case.
mysql-test/t/func_math.test:
New test case.
sql/my_decimal.h:
Remove several C-style casts:
- some of the were up-casts, and thus un-necessary
- some of them should have been const-casts, but it is better to make the
underlying library functions in (decimal.[h|c]) const instead.
strings/decimal.c:
Check for buffer overrun in do_div_mod()
Add const qualifiers to functions which are used by sql/my_decimal.h
This commit is contained in:
Tor Didriksen
parent
4d63adff26
commit
ef19b3b6cf
5 changed files with 69 additions and 49 deletions
|
|
@ -500,3 +500,8 @@ SELECT ((@a:=@b:=1.0) div (@b:=@a:=get_format(datetime, 'usa')));
|
|||
--echo # Bug #59498 div function broken in mysql-trunk
|
||||
--echo #
|
||||
SELECT 1 div null;
|
||||
|
||||
--echo #
|
||||
--echo # Bug #11792200 - DIVIDING LARGE NUMBERS CAUSES STACK CORRUPTIONS
|
||||
--echo #
|
||||
select (1.175494351E-37 div 1.7976931348623157E+308);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue