Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY

Extra fix: 'if (p5 < p5_a + P5A_MAX)' is not portable.
p5 starts out pointing to a static array, then may point
to a buffer on the stack, then may point to malloc()ed memory.

strings/dtoa.c

@@ -1009,6 +1009,7 @@ static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc)
   Bigint *b1, *p5, *p51=NULL;
   int i;
   static int p05[3]= { 5, 25, 125 };
+  my_bool overflow= FALSE;
 
   if ((i= k & 3))
     b= multadd(b, p05[i-1], 0, alloc);
@@ -1027,16 +1028,19 @@ static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc)
     if (!(k>>= 1))
       break;
     /* Calculate next power of 5 */
-    if (p5 < p5_a + P5A_MAX)
+    if (overflow)
-      ++p5;
-    else if (p5 == p5_a + P5A_MAX)
-      p5= mult(p5, p5, alloc);
-    else
     {
       p51= mult(p5, p5, alloc);
       Bfree(p5, alloc);
       p5= p51;
     }
+    else if (p5 < p5_a + P5A_MAX)
+      ++p5;
+    else if (p5 == p5_a + P5A_MAX)
+    {
+      p5= mult(p5, p5, alloc);
+      overflow= TRUE;
+    }
   }
   if (p51)
     Bfree(p51, alloc);