Skip to content

Commit 819980f

Browse files
author
Tor Didriksen
committed
Bug#13802242 MY_DECIMAL::SANITY_CHECK ASSERTION: ASSERTION FAILED: FOO2 == TEST_VALUE
Yet another buffer overrun the decimal library.
1 parent 2acd705 commit 819980f

1 file changed

Lines changed: 11 additions & 2 deletions

File tree

strings/decimal.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1717,10 +1717,18 @@ decimal_round(const decimal_t *from, decimal_t *to, int scale,
17171717
}
17181718
for (buf1=to->buf + intg0 + MY_MAX(frac0, 0); buf1 > to->buf; buf1--)
17191719
{
1720-
buf1[0]=buf1[-1];
1720+
/* Avoid out-of-bounds write. */
1721+
if (buf1 < to->buf + len)
1722+
buf1[0]=buf1[-1];
1723+
else
1724+
error= E_DEC_OVERFLOW;
17211725
}
17221726
*buf1=1;
1723-
to->intg++;
1727+
/* We cannot have more than 9 * 9 = 81 digits. */
1728+
if (to->intg < len * DIG_PER_DEC1)
1729+
to->intg++;
1730+
else
1731+
error= E_DEC_OVERFLOW;
17241732
}
17251733
}
17261734
else
@@ -1752,6 +1760,7 @@ decimal_round(const decimal_t *from, decimal_t *to, int scale,
17521760
scale=0;
17531761

17541762
done:
1763+
DBUG_ASSERT(to->intg <= (len * DIG_PER_DEC1));
17551764
to->frac=scale;
17561765
return error;
17571766
}

0 commit comments

Comments
 (0)