1 files changed, 13 insertions, 0 deletions

diff --git a/strings/decimal.c b/strings/decimal.c
index 5fb37d374a2..8786a513945 100644
--- a/strings/decimal.c
+++ b/strings/decimal.c
@@ -1347,6 +1347,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
     }
     from+=i;
     *buf=x ^ mask;
+    if (((uint32)*buf) >=  powers10[intg0x+1])
+      goto err;
     if (buf > to->buf || *buf != 0)
       buf++;
     else
@@ -1356,6 +1358,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
   {
     DBUG_ASSERT(sizeof(dec1) == 4);
     *buf=mi_sint4korr(from) ^ mask;
+    if (((uint32)*buf) > DIG_MAX)
+      goto err;
     if (buf > to->buf || *buf != 0)
       buf++;
     else
@@ -1366,6 +1370,8 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
   {
     DBUG_ASSERT(sizeof(dec1) == 4);
     *buf=mi_sint4korr(from) ^ mask;
+    if (((uint32)*buf) > DIG_MAX)
+      goto err;
     buf++;
   }
   if (frac0x)
@@ -1381,10 +1387,17 @@ int bin2decimal(char *from, decimal_t *to, int precision, int scale)
       default: DBUG_ASSERT(0);
     }
     *buf=(x ^ mask) * powers10[DIG_PER_DEC1 - frac0x];
+    if (((uint32)*buf) > DIG_MAX)
+      goto err;
     buf++;
   }
   my_afree(d_copy);
   return error;
+
+err:
+  my_afree(d_copy);
+  decimal_make_zero(((decimal_t*) to));
+  return(E_DEC_BAD_NUM);
 }
 
 /*