From a01946373d5752c921c4daddfec5c6cdfdbfa627 Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Wed, 28 Jan 2009 20:59:08 +0300 Subject: Fix for bug #21205: Different number of digits for float/double/real in --ps-protocol Various parts of code used different 'precision' arguments for sprintf("%g") when converting floating point numbers to a string. This led to differences in results in some cases depending on whether the text-based or prepared statements protocol is used for a query. Fixed by changing arguments to sprintf("%g") to always be 15 (DBL_DIG) so that results are consistent regardless of the protocol. This patch will be null-merged to 6.0 as the problem does not exists there (fixed by the patch for WL#2934). client/sql_string.cc: Use 15 (DBL_DIG) as a precision argument for sprintf(), as Field_double::val_str() does. libmysql/libmysql.c: Use 15 (DBL_DIG) as a precision argument for sprintf(), as Field_double::val_str() does. mysql-test/r/archive_gis.result: Fixed test results to take additional precision into account. mysql-test/r/func_group.result: Fixed test results to take additional precision into account. mysql-test/r/func_math.result: Fixed test results to take additional precision into account. mysql-test/r/func_str.result: Fixed test results to take additional precision into account. mysql-test/r/gis.result: Fixed test results to take additional precision into account. mysql-test/r/innodb_gis.result: Fixed test results to take additional precision into account. mysql-test/r/select.result: Fixed test results to take additional precision into account. mysql-test/r/sp.result: Fixed test results to take additional precision into account. mysql-test/r/type_float.result: Fixed test results to take additional precision into account. mysql-test/t/type_float.test: Fixed test results to take additional precision into account. sql/sql_string.cc: Use 15 (DBL_DIG) as a precision argument for sprintf(), as Field_double::val_str() does. --- sql/sql_string.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sql/sql_string.cc') diff --git a/sql/sql_string.cc b/sql/sql_string.cc index 75e47dd0c8e..a7d6d5db411 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -125,7 +125,7 @@ bool String::set(double num,uint decimals, CHARSET_INFO *cs) str_charset=cs; if (decimals >= NOT_FIXED_DEC) { - uint32 len= my_sprintf(buff,(buff, "%.14g",num));// Enough for a DATETIME + uint32 len= my_sprintf(buff,(buff, "%.15g",num));// Enough for a DATETIME return copy(buff, len, &my_charset_latin1, cs, &dummy_errors); } #ifdef HAVE_FCONVERT @@ -677,7 +677,7 @@ void String::qs_append(const char *str, uint32 len) void String::qs_append(double d) { char *buff = Ptr + str_length; - str_length+= my_sprintf(buff, (buff, "%.14g", d)); + str_length+= my_sprintf(buff, (buff, "%.15g", d)); } void String::qs_append(double *d) -- cgit v1.2.1 From dfbba6e7fda2286a2c021a025fa82926551e01f9 Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Tue, 3 Feb 2009 20:19:01 +0300 Subject: Fix for bug #41868: crash or memory overrun with concat + upper, date_format functions String::realloc() did not check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer (i.e.alloced == FALSE). This could lead to memory overruns in some cases. mysql-test/r/func_str.result: Added a test case for bug #41868. mysql-test/t/func_str.test: Added a test case for bug #41868. sql/sql_class.cc: After each call to Item::send() in select_send::send_data() reset buffer to its original state to reduce unnecessary malloc() calls. See comments for bug #41868 for detailed analysis. sql/sql_string.cc: Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer. --- sql/sql_string.cc | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'sql/sql_string.cc') diff --git a/sql/sql_string.cc b/sql/sql_string.cc index 75e47dd0c8e..b6ce4d8dc8d 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length) if (alloced) { if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) - { - Ptr=new_ptr; - Alloced_length=len; - } + new_ptr[alloc_length]= 0; else - return TRUE; // Signal error + return TRUE; // Signal error } else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) { + if (str_length > len - 1) + str_length= 0; if (str_length) // Avoid bugs in memcpy on AIX - memcpy(new_ptr,Ptr,str_length); - new_ptr[str_length]=0; - Ptr=new_ptr; - Alloced_length=len; + memcpy(new_ptr, Ptr, str_length); + new_ptr[str_length]= 0; alloced=1; } else return TRUE; // Signal error + Ptr= new_ptr; + Alloced_length= len; } - Ptr[alloc_length]=0; // This make other funcs shorter + else + Ptr[alloc_length]= 0; return FALSE; } -- cgit v1.2.1 From b30239bc1a3e73f4ad4f1ecac9cc1e193f7a0b61 Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Fri, 6 Feb 2009 12:51:11 +0300 Subject: Temporarily reverted patch for bug #41868 as it was causing problems in PB. --- sql/sql_string.cc | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'sql/sql_string.cc') diff --git a/sql/sql_string.cc b/sql/sql_string.cc index b6ce4d8dc8d..75e47dd0c8e 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -72,26 +72,26 @@ bool String::realloc(uint32 alloc_length) if (alloced) { if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) - new_ptr[alloc_length]= 0; + { + Ptr=new_ptr; + Alloced_length=len; + } else - return TRUE; // Signal error + return TRUE; // Signal error } else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) { - if (str_length > len - 1) - str_length= 0; if (str_length) // Avoid bugs in memcpy on AIX - memcpy(new_ptr, Ptr, str_length); - new_ptr[str_length]= 0; + memcpy(new_ptr,Ptr,str_length); + new_ptr[str_length]=0; + Ptr=new_ptr; + Alloced_length=len; alloced=1; } else return TRUE; // Signal error - Ptr= new_ptr; - Alloced_length= len; } - else - Ptr[alloc_length]= 0; + Ptr[alloc_length]=0; // This make other funcs shorter return FALSE; } -- cgit v1.2.1 From fd8bf58ca972ef3f521aec03c0bd09fa3ec78335 Mon Sep 17 00:00:00 2001 From: Alexey Kopytov Date: Tue, 10 Feb 2009 15:38:56 +0300 Subject: Fix for bug #41868: crash or memory overrun with concat + upper, date_format functions String::realloc() did not check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer (i.e.alloced == FALSE). This could lead to memory overruns in some cases. client/sql_string.cc: Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer. mysql-test/r/func_str.result: Added a test case for bug #41868. mysql-test/t/func_str.test: Added a test case for bug #41868. sql/sql_class.cc: After each call to Item::send() in select_send::send_data() reset buffer to its original state to reduce unnecessary malloc() calls. See comments for bug #41868 for detailed analysis. sql/sql_string.cc: Fixed String::realloc() to check whether the existing string data fits in the newly allocated buffer for cases when reallocating a String object with external buffer. --- sql/sql_string.cc | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'sql/sql_string.cc') diff --git a/sql/sql_string.cc b/sql/sql_string.cc index 75e47dd0c8e..ed1dc9eac77 100644 --- a/sql/sql_string.cc +++ b/sql/sql_string.cc @@ -71,25 +71,22 @@ bool String::realloc(uint32 alloc_length) char *new_ptr; if (alloced) { - if ((new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) - { - Ptr=new_ptr; - Alloced_length=len; - } - else - return TRUE; // Signal error + if (!(new_ptr= (char*) my_realloc(Ptr,len,MYF(MY_WME)))) + return TRUE; // Signal error } else if ((new_ptr= (char*) my_malloc(len,MYF(MY_WME)))) { + if (str_length > len - 1) + str_length= 0; if (str_length) // Avoid bugs in memcpy on AIX memcpy(new_ptr,Ptr,str_length); new_ptr[str_length]=0; - Ptr=new_ptr; - Alloced_length=len; alloced=1; } else return TRUE; // Signal error + Ptr= new_ptr; + Alloced_length= len; } Ptr[alloc_length]=0; // This make other funcs shorter return FALSE; -- cgit v1.2.1