Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY

Extra fix: 'if (p5 < p5_a + P5A_MAX)' is not portable. p5 starts out pointing to a static array, then may point to a buffer on the stack, then may point to malloc()ed memory.

Bug#12985030 SIMPLE QUERY WITH DECIMAL NUMBERS LEAKS MEMORY
Extra fix: 'if (p5 < p5_a + P5A_MAX)' is not portable. p5 starts out pointing to a static array, then may point to a buffer on the stack, then may point to malloc()ed memory.
8d1c4bba · Tor Didriksen · 0f359571 · 8d1c4bba
Commit 8d1c4bba authored Sep 21, 2011 by Tor Didriksen
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

strings/dtoa.c strings/dtoa.c +9 -5

No files found.
--- a/strings/dtoa.c
+++ b/strings/dtoa.c
@@ -1009,6 +1009,7 @@ static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc)
  Bigint *b1, *p5, *p51=NULL;
  int i;
  static int p05[3]= { 5, 25, 125 };
+  my_bool overflow= FALSE;

  if ((i= k & 3))
    b= multadd(b, p05[i-1], 0, alloc);
@@ -1027,16 +1028,19 @@ static Bigint *pow5mult(Bigint *b, int k, Stack_alloc *alloc)
    if (!(k>>= 1))
      break;
    /* Calculate next power of 5 */
-    if (p5 < p5_a + P5A_MAX)
-      ++p5;
-    else if (p5 == p5_a + P5A_MAX)
-      p5= mult(p5, p5, alloc);
-    else
+    if (overflow)
    {
      p51= mult(p5, p5, alloc);
      Bfree(p5, alloc);
      p5= p51;
    }
+    else if (p5 < p5_a + P5A_MAX)
+      ++p5;
+    else if (p5 == p5_a + P5A_MAX)
+    {
+      p5= mult(p5, p5, alloc);
+      overflow= TRUE;
+    }
  }
  if (p51)
    Bfree(p51, alloc);