Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.5, 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
-
None
Description
Casting numeric representing decimal value string with many leading
zeros into MySQL database gives an unexpected value. For example query:
"SELECT
CAST(0000000000000000000000000000000000000000000000000000000000000000000000000000000020.01
AS DECIMAL(15,2)) as val;"
gives value 9999999999999.99
The bug appears when input string is longer than 83 symbols and is
present in newest MySQL 8.0, maybe in its older version and in MariaDB
also. "83" limit seems to be related to the DECIMAL_MAX_STR_LENGTH
constant from MySQL C sources, when input string is longer than that
constant, MySQL sets resulted value to maximal decimal value with given
precision.
It could be dangerous in many case, for for example for online financial
services that use MySQL. A malicious persons could use this bug for
getting big amount of money on its account by entering sum with many
leading zeros.