Merge pull request #42566 from ClickHouse/cherrypick/22.3/3beace607b2…

…fac35ee576807d67dada462e8319f

Cherry pick #42465 to 22.3: Fix buffer overflow in Decimal scale

src/Common/intExp.h

@@ -47,6 +47,11 @@ namespace common
 
 constexpr inline int exp10_i32(int x)
 {
+    if (x < 0)
+        return 0;
+    if (x > 9)
+        return std::numeric_limits<int>::max();
+
     constexpr int values[] =
     {
         1,
@@ -65,6 +70,11 @@ constexpr inline int exp10_i32(int x)
 
 constexpr inline int64_t exp10_i64(int x)
 {
+    if (x < 0)
+        return 0;
+    if (x > 18)
+        return std::numeric_limits<int64_t>::max();
+
     constexpr int64_t values[] =
     {
         1LL,
@@ -92,6 +102,11 @@ constexpr inline int64_t exp10_i64(int x)
 
 constexpr inline Int128 exp10_i128(int x)
 {
+    if (x < 0)
+        return 0;
+    if (x > 38)
+        return std::numeric_limits<Int128>::max();
+
     constexpr Int128 values[] =
     {
         static_cast<Int128>(1LL),
@@ -140,6 +155,11 @@ constexpr inline Int128 exp10_i128(int x)
 
 inline Int256 exp10_i256(int x)
 {
+    if (x < 0)
+        return 0;
+    if (x > 76)
+        return std::numeric_limits<Int256>::max();
+
     using Int256 = Int256;
     static constexpr Int256 i10e18{1000000000000000000ll};
     static const Int256 values[] = {
@@ -231,8 +251,10 @@ inline Int256 exp10_i256(int x)
 template <typename T>
 constexpr inline T intExp10OfSize(int x)
 {
-    if constexpr (sizeof(T) <= 8)
-        return intExp10(x);
+    if constexpr (sizeof(T) <= 4)
+        return common::exp10_i32(x);
+    else if constexpr (sizeof(T) <= 8)
+        return common::exp10_i64(x);
     else if constexpr (sizeof(T) <= 16)
         return common::exp10_i128(x);
     else

src/Functions/timeSlots.cpp

@@ -18,6 +18,7 @@ namespace ErrorCodes
     extern const int NUMBER_OF_ARGUMENTS_DOESNT_MATCH;
     extern const int ILLEGAL_TYPE_OF_ARGUMENT;
     extern const int ILLEGAL_COLUMN;
+    extern const int BAD_ARGUMENTS;
 }
 
 namespace
@@ -40,6 +41,9 @@ struct TimeSlotsImpl
         const PaddedPODArray<UInt32> & starts, const PaddedPODArray<DurationType> & durations, UInt32 time_slot_size,
         PaddedPODArray<UInt32> & result_values, ColumnArray::Offsets & result_offsets)
     {
+        if (time_slot_size == 0)
+            throw Exception("Time slot size cannot be zero", ErrorCodes::BAD_ARGUMENTS);
+
         size_t size = starts.size();
 
         result_offsets.resize(size);
@@ -62,6 +66,9 @@ struct TimeSlotsImpl
         const PaddedPODArray<UInt32> & starts, DurationType duration, UInt32 time_slot_size,
         PaddedPODArray<UInt32> & result_values, ColumnArray::Offsets & result_offsets)
     {
+        if (time_slot_size == 0)
+            throw Exception("Time slot size cannot be zero", ErrorCodes::BAD_ARGUMENTS);
+
         size_t size = starts.size();
 
         result_offsets.resize(size);
@@ -84,6 +91,9 @@ struct TimeSlotsImpl
         UInt32 start, const PaddedPODArray<DurationType> & durations, UInt32 time_slot_size,
         PaddedPODArray<UInt32> & result_values, ColumnArray::Offsets & result_offsets)
     {
+        if (time_slot_size == 0)
+            throw Exception("Time slot size cannot be zero", ErrorCodes::BAD_ARGUMENTS);
+
         size_t size = durations.size();
 
         result_offsets.resize(size);

tests/queries/0_stateless/02464_decimal_scale_buffer_overflow.sql

@@ -0,0 +1,5 @@
+DROP TABLE IF EXISTS series__fuzz_35;
+CREATE TABLE series__fuzz_35 (`i` UInt8, `x_value` Decimal(18, 14), `y_value` DateTime) ENGINE = Memory;
+INSERT INTO series__fuzz_35(i, x_value, y_value) VALUES (1, 5.6,-4.4),(2, -9.6,3),(3, -1.3,-4),(4, 5.3,9.7),(5, 4.4,0.037),(6, -8.6,-7.8),(7, 5.1,9.3),(8, 7.9,-3.6),(9, -8.2,0.62),(10, -3,7.3);
+SELECT skewSamp(x_value) FROM (SELECT x_value as x_value FROM series__fuzz_35 LIMIT 2) FORMAT Null;
+DROP TABLE series__fuzz_35;