Crash in the mysql driver when decoding short decimal values as f64

[lovasoa]

Bug Description

the mysql driver crashes the entire program when decoding short decimal values as f64

see the fix in sqlx-oldapi: sqlpage@db000fb

[ebissi]

IMHO this isn't a bug and that conversion should not be done by sqlx because it would break the expected behavior of DECIMAL on rust side.

The conversion DECIMAL -> f64 should be explicitly done by the programmer in SQL using CAST(decimal_column AS DOUBLE) or in rust using rust_decimal to_f64. This way it is up to the programmer to handle its consequences.

[lovasoa]

I don't think it would be an issue to return an error in this case. But currently, sqlx does not return an error, it crashes the entire program.

[chenlcacentury]

just checking some opening issues to evaluate how stable and robust this crate is and is it ready to be used in production. It seems some philosophies behind are potentially very risky.

This issue is indeed a bug and a very bad bug because it will crash the whole program which is definitely unacceptable in production.

Be very careful to use unwrap, expect etc., and only use them while it is 100000% no crash or intended to be crashed

[abonander]

We'd appreciate a PR. I'd just check that the binary length is either 4 or 8, or return an error.

[lovasoa]

@abonander I have a link to the fix in my initial comment, if you want.

[abonander]

I saw your patch, but I agree with @ebissi. f64 should not decode from DECIMAL as they have distinctly different semantics.

The bug is simply that LittleEndian::read_f32() panics if the buffer contains less than four bytes, which should be checked before calling it.