diff options
| author | Alexander Barkov <alexander.barkov@oracle.com> | 2012-08-17 13:14:04 +0400 |
|---|---|---|
| committer | Alexander Barkov <alexander.barkov@oracle.com> | 2012-08-17 13:14:04 +0400 |
| commit | 5aec4e2b3bbcaea33d719e2e4e94665c4856e413 (patch) | |
| tree | a027f5a381b6d2e174a312cf66973512d49bb5ec | |
| parent | e288e649c5157765f192bde3790e5a863807a112 (diff) | |
| download | mariadb-git-5aec4e2b3bbcaea33d719e2e4e94665c4856e413.tar.gz | |
Backporting Bug 14100466 from 5.6.
| -rw-r--r-- | sql/spatial.cc | 11 | ||||
| -rw-r--r-- | sql/spatial.h | 8 |
2 files changed, 14 insertions, 5 deletions
diff --git a/sql/spatial.cc b/sql/spatial.cc index 0d2dd81c71e..07f28855987 100644 --- a/sql/spatial.cc +++ b/sql/spatial.cc @@ -525,12 +525,13 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len, const char *wkb_end; Gis_point p; - if (len < 4) + if (len < 4 || + (n_points= wkb_get_uint(wkb, bo)) < 1 || + n_points > max_n_points) return 0; - n_points= wkb_get_uint(wkb, bo); proper_length= 4 + n_points * POINT_DATA_SIZE; - if (!n_points || len < proper_length || res->reserve(proper_length)) + if (len < proper_length || res->reserve(proper_length)) return 0; res->q_append(n_points); @@ -1072,9 +1073,9 @@ uint Gis_multi_point::init_from_wkb(const char *wkb, uint len, wkbByteOrder bo, Gis_point p; const char *wkb_end; - if (len < 4) + if (len < 4 || + (n_points= wkb_get_uint(wkb, bo)) > max_n_points) return 0; - n_points= wkb_get_uint(wkb, bo); proper_size= 4 + n_points * (WKB_HEADER_SIZE + POINT_DATA_SIZE); if (len < proper_size || res->reserve(proper_size)) diff --git a/sql/spatial.h b/sql/spatial.h index 4159d93c7a7..68a6c889615 100644 --- a/sql/spatial.h +++ b/sql/spatial.h @@ -379,6 +379,10 @@ public: class Gis_line_string: public Geometry { + // Maximum number of points in LineString that can fit into String + static const uint32 max_n_points= + (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) / + POINT_DATA_SIZE; public: Gis_line_string() {} /* Remove gcc warning */ virtual ~Gis_line_string() {} /* Remove gcc warning */ @@ -435,6 +439,10 @@ public: class Gis_multi_point: public Geometry { + // Maximum number of points in MultiPoint that can fit into String + static const uint32 max_n_points= + (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) / + (WKB_HEADER_SIZE + POINT_DATA_SIZE); public: Gis_multi_point() {} /* Remove gcc warning */ virtual ~Gis_multi_point() {} /* Remove gcc warning */ |