MDEV-4478 check mysql-5.5 changes in spatial.cc.

not_enough_points() introduced to check if the spatial object is incorrect.
author: Alexey Botchkov <holyfoot@askmonty.org> 2013-07-22 00:55:06 +0500
committer: Alexey Botchkov <holyfoot@askmonty.org> 2013-07-22 00:55:06 +0500
commit: 9b67de47972d2d7a40f2fe7a8898e3cbef9886a7 (patch)
tree: e04260573342cc913f9222496fe2219df2a8daa9
parent: 48b403cd65a680c5ea526225cad82a44779d0178 (diff)
download: mariadb-git-9b67de47972d2d7a40f2fe7a8898e3cbef9886a7.tar.gz
2 files changed, 58 insertions, 54 deletions
diff --git a/sql/spatial.cc b/sql/spatial.cc
index 52110960f96..95579b5dea2 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -394,19 +394,18 @@ const char *Geometry::append_points(String *txt, uint32 n_points,
 const char *Geometry::get_mbr_for_points(MBR *mbr, const char *data,
 					 uint offset) const
 {
-  uint32 n_points;
+  uint32 points;
   /* read number of points */
   if (no_data(data, 4))
     return 0;
-  n_points= uint4korr(data);
+  points= uint4korr(data);
   data+= 4;
 
-  if (n_points > max_n_points ||
-      no_data(data, (POINT_DATA_SIZE + offset) * n_points))
+  if (not_enough_points(data, points, offset))
     return 0;
 
   /* Calculate MBR for points */
-  while (n_points--)
+  while (points--)
   {
     data+= offset;
     mbr->add_xy(data, data + SIZEOF_STORED_DOUBLE);
@@ -485,12 +484,16 @@ const Geometry::Class_info *Gis_point::get_class_info() const
 
 uint32 Gis_line_string::get_data_size() const 
 {
-  uint32 n_points, size;
-  if (no_data(m_data, 4) ||
-      (n_points= uint4korr(m_data)) > max_n_points ||
-      no_data(m_data, (size= 4 + n_points * POINT_DATA_SIZE)))
+  uint32 n_points;
+  if (no_data(m_data, 4))
     return GET_SIZE_ERROR;
-  return size;
+
+  n_points= uint4korr(m_data);
+
+  if (not_enough_points(m_data + 4, n_points))
+    return GET_SIZE_ERROR;
+
+  return 4 + n_points * POINT_DATA_SIZE;
 }
 
 
@@ -529,9 +532,8 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len,
   const char *wkb_end;
   Gis_point p;
 
-  if (len < 4 ||
-      (n_points= wkb_get_uint(wkb, bo)) < 1 ||
-      n_points > max_n_points)
+  if (len < 4 || (n_points= wkb_get_uint(wkb, bo)) < 1 ||
+      ((len - 4) / POINT_DATA_SIZE) < n_points)
     return 0;
   proper_length= 4 + n_points * POINT_DATA_SIZE;
 
@@ -560,8 +562,8 @@ bool Gis_line_string::get_data_as_wkt(String *txt, const char **end) const
   n_points= uint4korr(data);
   data += 4;
 
-  if (n_points < 1 || n_points > max_n_points ||
-      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points) ||
+  if (n_points < 1 ||
+      not_enough_points(data, n_points) ||
       txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1)*2 + 1) * n_points))
     return 1;
 
@@ -598,8 +600,7 @@ int Gis_line_string::geom_length(double *len) const
     return 1;
   n_points= uint4korr(data);
   data+= 4;
-  if (n_points < 1 || n_points > max_n_points ||
-      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
+  if (n_points < 1 || not_enough_points(data, n_points))
     return 1;
 
   get_point(&prev_x, &prev_y, data);
@@ -633,8 +634,7 @@ int Gis_line_string::is_closed(int *closed) const
     return 0;
   }
   data+= 4;
-  if (n_points == 0 || n_points > max_n_points ||
-      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
+  if (n_points == 0 || not_enough_points(data, n_points))
     return 1;
 
   /* Get first point */
@@ -669,8 +669,7 @@ int Gis_line_string::end_point(String *result) const
   if (no_data(m_data, 4))
     return 1;
   n_points= uint4korr(m_data);
-  if (n_points == 0 || n_points > max_n_points ||
-      no_data(m_data, POINT_DATA_SIZE * n_points))
+  if (n_points == 0 || not_enough_points(m_data+4, n_points))
     return 1;
   return create_point(result, m_data + 4 + (n_points - 1) * POINT_DATA_SIZE);
 }
@@ -683,9 +682,7 @@ int Gis_line_string::point_n(uint32 num, String *result) const
     return 1;
   num--;
   n_points= uint4korr(m_data);
-  if (num >= n_points ||
-      num > max_n_points || // means (num > n_points || num < 1)
-      no_data(m_data, num * POINT_DATA_SIZE))
+  if (num >= n_points || not_enough_points(m_data+4, n_points))
     return 1;
 
   return create_point(result, m_data + 4 + num*POINT_DATA_SIZE);
@@ -713,7 +710,7 @@ uint32 Gis_polygon::get_data_size() const
   while (n_linear_rings--)
   {
     if (no_data(data, 4) ||
-        (n_points= uint4korr(data)) > max_n_points)
+        not_enough_points(data+4, n_points= uint4korr(data)))
       return GET_SIZE_ERROR;
     data+= 4 + n_points*POINT_DATA_SIZE;
   }
@@ -813,8 +810,7 @@ bool Gis_polygon::get_data_as_wkt(String *txt, const char **end) const
       return 1;
     n_points= uint4korr(data);
     data+= 4;
-    if (n_points > max_n_points ||
-        no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points) ||
+    if (not_enough_points(data, n_points) ||
 	txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
       return 1;
     txt->qs_append('(');
@@ -868,8 +864,8 @@ int Gis_polygon::area(double *ar, const char **end_of_data) const
     if (no_data(data, 4))
       return 1;
     n_points= uint4korr(data);
-    if (n_points == 0 || n_points > max_n_points ||
-        no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
+    if (n_points == 0 ||
+        not_enough_points(data, n_points))
       return 1;
     get_point(&prev_x, &prev_y, data+4);
     data+= (4+SIZEOF_STORED_DOUBLE*2);
@@ -905,8 +901,7 @@ int Gis_polygon::exterior_ring(String *result) const
   n_points= uint4korr(data);
   data+= 4;
   length= n_points * POINT_DATA_SIZE;
-  if (n_points > max_n_points ||
-      no_data(data, length) || result->reserve(1+4+4+ length))
+  if (not_enough_points(data, n_points) || result->reserve(1+4+4+ length))
     return 1;
 
   result->q_append((char) wkb_ndr);
@@ -952,7 +947,7 @@ int Gis_polygon::interior_ring_n(uint32 num, String *result) const
   n_points= uint4korr(data);
   points_size= n_points * POINT_DATA_SIZE;
   data+= 4;
-  if (no_data(data, points_size) || result->reserve(1+4+4+ points_size))
+  if (not_enough_points(data, n_points) || result->reserve(1+4+4+ points_size))
     return 1;
 
   result->q_append((char) wkb_ndr);
@@ -989,8 +984,7 @@ int Gis_polygon::centroid_xy(double *x, double *y) const
       return 1;
     org_n_points= n_points= uint4korr(data);
     data+= 4;
-    if (n_points == 0 || n_points > max_n_points ||
-        no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
+    if (n_points == 0 || not_enough_points(data, n_points))
       return 1;
     get_point(&prev_x, &prev_y, data);
     data+= (SIZEOF_STORED_DOUBLE*2);
@@ -1050,13 +1044,12 @@ const Geometry::Class_info *Gis_polygon::get_class_info() const
 uint32 Gis_multi_point::get_data_size() const 
 {
   uint32 n_points;
-  uint32 size;
 
   if (no_data(m_data, 4) ||
-      (n_points= uint4korr(m_data)) > max_n_points ||
-      no_data(m_data, (size= 4 + n_points*(POINT_DATA_SIZE + WKB_HEADER_SIZE))))
+      not_enough_points(m_data+4, (n_points= uint4korr(m_data)),
+        WKB_HEADER_SIZE))
      return GET_SIZE_ERROR;
-  return size;
+  return  4 + n_points * (POINT_DATA_SIZE + WKB_HEADER_SIZE);
 }
 
 
@@ -1124,9 +1117,7 @@ bool Gis_multi_point::get_data_as_wkt(String *txt, const char **end) const
     return 1;
 
   n_points= uint4korr(m_data);
-  if (n_points > max_n_points ||
-      no_data(m_data+4,
-	      n_points * (SIZEOF_STORED_DOUBLE * 2 + WKB_HEADER_SIZE)) ||
+  if (not_enough_points(m_data+4, n_points, WKB_HEADER_SIZE) ||
       txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
     return 1;
   *end= append_points(txt, n_points, m_data+4, WKB_HEADER_SIZE);
@@ -1189,7 +1180,8 @@ uint32 Gis_multi_line_string::get_data_size() const
   while (n_line_strings--)
   {
     if (no_data(data, WKB_HEADER_SIZE + 4) ||
-        (n_points= uint4korr(data + WKB_HEADER_SIZE)) > max_n_points)
+        not_enough_points(data + WKB_HEADER_SIZE+4,
+                          (n_points= uint4korr(data + WKB_HEADER_SIZE))))
       return GET_SIZE_ERROR;
     data+= (WKB_HEADER_SIZE + 4 + n_points*POINT_DATA_SIZE);
   }
@@ -1286,8 +1278,7 @@ bool Gis_multi_line_string::get_data_as_wkt(String *txt,
       return 1;
     n_points= uint4korr(data + WKB_HEADER_SIZE);
     data+= WKB_HEADER_SIZE + 4;
-    if (n_points > max_n_points ||
-        no_data(data, n_points * (SIZEOF_STORED_DOUBLE*2)) ||
+    if (not_enough_points(data, n_points) ||
 	txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
       return 1;
     txt->qs_append('(');
@@ -1348,7 +1339,7 @@ int Gis_multi_line_string::geometry_n(uint32 num, String *result) const
       return 1;
     n_points= uint4korr(data + WKB_HEADER_SIZE);
     length= WKB_HEADER_SIZE + 4+ POINT_DATA_SIZE * n_points;
-    if (n_points > max_n_points || no_data(data, length))
+    if (not_enough_points(data+WKB_HEADER_SIZE+4, n_points))
       return 1;
     if (!--num)
       break;
@@ -1448,7 +1439,7 @@ uint32 Gis_multi_polygon::get_data_size() const
     while (n_linear_rings--)
     {
       if (no_data(data, 4) ||
-          (n_points= uint4korr(data)) > max_n_points)
+          not_enough_points(data+4, (n_points= uint4korr(data))))
 	return GET_SIZE_ERROR;
       data+= 4 + n_points * POINT_DATA_SIZE;
     }
@@ -1552,8 +1543,7 @@ bool Gis_multi_polygon::get_data_as_wkt(String *txt, const char **end) const
         return 1;
       uint32 n_points= uint4korr(data);
       data+= 4;
-      if (n_points > max_n_points ||
-          no_data(data, (SIZEOF_STORED_DOUBLE * 2) * n_points) ||
+      if (not_enough_points(data, n_points) ||
 	  txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points,
 		       512))
 	return 1;
@@ -1636,7 +1626,7 @@ int Gis_multi_polygon::geometry_n(uint32 num, String *result) const
       if (no_data(data, 4))
 	return 1;
       n_points= uint4korr(data);
-      if (n_points > max_n_points)
+      if (not_enough_points(data + 4, n_points))
         return 1;
       data+= 4 + POINT_DATA_SIZE * n_points;
     }
diff --git a/sql/spatial.h b/sql/spatial.h
index d7632c11143..0b1b8afd35c 100644
--- a/sql/spatial.h
+++ b/sql/spatial.h
@@ -197,11 +197,6 @@ struct Geometry_buffer;
 class Geometry
 {
 public:
-  // Maximum number of points in feature that can fit into String
-  static const uint32 max_n_points=
-    (uint32) (INT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) /
-    POINT_DATA_SIZE;
-public:
   Geometry() {}                               /* Remove gcc warning */
   virtual ~Geometry() {}                        /* Remove gcc warning */
   static void *operator new(size_t size, void *buffer)
@@ -326,6 +321,25 @@ protected:
   {
     return (cur_data + data_amount > m_data_end);
   }
+
+  /**
+     Check if there're enough points remaining as requested
+
+     Need to perform the calculation in logical units, since multiplication
+     can overflow the size data type.
+
+     @arg data              pointer to the begining of the points array
+     @arg expected_points   number of points expected
+     @arg extra_point_space extra space for each point element in the array
+     @return               true if there are not enough points
+  */
+  inline bool not_enough_points(const char *data, uint32 expected_points,
+                                uint32 extra_point_space = 0) const
+  {
+    return (m_data_end < data ||
+            (expected_points > ((m_data_end - data) /
+                                (POINT_DATA_SIZE + extra_point_space))));
+  }
   const char *m_data;
   const char *m_data_end;
 };
author	Alexey Botchkov <holyfoot@askmonty.org>	2013-07-22 00:55:06 +0500
committer	Alexey Botchkov <holyfoot@askmonty.org>	2013-07-22 00:55:06 +0500
commit	9b67de47972d2d7a40f2fe7a8898e3cbef9886a7 (patch)
tree	e04260573342cc913f9222496fe2219df2a8daa9
parent	48b403cd65a680c5ea526225cad82a44779d0178 (diff)
download	mariadb-git-9b67de47972d2d7a40f2fe7a8898e3cbef9886a7.tar.gz