diff options
| author | Ramil Kalimullin <ramil@mysql.com> | 2011-03-21 09:21:14 +0300 |
|---|---|---|
| committer | Ramil Kalimullin <ramil@mysql.com> | 2011-03-21 09:21:14 +0300 |
| commit | 1077c85fe3450b2a3ae73f7f01cdaf097417f998 (patch) | |
| tree | 6b1dd84f127f10fb5f814b21833a5eb4b8e0671f | |
| parent | 3e97851eb6569a113a9d6e888af7dcbf5eb65082 (diff) | |
| download | mariadb-git-1077c85fe3450b2a3ae73f7f01cdaf097417f998.tar.gz | |
Fix for bug#51875/#11759554 backported from mysql-5.1.
| -rw-r--r-- | mysql-test/r/gis.result | 7 | ||||
| -rw-r--r-- | mysql-test/t/gis.test | 10 | ||||
| -rw-r--r-- | sql/spatial.cc | 6 |
3 files changed, 21 insertions, 2 deletions
diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result index 158fdb69c10..a3b4e8a1783 100644 --- a/mysql-test/r/gis.result +++ b/mysql-test/r/gis.result @@ -996,4 +996,11 @@ ERROR 42000: You have an error in your SQL syntax; check the manual that corresp ALTER TABLE t2 ADD SPATIAL INDEX USING BTREE (col1); ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE (col1)' at line 1 DROP TABLE t2; +# +# BUG#51875: crash when loading data into geometry function polyfromwkb +# +SET @a=0x00000000030000000100000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440; +SET @a=POLYFROMWKB(@a); +SET @a=0x00000000030000000000000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440; +SET @a=POLYFROMWKB(@a); End of 5.0 tests diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test index d2bfe7d90d4..8abd2fc2da9 100644 --- a/mysql-test/t/gis.test +++ b/mysql-test/t/gis.test @@ -685,4 +685,14 @@ ALTER TABLE t2 ADD SPATIAL INDEX USING BTREE (col1); DROP TABLE t2; + +--echo # +--echo # BUG#51875: crash when loading data into geometry function polyfromwkb +--echo # +SET @a=0x00000000030000000100000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440; +SET @a=POLYFROMWKB(@a); +SET @a=0x00000000030000000000000000000000000000000000144000000000000014400000000000001840000000000000184000000000000014400000000000001440; +SET @a=POLYFROMWKB(@a); + + --echo End of 5.0 tests diff --git a/sql/spatial.cc b/sql/spatial.cc index 6e1da589527..b0963206271 100644 --- a/sql/spatial.cc +++ b/sql/spatial.cc @@ -519,7 +519,7 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len, n_points= wkb_get_uint(wkb, bo); proper_length= 4 + n_points * POINT_DATA_SIZE; - if (len < proper_length || res->reserve(proper_length)) + if (!n_points || len < proper_length || res->reserve(proper_length)) return 0; res->q_append(n_points); @@ -737,7 +737,9 @@ uint Gis_polygon::init_from_wkb(const char *wkb, uint len, wkbByteOrder bo, if (len < 4) return 0; - n_linear_rings= wkb_get_uint(wkb, bo); + if (!(n_linear_rings= wkb_get_uint(wkb, bo))) + return 0; + if (res->reserve(4, 512)) return 0; wkb+= 4; |