BUG#51877 - HANDLER interface causes invalid memory read

Invalid memory read if HANDLER ... READ NEXT is executed
after failed (e.g. empty table) HANDLER ... READ FIRST.

The problem was that we attempted to perform READ NEXT,
whereas there is no pivot available from failed READ FIRST.

With this fix READ NEXT after failed READ FIRST equals
to READ FIRST.

This bug affects MyISAM tables only.

mysql-test/r/gis-rtree.result:
  Restore a test case for BUG51357.
mysql-test/r/handler_myisam.result:
  A test case for BUG#51877.
mysql-test/t/gis-rtree.test:
  Restore a test case for BUG51357.
mysql-test/t/handler_myisam.test:
  A test case for BUG#51877.
storage/myisam/mi_rnext.c:
  "search first" failed. This means we have no pivot for
  "search next", or in other words MI_INFO::lastkey is
  likely uninitialized.
  
  Normally SQL layer would never request "search next" if
  "search first" failed. But HANDLER may do anything.
  
  As mi_rnext() without preceeding mi_rkey()/mi_rfirst()
  equals to mi_rfirst(), we must restore original state
  as if failing mi_rfirst() was not called.

1 files changed, 7 insertions, 0 deletions

diff --git a/mysql-test/r/gis-rtree.result b/mysql-test/r/gis-rtree.result
index 58c603673df..eb9c350f589 100644
--- a/mysql-test/r/gis-rtree.result
+++ b/mysql-test/r/gis-rtree.result
@@ -1540,5 +1540,12 @@ a
 HANDLER t1 READ a LAST;
 a
 HANDLER t1 CLOSE;
+HANDLER t1 OPEN;
+HANDLER t1 READ a FIRST;
+a
+INSERT INTO t1 VALUES (GeomFromText('Polygon((40 40,60 40,60 60,40 60,40 40))'));
+# should not crash
+HANDLER t1 READ a NEXT;
+HANDLER t1 CLOSE;
 DROP TABLE t1;
 End of 5.0 tests.