diff options
| author | Kristofer Pettersson <kristofer.pettersson@oracle.com> | 2010-09-07 11:37:46 +0200 |
|---|---|---|
| committer | Kristofer Pettersson <kristofer.pettersson@oracle.com> | 2010-09-07 11:37:46 +0200 |
| commit | 9a4a7cf184b40b203702043f886f9bd9c26592fd (patch) | |
| tree | 21bc0951f74623f9452b1ede5596d2abf580f8df /sql/field.cc | |
| parent | 0012d0d884b5ab8097d3b2fcda3a58dfe0ba6375 (diff) | |
| download | mariadb-git-9a4a7cf184b40b203702043f886f9bd9c26592fd.tar.gz | |
Bug#55531 crash with conversions of geometry types / strings
Convertion from a floating point number to a string caused a
crash.
During rare circumstances a String object could crash when
it was requested to allocate new memory.
A crash could occcur in Field_double::val_str() because of
a pointer referencing memory inside a String object which was
of unknown size.
And finally, the geometric collection should not accept
arguments which are non geometric.
mysql-test/r/gis.result:
* Test cases change because we intercept the error behind the
previous crashes much earlier.
sql/field.cc:
* It makes no sense to impose a lower limit on the length
and not setting a upper limit will cause crashes later.
sql/item_geofunc.h:
* Disallow for binding with field- and item types which
differ from MYSQL_TYPE_GEOMETRY types.
Diffstat (limited to 'sql/field.cc')
| -rw-r--r-- | sql/field.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/field.cc b/sql/field.cc index 619e6a780da..724f8e0af73 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -4561,7 +4561,7 @@ String *Field_double::val_str(String *val_buffer, #endif doubleget(nr,ptr); - uint to_length=max(field_length, DOUBLE_TO_STRING_CONVERSION_BUFFER_SIZE); + uint to_length= DOUBLE_TO_STRING_CONVERSION_BUFFER_SIZE; val_buffer->alloc(to_length); char *to=(char*) val_buffer->ptr(); |