summaryrefslogtreecommitdiff
path: root/sql/spatial.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sql/spatial.cc')
-rw-r--r--sql/spatial.cc99
1 files changed, 67 insertions, 32 deletions
diff --git a/sql/spatial.cc b/sql/spatial.cc
index 267e038c5b8..2359f4fa271 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -312,6 +312,9 @@ bool Geometry::envelope(String *result) const
const char *end;
if (get_mbr(&mbr, &end))
+ return 1;
+
+ if (!mbr.valid())
{
/* Empty geometry */
if (result->reserve(1 + 4*2))
@@ -444,18 +447,19 @@ const char *Geometry::append_points(String *txt, uint32 n_points,
const char *Geometry::get_mbr_for_points(MBR *mbr, const char *data,
uint offset) const
{
- uint32 points;
+ uint32 n_points;
/* read number of points */
if (no_data(data, 4))
return 0;
- points= uint4korr(data);
+ n_points= uint4korr(data);
data+= 4;
- if (no_data(data, (POINT_DATA_SIZE + offset) * points))
+ if (n_points > max_n_points ||
+ no_data(data, (POINT_DATA_SIZE + offset) * n_points))
return 0;
/* Calculate MBR for points */
- while (points--)
+ while (n_points--)
{
data+= offset;
mbr->add_xy(data, data + SIZEOF_STORED_DOUBLE);
@@ -559,9 +563,12 @@ const Geometry::Class_info *Gis_point::get_class_info() const
uint32 Gis_line_string::get_data_size() const
{
- if (no_data(m_data, 4))
+ uint32 n_points, size;
+ if (no_data(m_data, 4) ||
+ (n_points= uint4korr(m_data)) > max_n_points ||
+ no_data(m_data, (size= 4 + n_points * POINT_DATA_SIZE)))
return GET_SIZE_ERROR;
- return 4 + uint4korr(m_data) * POINT_DATA_SIZE;
+ return size;
}
@@ -754,6 +761,9 @@ int Gis_line_string::end_point(String *result) const
if (no_data(m_data, 4))
return 1;
n_points= uint4korr(m_data);
+ if (n_points == 0 || n_points > max_n_points ||
+ no_data(m_data, POINT_DATA_SIZE * n_points))
+ return 1;
return create_point(result, m_data + 4 + (n_points - 1) * POINT_DATA_SIZE);
}
@@ -763,11 +773,14 @@ int Gis_line_string::point_n(uint32 num, String *result) const
uint32 n_points;
if (no_data(m_data, 4))
return 1;
+ num--;
n_points= uint4korr(m_data);
- if ((uint32) (num - 1) >= n_points) // means (num > n_points || num < 1)
+ if (num >= n_points ||
+ num > max_n_points || // means (num > n_points || num < 1)
+ no_data(m_data, num * POINT_DATA_SIZE))
return 1;
- return create_point(result, m_data + 4 + (num - 1) * POINT_DATA_SIZE);
+ return create_point(result, m_data + 4 + num*POINT_DATA_SIZE);
}
@@ -817,6 +830,7 @@ const Geometry::Class_info *Gis_line_string::get_class_info() const
uint32 Gis_polygon::get_data_size() const
{
uint32 n_linear_rings;
+ uint32 n_points;
const char *data= m_data;
if (no_data(data, 4))
@@ -826,10 +840,13 @@ uint32 Gis_polygon::get_data_size() const
while (n_linear_rings--)
{
- if (no_data(data, 4))
+ if (no_data(data, 4) ||
+ (n_points= uint4korr(data)) > max_n_points)
return GET_SIZE_ERROR;
- data+= 4 + uint4korr(data)*POINT_DATA_SIZE;
+ data+= 4 + n_points*POINT_DATA_SIZE;
}
+ if (no_data(data, 0))
+ return GET_SIZE_ERROR;
return (uint32) (data - m_data);
}
@@ -1022,7 +1039,8 @@ int Gis_polygon::area(double *ar, const char **end_of_data) const
if (no_data(data, 4))
return 1;
n_points= uint4korr(data);
- if (n_points > max_n_points || no_data(data, POINT_DATA_SIZE * n_points))
+ if (n_points == 0 || n_points > max_n_points ||
+ no_data(data, POINT_DATA_SIZE * n_points))
return 1;
get_point(&prev_x, &prev_y, data+4);
data+= (4+POINT_DATA_SIZE);
@@ -1126,13 +1144,11 @@ int Gis_polygon::centroid_xy(double *x, double *y) const
const char *data= m_data;
bool first_loop= 1;
- if (no_data(data, 4))
+ if (no_data(data, 4) ||
+ (n_linear_rings= uint4korr(data)) == 0)
return 1;
- n_linear_rings= uint4korr(data);
data+= 4;
- DBUG_ASSERT(n_linear_rings > 0);
-
while (n_linear_rings--)
{
uint32 n_points, org_n_points;
@@ -1145,7 +1161,8 @@ int Gis_polygon::centroid_xy(double *x, double *y) const
return 1;
org_n_points= n_points= uint4korr(data);
data+= 4;
- if (n_points > max_n_points || no_data(data, POINT_DATA_SIZE * n_points))
+ if (n_points == 0 || n_points > max_n_points ||
+ no_data(data, POINT_DATA_SIZE * n_points))
return 1;
get_point(&prev_x, &prev_y, data);
data+= POINT_DATA_SIZE;
@@ -1273,9 +1290,14 @@ const Geometry::Class_info *Gis_polygon::get_class_info() const
uint32 Gis_multi_point::get_data_size() const
{
- if (no_data(m_data, 4))
- return GET_SIZE_ERROR;
- return 4 + uint4korr(m_data)*(POINT_DATA_SIZE + WKB_HEADER_SIZE);
+ uint32 n_points;
+ uint32 size;
+
+ if (no_data(m_data, 4) ||
+ (n_points= uint4korr(m_data)) > max_n_points ||
+ no_data(m_data, (size= 4 + n_points*(POINT_DATA_SIZE + WKB_HEADER_SIZE))))
+ return GET_SIZE_ERROR;
+ return size;
}
@@ -1369,8 +1391,8 @@ bool Gis_multi_point::get_data_as_wkt(String *txt, const char **end) const
return 1;
n_points= uint4korr(m_data);
- if (no_data(m_data+4,
- n_points * (POINT_DATA_SIZE + WKB_HEADER_SIZE)) ||
+ if (n_points > max_n_points ||
+ no_data(m_data+4, n_points * (POINT_DATA_SIZE + WKB_HEADER_SIZE)) ||
txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
return 1;
*end= append_points(txt, n_points, m_data+4, WKB_HEADER_SIZE);
@@ -1451,6 +1473,7 @@ const Geometry::Class_info *Gis_multi_point::get_class_info() const
uint32 Gis_multi_line_string::get_data_size() const
{
uint32 n_line_strings;
+ uint32 n_points;
const char *data= m_data;
if (no_data(data, 4))
@@ -1460,11 +1483,13 @@ uint32 Gis_multi_line_string::get_data_size() const
while (n_line_strings--)
{
- if (no_data(data, WKB_HEADER_SIZE + 4))
+ if (no_data(data, WKB_HEADER_SIZE + 4) ||
+ (n_points= uint4korr(data + WKB_HEADER_SIZE)) > max_n_points)
return GET_SIZE_ERROR;
- data+= (WKB_HEADER_SIZE + 4 + uint4korr(data + WKB_HEADER_SIZE) *
- POINT_DATA_SIZE);
+ data+= (WKB_HEADER_SIZE + 4 + n_points*POINT_DATA_SIZE);
}
+ if (no_data(data, 0))
+ return GET_SIZE_ERROR;
return (uint32) (data - m_data);
}
@@ -1649,7 +1674,7 @@ int Gis_multi_line_string::geometry_n(uint32 num, String *result) const
return 1;
n_points= uint4korr(data + WKB_HEADER_SIZE);
length= WKB_HEADER_SIZE + 4+ POINT_DATA_SIZE * n_points;
- if (no_data(data, length))
+ if (n_points > max_n_points || no_data(data, length))
return 1;
if (!--num)
break;
@@ -1760,6 +1785,7 @@ const Geometry::Class_info *Gis_multi_line_string::get_class_info() const
uint32 Gis_multi_polygon::get_data_size() const
{
uint32 n_polygons;
+ uint32 n_points;
const char *data= m_data;
if (no_data(data, 4))
@@ -1778,11 +1804,14 @@ uint32 Gis_multi_polygon::get_data_size() const
while (n_linear_rings--)
{
- if (no_data(data, 4))
+ if (no_data(data, 4) ||
+ (n_points= uint4korr(data)) > max_n_points)
return GET_SIZE_ERROR;
- data+= 4 + uint4korr(data) * POINT_DATA_SIZE;
+ data+= 4 + n_points * POINT_DATA_SIZE;
}
}
+ if (no_data(data, 0))
+ return GET_SIZE_ERROR;
return (uint32) (data - m_data);
}
@@ -2325,7 +2354,7 @@ bool Gis_geometry_collection::get_mbr(MBR *mbr, const char **end) const
n_objects= uint4korr(data);
data+= 4;
if (n_objects == 0)
- return 1;
+ goto exit;
while (n_objects--)
{
@@ -2342,6 +2371,7 @@ bool Gis_geometry_collection::get_mbr(MBR *mbr, const char **end) const
if (geom->get_mbr(mbr, &data))
return 1;
}
+exit:
*end= data;
return 0;
}
@@ -2359,10 +2389,11 @@ int Gis_geometry_collection::area(double *ar, const char **end) const
return 1;
n_objects= uint4korr(data);
data+= 4;
- if (n_objects == 0)
- return 1;
result= 0.0;
+ if (n_objects == 0)
+ goto exit;
+
while (n_objects--)
{
uint32 wkb_type;
@@ -2379,6 +2410,7 @@ int Gis_geometry_collection::area(double *ar, const char **end) const
return 1;
result+= *ar;
}
+exit:
*end= data;
*ar= result;
return 0;
@@ -2397,10 +2429,11 @@ int Gis_geometry_collection::geom_length(double *len, const char **end) const
return 1;
n_objects= uint4korr(data);
data+= 4;
+ result= 0.0;
+
if (n_objects == 0)
- return 1;
+ goto exit;
- result= 0.0;
while (n_objects--)
{
uint32 wkb_type;
@@ -2417,6 +2450,8 @@ int Gis_geometry_collection::geom_length(double *len, const char **end) const
return 1;
result+= *len;
}
+
+exit:
*end= data;
*len= result;
return 0;