From 1077c85fe3450b2a3ae73f7f01cdaf097417f998 Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil@mysql.com>
Date: Mon, 21 Mar 2011 09:21:14 +0300
Subject: Fix for bug#51875/#11759554 backported from mysql-5.1.

---
 sql/spatial.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'sql')

diff --git a/sql/spatial.cc b/sql/spatial.cc
index 6e1da589527..b0963206271 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -519,7 +519,7 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len,
   n_points= wkb_get_uint(wkb, bo);
   proper_length= 4 + n_points * POINT_DATA_SIZE;
 
-  if (len < proper_length || res->reserve(proper_length))
+  if (!n_points || len < proper_length || res->reserve(proper_length))
     return 0;
 
   res->q_append(n_points);
@@ -737,7 +737,9 @@ uint Gis_polygon::init_from_wkb(const char *wkb, uint len, wkbByteOrder bo,
   if (len < 4)
     return 0;
 
-  n_linear_rings= wkb_get_uint(wkb, bo);
+  if (!(n_linear_rings= wkb_get_uint(wkb, bo)))
+    return 0;
+
   if (res->reserve(4, 512))
     return 0;
   wkb+= 4;
-- 
cgit v1.2.1