Commit 5caea4a9 authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#55531 crash with conversions of geometry types / strings

Convertion from a floating point number to a string caused a
crash.

During rare circumstances a String object could crash when
it was requested to allocate new memory.
A crash could occcur in Field_double::val_str() because of
a pointer referencing memory inside a String object which was
of unknown size.
And finally, the geometric collection should not accept
arguments which are non geometric.
parent 947c7f30
...@@ -707,10 +707,7 @@ numgeometries(b) IS NULL, numinteriorrings(b) IS NULL, numpoints(b) IS NULL, ...@@ -707,10 +707,7 @@ numgeometries(b) IS NULL, numinteriorrings(b) IS NULL, numpoints(b) IS NULL,
area(b) IS NULL, glength(b) IS NULL, srid(b) IS NULL, x(b) IS NULL, area(b) IS NULL, glength(b) IS NULL, srid(b) IS NULL, x(b) IS NULL,
y(b) IS NULL y(b) IS NULL
from t1; from t1;
geometryfromtext(b) IS NULL geometryfromwkb(b) IS NULL astext(b) IS NULL aswkb(b) IS NULL geometrytype(b) IS NULL centroid(b) IS NULL envelope(b) IS NULL startpoint(b) IS NULL endpoint(b) IS NULL exteriorring(b) IS NULL pointn(b, 1) IS NULL geometryn(b, 1) IS NULL interiorringn(b, 1) IS NULL multipoint(b) IS NULL isempty(b) IS NULL issimple(b) IS NULL isclosed(b) IS NULL dimension(b) IS NULL numgeometries(b) IS NULL numinteriorrings(b) IS NULL numpoints(b) IS NULL area(b) IS NULL glength(b) IS NULL srid(b) IS NULL x(b) IS NULL y(b) IS NULL ERROR 22007: Illegal non geometric '' value found during parsing
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
select select
within(b, b) IS NULL, contains(b, b) IS NULL, overlaps(b, b) IS NULL, within(b, b) IS NULL, contains(b, b) IS NULL, overlaps(b, b) IS NULL,
equals(b, b) IS NULL, disjoint(b, b) IS NULL, touches(b, b) IS NULL, equals(b, b) IS NULL, disjoint(b, b) IS NULL, touches(b, b) IS NULL,
...@@ -725,10 +722,7 @@ point(b, b) IS NULL, linestring(b) IS NULL, polygon(b) IS NULL, multipoint(b) IS ...@@ -725,10 +722,7 @@ point(b, b) IS NULL, linestring(b) IS NULL, polygon(b) IS NULL, multipoint(b) IS
multilinestring(b) IS NULL, multipolygon(b) IS NULL, multilinestring(b) IS NULL, multipolygon(b) IS NULL,
geometrycollection(b) IS NULL geometrycollection(b) IS NULL
from t1; from t1;
point(b, b) IS NULL linestring(b) IS NULL polygon(b) IS NULL multipoint(b) IS NULL multilinestring(b) IS NULL multipolygon(b) IS NULL geometrycollection(b) IS NULL ERROR 22007: Illegal non geometric '' value found during parsing
0 1 1 1 1 1 1
1 1 1 1 1 1 1
0 1 1 1 1 1 1
drop table t1; drop table t1;
CREATE TABLE t1(a POINT) ENGINE=MyISAM; CREATE TABLE t1(a POINT) ENGINE=MyISAM;
INSERT INTO t1 VALUES (NULL); INSERT INTO t1 VALUES (NULL);
...@@ -1010,51 +1004,7 @@ f5 datetime YES NULL ...@@ -1010,51 +1004,7 @@ f5 datetime YES NULL
drop view v1; drop view v1;
drop table t1; drop table t1;
SELECT MultiPoint(12345,''); SELECT MultiPoint(12345,'');
MultiPoint(12345,'') ERROR 22007: Illegal non geometric '12345' value found during parsing
NULL SELECT 1 FROM (SELECT GREATEST(1,GEOMETRYCOLLECTION('00000','00000')) b FROM DUAL) AS d WHERE (LINESTRING(d.b));
SELECT MultiPoint(123451,''); ERROR 22007: Illegal non geometric '' value found during parsing
MultiPoint(123451,'')
NULL
SELECT MultiPoint(1234512,'');
MultiPoint(1234512,'')
NULL
SELECT MultiPoint(12345123,'');
MultiPoint(12345123,'')
NULL
SELECT MultiLineString(12345,'');
MultiLineString(12345,'')
NULL
SELECT MultiLineString(123451,'');
MultiLineString(123451,'')
NULL
SELECT MultiLineString(1234512,'');
MultiLineString(1234512,'')
NULL
SELECT MultiLineString(12345123,'');
MultiLineString(12345123,'')
NULL
SELECT LineString(12345,'');
LineString(12345,'')
NULL
SELECT LineString(123451,'');
LineString(123451,'')
NULL
SELECT LineString(1234512,'');
LineString(1234512,'')
NULL
SELECT LineString(12345123,'');
LineString(12345123,'')
NULL
SELECT Polygon(12345,'');
Polygon(12345,'')
NULL
SELECT Polygon(123451,'');
Polygon(123451,'')
NULL
SELECT Polygon(1234512,'');
Polygon(1234512,'')
NULL
SELECT Polygon(12345123,'');
Polygon(12345123,'')
NULL
End of 5.1 tests End of 5.1 tests
...@@ -401,6 +401,7 @@ create table t1 (a int, b blob); ...@@ -401,6 +401,7 @@ create table t1 (a int, b blob);
insert into t1 values (1, ''), (2, NULL), (3, '1'); insert into t1 values (1, ''), (2, NULL), (3, '1');
select * from t1; select * from t1;
--error ER_ILLEGAL_VALUE_FOR_TYPE
select select
geometryfromtext(b) IS NULL, geometryfromwkb(b) IS NULL, astext(b) IS NULL, geometryfromtext(b) IS NULL, geometryfromwkb(b) IS NULL, astext(b) IS NULL,
aswkb(b) IS NULL, geometrytype(b) IS NULL, centroid(b) IS NULL, aswkb(b) IS NULL, geometrytype(b) IS NULL, centroid(b) IS NULL,
...@@ -419,6 +420,7 @@ select ...@@ -419,6 +420,7 @@ select
intersects(b, b) IS NULL, crosses(b, b) IS NULL intersects(b, b) IS NULL, crosses(b, b) IS NULL
from t1; from t1;
--error ER_ILLEGAL_VALUE_FOR_TYPE
select select
point(b, b) IS NULL, linestring(b) IS NULL, polygon(b) IS NULL, multipoint(b) IS NULL, point(b, b) IS NULL, linestring(b) IS NULL, polygon(b) IS NULL, multipoint(b) IS NULL,
multilinestring(b) IS NULL, multipolygon(b) IS NULL, multilinestring(b) IS NULL, multipolygon(b) IS NULL,
...@@ -702,24 +704,34 @@ drop table t1; ...@@ -702,24 +704,34 @@ drop table t1;
# Bug#44684: valgrind reports invalid reads in # Bug#44684: valgrind reports invalid reads in
# Item_func_spatial_collection::val_str # Item_func_spatial_collection::val_str
# #
--error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT MultiPoint(12345,''); SELECT MultiPoint(12345,'');
SELECT MultiPoint(123451,''); #SELECT MultiPoint(123451,'');
SELECT MultiPoint(1234512,''); #SELECT MultiPoint(1234512,'');
SELECT MultiPoint(12345123,''); #SELECT MultiPoint(12345123,'');
SELECT MultiLineString(12345,''); --error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT MultiLineString(123451,''); #SELECT MultiLineString(12345,'');
SELECT MultiLineString(1234512,''); #SELECT MultiLineString(123451,'');
SELECT MultiLineString(12345123,''); #SELECT MultiLineString(1234512,'');
#SELECT MultiLineString(12345123,'');
SELECT LineString(12345,'');
SELECT LineString(123451,''); --error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT LineString(1234512,''); #SELECT LineString(12345,'');
SELECT LineString(12345123,''); #SELECT LineString(123451,'');
#SELECT LineString(1234512,'');
SELECT Polygon(12345,''); #SELECT LineString(12345123,'');
SELECT Polygon(123451,'');
SELECT Polygon(1234512,''); --error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT Polygon(12345123,''); #SELECT Polygon(12345,'');
#SELECT Polygon(123451,'');
#SELECT Polygon(1234512,'');
#SELECT Polygon(12345123,'');
#
# Bug55531 crash with conversions of geometry types / strings
#
--error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT 1 FROM (SELECT GREATEST(1,GEOMETRYCOLLECTION('00000','00000')) b FROM DUAL) AS d WHERE (LINESTRING(d.b));
--echo End of 5.1 tests --echo End of 5.1 tests
...@@ -4561,7 +4561,7 @@ String *Field_double::val_str(String *val_buffer, ...@@ -4561,7 +4561,7 @@ String *Field_double::val_str(String *val_buffer,
#endif #endif
doubleget(nr,ptr); doubleget(nr,ptr);
uint to_length=max(field_length, DOUBLE_TO_STRING_CONVERSION_BUFFER_SIZE); uint to_length= DOUBLE_TO_STRING_CONVERSION_BUFFER_SIZE;
val_buffer->alloc(to_length); val_buffer->alloc(to_length);
char *to=(char*) val_buffer->ptr(); char *to=(char*) val_buffer->ptr();
......
...@@ -175,6 +175,19 @@ class Item_func_spatial_collection: public Item_geometry_func ...@@ -175,6 +175,19 @@ class Item_func_spatial_collection: public Item_geometry_func
item_type=it; item_type=it;
} }
String *val_str(String *); String *val_str(String *);
void fix_length_and_dec()
{
for( unsigned int i=0; i<arg_count; ++i)
{
if( args[i]->fixed && args[i]->field_type() != MYSQL_TYPE_GEOMETRY)
{
String str;
args[i]->val_str(&str);
my_error(ER_ILLEGAL_VALUE_FOR_TYPE,MYF(0),"non geometric",str.c_ptr());
}
}
}
const char *func_name() const { return "multipoint"; } const char *func_name() const { return "multipoint"; }
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment