Commit f7b9700a authored by MySQL Build Team's avatar MySQL Build Team

Backport into mysql-5.1.34sp1-release

> ------------------------------------------------------------
> revno: 1810.3885.1
> revision-id: holyfoot@mysql.com-20090428094726-i4j7z985mxr43jym
> parent: gshchepa@mysql.com-20090428001913-plzojd1pwplior44
> committer: Alexey Botchkov <holyfoot@mysql.com>
> branch nick: 50mrg
> timestamp: Tue 2009-04-28 14:47:26 +0500
> message:
>   Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash 
>      the Point() and Linestring() functions create WKB representation of an
>      object instead of an real geometry object.
>      That produced bugs when these were inserted into tables.
>   
>      GIS tests fixed accordingly.
>               
>   per-file messages:
>     mysql-test/r/gis-rtree.result
>   Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash 
>       test result
>     mysql-test/r/gis.result
>   Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash 
>       test result
>     mysql-test/t/gis-rtree.test
>   Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash 
>       test fixed - GeomFromWKB invocations removed
>     mysql-test/t/gis.test
>   Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash 
>       test fixed - AsWKB invocations added
>     sql/item_geofunc.cc
>   Bug#38990 Arbitrary data input plus GIS functions causes mysql server crash 
>        Point() and similar functions to create a proper object
parent 0e531e8b
This diff is collapsed.
......@@ -47,26 +47,26 @@ INSERT INTO gis_point VALUES
INSERT INTO gis_line VALUES
(105, LineFromText('LINESTRING(0 0,0 10,10 0)')),
(106, LineStringFromText('LINESTRING(10 10,20 10,20 20,10 20,10 10)')),
(107, LineStringFromWKB(LineString(Point(10, 10), Point(40, 10))));
(107, LineStringFromWKB(AsWKB(LineString(Point(10, 10), Point(40, 10)))));
INSERT INTO gis_polygon VALUES
(108, PolygonFromText('POLYGON((10 10,20 10,20 20,10 20,10 10))')),
(109, PolyFromText('POLYGON((0 0,50 0,50 50,0 50,0 0), (10 10,20 10,20 20,10 20,10 10))')),
(110, PolyFromWKB(Polygon(LineString(Point(0, 0), Point(30, 0), Point(30, 30), Point(0, 0)))));
(110, PolyFromWKB(AsWKB(Polygon(LineString(Point(0, 0), Point(30, 0), Point(30, 30), Point(0, 0))))));
INSERT INTO gis_multi_point VALUES
(111, MultiPointFromText('MULTIPOINT(0 0,10 10,10 20,20 20)')),
(112, MPointFromText('MULTIPOINT(1 1,11 11,11 21,21 21)')),
(113, MPointFromWKB(MultiPoint(Point(3, 6), Point(4, 10))));
(113, MPointFromWKB(AsWKB(MultiPoint(Point(3, 6), Point(4, 10)))));
INSERT INTO gis_multi_line VALUES
(114, MultiLineStringFromText('MULTILINESTRING((10 48,10 21,10 0),(16 0,16 23,16 48))')),
(115, MLineFromText('MULTILINESTRING((10 48,10 21,10 0))')),
(116, MLineFromWKB(MultiLineString(LineString(Point(1, 2), Point(3, 5)), LineString(Point(2, 5), Point(5, 8), Point(21, 7)))));
(116, MLineFromWKB(AsWKB(MultiLineString(LineString(Point(1, 2), Point(3, 5)), LineString(Point(2, 5), Point(5, 8), Point(21, 7))))));
INSERT INTO gis_multi_polygon VALUES
(117, MultiPolygonFromText('MULTIPOLYGON(((28 26,28 0,84 0,84 42,28 26),(52 18,66 23,73 9,48 6,52 18)),((59 18,67 18,67 13,59 13,59 18)))')),
(118, MPolyFromText('MULTIPOLYGON(((28 26,28 0,84 0,84 42,28 26),(52 18,66 23,73 9,48 6,52 18)),((59 18,67 18,67 13,59 13,59 18)))')),
(119, MPolyFromWKB(MultiPolygon(Polygon(LineString(Point(0, 3), Point(3, 3), Point(3, 0), Point(0, 3))))));
(119, MPolyFromWKB(AsWKB(MultiPolygon(Polygon(LineString(Point(0, 3), Point(3, 3), Point(3, 0), Point(0, 3)))))));
INSERT INTO gis_geometrycollection VALUES
(120, GeomCollFromText('GEOMETRYCOLLECTION(POINT(0 0), LINESTRING(0 0,10 10))')),
(121, GeometryFromWKB(GeometryCollection(Point(44, 6), LineString(Point(3, 6), Point(7, 9)))));
(121, GeometryFromWKB(AsWKB(GeometryCollection(Point(44, 6), LineString(Point(3, 6), Point(7, 9))))));
INSERT into gis_geometry SELECT * FROM gis_point;
INSERT into gis_geometry SELECT * FROM gis_line;
INSERT into gis_geometry SELECT * FROM gis_polygon;
......
......@@ -41,7 +41,7 @@ while ($1)
let $2=10;
while ($2)
{
eval INSERT INTO t2 (g) VALUES (GeometryFromWKB(LineString(Point($1 * 10 - 9, $2 * 10 - 9), Point($1 * 10, $2 * 10))));
eval INSERT INTO t2 (g) VALUES (LineString(Point($1 * 10 - 9, $2 * 10 - 9), Point($1 * 10, $2 * 10)));
dec $2;
}
dec $1;
......@@ -61,7 +61,7 @@ while ($1)
let $2=10;
while ($2)
{
eval DELETE FROM t2 WHERE Within(g, Envelope(GeometryFromWKB(LineString(Point($1 * 10 - 9, $2 * 10 - 9), Point($1 * 10, $2 * 10)))));
eval DELETE FROM t2 WHERE Within(g, Envelope(GeometryFromWKB(Point($1 * 10 - 9, $2 * 10 - 9), Point($1 * 10, $2 * 10))));
SELECT count(*) FROM t2;
dec $2;
}
......@@ -235,11 +235,11 @@ DROP TABLE t1;
# Bug #21888: Query on GEOMETRY field using PointFromWKB() results in lost connection
#
CREATE TABLE t1 (foo GEOMETRY NOT NULL, SPATIAL INDEX(foo) );
INSERT INTO t1 (foo) VALUES (PointFromWKB(POINT(1,1)));
INSERT INTO t1 (foo) VALUES (PointFromWKB(POINT(1,0)));
INSERT INTO t1 (foo) VALUES (PointFromWKB(POINT(0,1)));
INSERT INTO t1 (foo) VALUES (PointFromWKB(POINT(0,0)));
SELECT 1 FROM t1 WHERE foo != PointFromWKB(POINT(0,0));
INSERT INTO t1 (foo) VALUES (POINT(1,1));
INSERT INTO t1 (foo) VALUES (POINT(1,0));
INSERT INTO t1 (foo) VALUES (POINT(0,1));
INSERT INTO t1 (foo) VALUES (POINT(0,0));
SELECT 1 FROM t1 WHERE foo != POINT(0,0);
DROP TABLE t1;
#
......@@ -802,35 +802,35 @@ DROP TABLE t1;
#
create table t1 (a geometry not null, spatial index(a));
insert into t1 values (PointFromWKB(POINT(1.1517219314031e+164, 131072)));
insert into t1 values (PointFromWKB(POINT(9.1248812352444e+192, 2.9740338169556e+284)));
insert into t1 values (PointFromWKB(POINT(4.7783097267365e-299, -0)));
insert into t1 values (PointFromWKB(POINT(1.49166814624e-154, 2.0880974297595e-53)));
insert into t1 values (PointFromWKB(POINT(4.0917382598702e+149, 1.2024538023802e+111)));
insert into t1 values (PointFromWKB(POINT(2.0349165139404e+236, 2.9993936277913e-241)));
insert into t1 values (PointFromWKB(POINT(2.5243548967072e-29, 1.2024538023802e+111)));
insert into t1 values (PointFromWKB(POINT(0, 6.9835074892995e-251)));
insert into t1 values (PointFromWKB(POINT(2.0880974297595e-53, 3.1050361846014e+231)));
insert into t1 values (PointFromWKB(POINT(2.8728483499323e-188, 2.4600631144627e+260)));
insert into t1 values (PointFromWKB(POINT(3.0517578125e-05, 2.0349165139404e+236)));
insert into t1 values (PointFromWKB(POINT(1.1517219314031e+164, 1.1818212630766e-125)));
insert into t1 values (PointFromWKB(POINT(2.481040258324e-265, 5.7766220027675e-275)));
insert into t1 values (PointFromWKB(POINT(2.0880974297595e-53, 2.5243548967072e-29)));
insert into t1 values (PointFromWKB(POINT(5.7766220027675e-275, 9.9464647281957e+86)));
insert into t1 values (PointFromWKB(POINT(2.2181357552967e+130, 3.7857669957337e-270)));
insert into t1 values (PointFromWKB(POINT(4.5767114681874e-246, 3.6893488147419e+19)));
insert into t1 values (PointFromWKB(POINT(4.5767114681874e-246, 3.7537584144024e+255)));
insert into t1 values (PointFromWKB(POINT(3.7857669957337e-270, 1.8033161362863e-130)));
insert into t1 values (PointFromWKB(POINT(0, 5.8774717541114e-39)));
insert into t1 values (PointFromWKB(POINT(1.1517219314031e+164, 2.2761049594727e-159)));
insert into t1 values (PointFromWKB(POINT(6.243497100632e+144, 3.7857669957337e-270)));
insert into t1 values (PointFromWKB(POINT(3.7857669957337e-270, 2.6355494858076e-82)));
insert into t1 values (PointFromWKB(POINT(2.0349165139404e+236, 3.8518598887745e-34)));
insert into t1 values (PointFromWKB(POINT(4.6566128730774e-10, 2.0880974297595e-53)));
insert into t1 values (PointFromWKB(POINT(2.0880974297595e-53, 1.8827498946116e-183)));
insert into t1 values (PointFromWKB(POINT(1.8033161362863e-130, 9.1248812352444e+192)));
insert into t1 values (PointFromWKB(POINT(4.7783097267365e-299, 2.2761049594727e-159)));
insert into t1 values (PointFromWKB(POINT(1.94906280228e+289, 1.2338789709327e-178)));
insert into t1 values (POINT(1.1517219314031e+164, 131072));
insert into t1 values (POINT(9.1248812352444e+192, 2.9740338169556e+284));
insert into t1 values (POINT(4.7783097267365e-299, -0));
insert into t1 values (POINT(1.49166814624e-154, 2.0880974297595e-53));
insert into t1 values (POINT(4.0917382598702e+149, 1.2024538023802e+111));
insert into t1 values (POINT(2.0349165139404e+236, 2.9993936277913e-241));
insert into t1 values (POINT(2.5243548967072e-29, 1.2024538023802e+111));
insert into t1 values (POINT(0, 6.9835074892995e-251));
insert into t1 values (POINT(2.0880974297595e-53, 3.1050361846014e+231));
insert into t1 values (POINT(2.8728483499323e-188, 2.4600631144627e+260));
insert into t1 values (POINT(3.0517578125e-05, 2.0349165139404e+236));
insert into t1 values (POINT(1.1517219314031e+164, 1.1818212630766e-125));
insert into t1 values (POINT(2.481040258324e-265, 5.7766220027675e-275));
insert into t1 values (POINT(2.0880974297595e-53, 2.5243548967072e-29));
insert into t1 values (POINT(5.7766220027675e-275, 9.9464647281957e+86));
insert into t1 values (POINT(2.2181357552967e+130, 3.7857669957337e-270));
insert into t1 values (POINT(4.5767114681874e-246, 3.6893488147419e+19));
insert into t1 values (POINT(4.5767114681874e-246, 3.7537584144024e+255));
insert into t1 values (POINT(3.7857669957337e-270, 1.8033161362863e-130));
insert into t1 values (POINT(0, 5.8774717541114e-39));
insert into t1 values (POINT(1.1517219314031e+164, 2.2761049594727e-159));
insert into t1 values (POINT(6.243497100632e+144, 3.7857669957337e-270));
insert into t1 values (POINT(3.7857669957337e-270, 2.6355494858076e-82));
insert into t1 values (POINT(2.0349165139404e+236, 3.8518598887745e-34));
insert into t1 values (POINT(4.6566128730774e-10, 2.0880974297595e-53));
insert into t1 values (POINT(2.0880974297595e-53, 1.8827498946116e-183));
insert into t1 values (POINT(1.8033161362863e-130, 9.1248812352444e+192));
insert into t1 values (POINT(4.7783097267365e-299, 2.2761049594727e-159));
insert into t1 values (POINT(1.94906280228e+289, 1.2338789709327e-178));
drop table t1;
# End of 4.1 tests
......
......@@ -37,32 +37,32 @@ INSERT INTO gis_point VALUES
INSERT INTO gis_line VALUES
(105, LineFromText('LINESTRING(0 0,0 10,10 0)')),
(106, LineStringFromText('LINESTRING(10 10,20 10,20 20,10 20,10 10)')),
(107, LineStringFromWKB(LineString(Point(10, 10), Point(40, 10))));
(107, LineStringFromWKB(AsWKB(LineString(Point(10, 10), Point(40, 10)))));
INSERT INTO gis_polygon VALUES
(108, PolygonFromText('POLYGON((10 10,20 10,20 20,10 20,10 10))')),
(109, PolyFromText('POLYGON((0 0,50 0,50 50,0 50,0 0), (10 10,20 10,20 20,10 20,10 10))')),
(110, PolyFromWKB(Polygon(LineString(Point(0, 0), Point(30, 0), Point(30, 30), Point(0, 0)))));
(110, PolyFromWKB(AsWKB(Polygon(LineString(Point(0, 0), Point(30, 0), Point(30, 30), Point(0, 0))))));
INSERT INTO gis_multi_point VALUES
(111, MultiPointFromText('MULTIPOINT(0 0,10 10,10 20,20 20)')),
(112, MPointFromText('MULTIPOINT(1 1,11 11,11 21,21 21)')),
(113, MPointFromWKB(MultiPoint(Point(3, 6), Point(4, 10))));
(113, MPointFromWKB(AsWKB(MultiPoint(Point(3, 6), Point(4, 10)))));
INSERT INTO gis_multi_line VALUES
(114, MultiLineStringFromText('MULTILINESTRING((10 48,10 21,10 0),(16 0,16 23,16 48))')),
(115, MLineFromText('MULTILINESTRING((10 48,10 21,10 0))')),
(116, MLineFromWKB(MultiLineString(LineString(Point(1, 2), Point(3, 5)), LineString(Point(2, 5), Point(5, 8), Point(21, 7)))));
(116, MLineFromWKB(AsWKB(MultiLineString(LineString(Point(1, 2), Point(3, 5)), LineString(Point(2, 5), Point(5, 8), Point(21, 7))))));
INSERT INTO gis_multi_polygon VALUES
(117, MultiPolygonFromText('MULTIPOLYGON(((28 26,28 0,84 0,84 42,28 26),(52 18,66 23,73 9,48 6,52 18)),((59 18,67 18,67 13,59 13,59 18)))')),
(118, MPolyFromText('MULTIPOLYGON(((28 26,28 0,84 0,84 42,28 26),(52 18,66 23,73 9,48 6,52 18)),((59 18,67 18,67 13,59 13,59 18)))')),
(119, MPolyFromWKB(MultiPolygon(Polygon(LineString(Point(0, 3), Point(3, 3), Point(3, 0), Point(0, 3))))));
(119, MPolyFromWKB(AsWKB(MultiPolygon(Polygon(LineString(Point(0, 3), Point(3, 3), Point(3, 0), Point(0, 3)))))));
INSERT INTO gis_geometrycollection VALUES
(120, GeomCollFromText('GEOMETRYCOLLECTION(POINT(0 0), LINESTRING(0 0,10 10))')),
(121, GeometryFromWKB(GeometryCollection(Point(44, 6), LineString(Point(3, 6), Point(7, 9)))));
(121, GeometryFromWKB(AsWKB(GeometryCollection(Point(44, 6), LineString(Point(3, 6), Point(7, 9))))));
INSERT into gis_geometry SELECT * FROM gis_point;
INSERT into gis_geometry SELECT * FROM gis_line;
......
......@@ -78,10 +78,17 @@ String *Item_func_geometry_from_wkb::val_str(String *str)
{
DBUG_ASSERT(fixed == 1);
String arg_val;
String *wkb= args[0]->val_str(&arg_val);
String *wkb;
Geometry_buffer buffer;
uint32 srid= 0;
if (args[0]->field_type() == MYSQL_TYPE_GEOMETRY)
{
return args[0]->val_str(str);
}
wkb= args[0]->val_str(&arg_val);
if ((arg_count == 2) && !args[1]->null_value)
srid= (uint32)args[1]->val_int();
......@@ -91,8 +98,8 @@ String *Item_func_geometry_from_wkb::val_str(String *str)
str->length(0);
str->q_append(srid);
if ((null_value=
(args[0]->null_value ||
!Geometry::create_from_wkb(&buffer, wkb->ptr(), wkb->length(), str))))
(args[0]->null_value ||
!Geometry::create_from_wkb(&buffer, wkb->ptr(), wkb->length(), str))))
return 0;
return str;
}
......@@ -345,14 +352,16 @@ String *Item_func_point::val_str(String *str)
DBUG_ASSERT(fixed == 1);
double x= args[0]->val_real();
double y= args[1]->val_real();
uint32 srid= 0;
if ((null_value= (args[0]->null_value ||
args[1]->null_value ||
str->realloc(1 + 4 + SIZEOF_STORED_DOUBLE*2))))
str->realloc(4/*SRID*/ + 1 + 4 + SIZEOF_STORED_DOUBLE*2))))
return 0;
str->set_charset(&my_charset_bin);
str->length(0);
str->q_append(srid);
str->q_append((char)Geometry::wkb_ndr);
str->q_append((uint32)Geometry::wkb_point);
str->q_append(x);
......@@ -376,12 +385,14 @@ String *Item_func_spatial_collection::val_str(String *str)
DBUG_ASSERT(fixed == 1);
String arg_value;
uint i;
uint32 srid= 0;
str->set_charset(&my_charset_bin);
str->length(0);
if (str->reserve(1 + 4 + 4, 512))
if (str->reserve(4/*SRID*/ + 1 + 4 + 4, 512))
goto err;
str->q_append(srid);
str->q_append((char) Geometry::wkb_ndr);
str->q_append((uint32) coll_type);
str->q_append((uint32) arg_count);
......@@ -399,13 +410,13 @@ String *Item_func_spatial_collection::val_str(String *str)
In the case of GeometryCollection we don't need any checkings
for item types, so just copy them into target collection
*/
if (str->append(res->ptr(), len, (uint32) 512))
if (str->append(res->ptr() + 4/*SRID*/, len - 4/*SRID*/, (uint32) 512))
goto err;
}
else
{
enum Geometry::wkbType wkb_type;
const char *data= res->ptr() + 1;
const char *data= res->ptr() + 4/*SRID*/ + 1;
/*
In the case of named collection we must check that items
......@@ -414,7 +425,7 @@ String *Item_func_spatial_collection::val_str(String *str)
wkb_type= (Geometry::wkbType) uint4korr(data);
data+= 4;
len-= 5;
len-= 5 + 4/*SRID*/;
if (wkb_type != item_type)
goto err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment