Commit 440e0584 authored by Staale Smedseng's avatar Staale Smedseng

Merge from 5.1-bugteam upstream

parents 5e0c7eea 31d8a7c9
......@@ -984,4 +984,52 @@ f4 geometry YES NULL
f5 datetime YES NULL
drop view v1;
drop table t1;
SELECT MultiPoint(12345,'');
MultiPoint(12345,'')
NULL
SELECT MultiPoint(123451,'');
MultiPoint(123451,'')
NULL
SELECT MultiPoint(1234512,'');
MultiPoint(1234512,'')
NULL
SELECT MultiPoint(12345123,'');
MultiPoint(12345123,'')
NULL
SELECT MultiLineString(12345,'');
MultiLineString(12345,'')
NULL
SELECT MultiLineString(123451,'');
MultiLineString(123451,'')
NULL
SELECT MultiLineString(1234512,'');
MultiLineString(1234512,'')
NULL
SELECT MultiLineString(12345123,'');
MultiLineString(12345123,'')
NULL
SELECT LineString(12345,'');
LineString(12345,'')
NULL
SELECT LineString(123451,'');
LineString(123451,'')
NULL
SELECT LineString(1234512,'');
LineString(1234512,'')
NULL
SELECT LineString(12345123,'');
LineString(12345123,'')
NULL
SELECT Polygon(12345,'');
Polygon(12345,'')
NULL
SELECT Polygon(123451,'');
Polygon(123451,'')
NULL
SELECT Polygon(1234512,'');
Polygon(1234512,'')
NULL
SELECT Polygon(12345123,'');
Polygon(12345123,'')
NULL
End of 5.1 tests
......@@ -667,4 +667,28 @@ desc v1;
drop view v1;
drop table t1;
#
# Bug#44684: valgrind reports invalid reads in
# Item_func_spatial_collection::val_str
#
SELECT MultiPoint(12345,'');
SELECT MultiPoint(123451,'');
SELECT MultiPoint(1234512,'');
SELECT MultiPoint(12345123,'');
SELECT MultiLineString(12345,'');
SELECT MultiLineString(123451,'');
SELECT MultiLineString(1234512,'');
SELECT MultiLineString(12345123,'');
SELECT LineString(12345,'');
SELECT LineString(123451,'');
SELECT LineString(1234512,'');
SELECT LineString(12345123,'');
SELECT Polygon(12345,'');
SELECT Polygon(123451,'');
SELECT Polygon(1234512,'');
SELECT Polygon(12345123,'');
--echo End of 5.1 tests
......@@ -416,7 +416,10 @@ String *Item_func_spatial_collection::val_str(String *str)
else
{
enum Geometry::wkbType wkb_type;
const char *data= res->ptr() + 4/*SRID*/ + 1;
const uint data_offset= 4/*SRID*/ + 1;
if (res->length() < data_offset + sizeof(uint32))
goto err;
const char *data= res->ptr() + data_offset;
/*
In the case of named collection we must check that items
......@@ -439,7 +442,7 @@ String *Item_func_spatial_collection::val_str(String *str)
break;
case Geometry::wkb_linestring:
if (str->append(data, POINT_DATA_SIZE, 512))
if (len < POINT_DATA_SIZE || str->append(data, POINT_DATA_SIZE, 512))
goto err;
break;
case Geometry::wkb_polygon:
......@@ -448,11 +451,15 @@ String *Item_func_spatial_collection::val_str(String *str)
double x1, y1, x2, y2;
const char *org_data= data;
if (len < 4 + 2 * POINT_DATA_SIZE)
if (len < 4)
goto err;
n_points= uint4korr(data);
data+= 4;
if (n_points < 2 || len < 4 + n_points * POINT_DATA_SIZE)
goto err;
float8get(x1, data);
data+= SIZEOF_STORED_DOUBLE;
float8get(y1, data);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment