Commit 4645fa48 authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#55531 crash with conversions of geometry types / strings

Convertion from a floating point number to a string caused a
crash.

During rare circumstances a String object could crash when
it was requested to allocate new memory.
A crash could occcur in Field_double::val_str() because of
a pointer referencing memory inside a String object which was
of unknown size.
And finally, the geometric collection should not accept
arguments which are non geometric.


mysql-test/r/gis.result:
  * Test cases change because we intercept the error behind the
  previous crashes much earlier.
sql/field.cc:
  * It makes no sense to impose a lower limit on the length
  and not setting a upper limit will cause crashes later.
sql/item_geofunc.h:
  * Disallow for binding with field- and item types which
  differ from MYSQL_TYPE_GEOMETRY types.
parent 6a655246
......@@ -707,10 +707,7 @@ numgeometries(b) IS NULL, numinteriorrings(b) IS NULL, numpoints(b) IS NULL,
area(b) IS NULL, glength(b) IS NULL, srid(b) IS NULL, x(b) IS NULL,
y(b) IS NULL
from t1;
geometryfromtext(b) IS NULL geometryfromwkb(b) IS NULL astext(b) IS NULL aswkb(b) IS NULL geometrytype(b) IS NULL centroid(b) IS NULL envelope(b) IS NULL startpoint(b) IS NULL endpoint(b) IS NULL exteriorring(b) IS NULL pointn(b, 1) IS NULL geometryn(b, 1) IS NULL interiorringn(b, 1) IS NULL multipoint(b) IS NULL isempty(b) IS NULL issimple(b) IS NULL isclosed(b) IS NULL dimension(b) IS NULL numgeometries(b) IS NULL numinteriorrings(b) IS NULL numpoints(b) IS NULL area(b) IS NULL glength(b) IS NULL srid(b) IS NULL x(b) IS NULL y(b) IS NULL
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
ERROR 22007: Illegal non geometric '' value found during parsing
select
within(b, b) IS NULL, contains(b, b) IS NULL, overlaps(b, b) IS NULL,
equals(b, b) IS NULL, disjoint(b, b) IS NULL, touches(b, b) IS NULL,
......@@ -725,10 +722,7 @@ point(b, b) IS NULL, linestring(b) IS NULL, polygon(b) IS NULL, multipoint(b) IS
multilinestring(b) IS NULL, multipolygon(b) IS NULL,
geometrycollection(b) IS NULL
from t1;
point(b, b) IS NULL linestring(b) IS NULL polygon(b) IS NULL multipoint(b) IS NULL multilinestring(b) IS NULL multipolygon(b) IS NULL geometrycollection(b) IS NULL
0 1 1 1 1 1 1
1 1 1 1 1 1 1
0 1 1 1 1 1 1
ERROR 22007: Illegal non geometric '' value found during parsing
drop table t1;
CREATE TABLE t1(a POINT) ENGINE=MyISAM;
INSERT INTO t1 VALUES (NULL);
......@@ -1010,51 +1004,7 @@ f5 datetime YES NULL
drop view v1;
drop table t1;
SELECT MultiPoint(12345,'');
MultiPoint(12345,'')
NULL
SELECT MultiPoint(123451,'');
MultiPoint(123451,'')
NULL
SELECT MultiPoint(1234512,'');
MultiPoint(1234512,'')
NULL
SELECT MultiPoint(12345123,'');
MultiPoint(12345123,'')
NULL
SELECT MultiLineString(12345,'');
MultiLineString(12345,'')
NULL
SELECT MultiLineString(123451,'');
MultiLineString(123451,'')
NULL
SELECT MultiLineString(1234512,'');
MultiLineString(1234512,'')
NULL
SELECT MultiLineString(12345123,'');
MultiLineString(12345123,'')
NULL
SELECT LineString(12345,'');
LineString(12345,'')
NULL
SELECT LineString(123451,'');
LineString(123451,'')
NULL
SELECT LineString(1234512,'');
LineString(1234512,'')
NULL
SELECT LineString(12345123,'');
LineString(12345123,'')
NULL
SELECT Polygon(12345,'');
Polygon(12345,'')
NULL
SELECT Polygon(123451,'');
Polygon(123451,'')
NULL
SELECT Polygon(1234512,'');
Polygon(1234512,'')
NULL
SELECT Polygon(12345123,'');
Polygon(12345123,'')
NULL
ERROR 22007: Illegal non geometric '12345' value found during parsing
SELECT 1 FROM (SELECT GREATEST(1,GEOMETRYCOLLECTION('00000','00000')) b FROM DUAL) AS d WHERE (LINESTRING(d.b));
ERROR 22007: Illegal non geometric '' value found during parsing
End of 5.1 tests
......@@ -401,6 +401,7 @@ create table t1 (a int, b blob);
insert into t1 values (1, ''), (2, NULL), (3, '1');
select * from t1;
--error ER_ILLEGAL_VALUE_FOR_TYPE
select
geometryfromtext(b) IS NULL, geometryfromwkb(b) IS NULL, astext(b) IS NULL,
aswkb(b) IS NULL, geometrytype(b) IS NULL, centroid(b) IS NULL,
......@@ -419,6 +420,7 @@ select
intersects(b, b) IS NULL, crosses(b, b) IS NULL
from t1;
--error ER_ILLEGAL_VALUE_FOR_TYPE
select
point(b, b) IS NULL, linestring(b) IS NULL, polygon(b) IS NULL, multipoint(b) IS NULL,
multilinestring(b) IS NULL, multipolygon(b) IS NULL,
......@@ -702,24 +704,34 @@ drop table t1;
# Bug#44684: valgrind reports invalid reads in
# Item_func_spatial_collection::val_str
#
--error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT MultiPoint(12345,'');
SELECT MultiPoint(123451,'');
SELECT MultiPoint(1234512,'');
SELECT MultiPoint(12345123,'');
SELECT MultiLineString(12345,'');
SELECT MultiLineString(123451,'');
SELECT MultiLineString(1234512,'');
SELECT MultiLineString(12345123,'');
SELECT LineString(12345,'');
SELECT LineString(123451,'');
SELECT LineString(1234512,'');
SELECT LineString(12345123,'');
SELECT Polygon(12345,'');
SELECT Polygon(123451,'');
SELECT Polygon(1234512,'');
SELECT Polygon(12345123,'');
#SELECT MultiPoint(123451,'');
#SELECT MultiPoint(1234512,'');
#SELECT MultiPoint(12345123,'');
--error ER_ILLEGAL_VALUE_FOR_TYPE
#SELECT MultiLineString(12345,'');
#SELECT MultiLineString(123451,'');
#SELECT MultiLineString(1234512,'');
#SELECT MultiLineString(12345123,'');
--error ER_ILLEGAL_VALUE_FOR_TYPE
#SELECT LineString(12345,'');
#SELECT LineString(123451,'');
#SELECT LineString(1234512,'');
#SELECT LineString(12345123,'');
--error ER_ILLEGAL_VALUE_FOR_TYPE
#SELECT Polygon(12345,'');
#SELECT Polygon(123451,'');
#SELECT Polygon(1234512,'');
#SELECT Polygon(12345123,'');
#
# Bug55531 crash with conversions of geometry types / strings
#
--error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT 1 FROM (SELECT GREATEST(1,GEOMETRYCOLLECTION('00000','00000')) b FROM DUAL) AS d WHERE (LINESTRING(d.b));
--echo End of 5.1 tests
......@@ -4561,7 +4561,7 @@ String *Field_double::val_str(String *val_buffer,
#endif
doubleget(nr,ptr);
uint to_length=max(field_length, DOUBLE_TO_STRING_CONVERSION_BUFFER_SIZE);
uint to_length= DOUBLE_TO_STRING_CONVERSION_BUFFER_SIZE;
val_buffer->alloc(to_length);
char *to=(char*) val_buffer->ptr();
......
......@@ -175,6 +175,19 @@ class Item_func_spatial_collection: public Item_geometry_func
item_type=it;
}
String *val_str(String *);
void fix_length_and_dec()
{
for( unsigned int i=0; i<arg_count; ++i)
{
if( args[i]->fixed && args[i]->field_type() != MYSQL_TYPE_GEOMETRY)
{
String str;
args[i]->val_str(&str);
my_error(ER_ILLEGAL_VALUE_FOR_TYPE,MYF(0),"non geometric",str.c_ptr());
}
}
}
const char *func_name() const { return "multipoint"; }
};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment