Commit 61d616dd authored by unknown's avatar unknown

Bug #29166:

AsText() needs to know the maximum number of
characters a IEEE double precision value can
occupy to make sure there's enough buffer space.
The number was too small to hold all possible
values and this caused buffer overruns.
Fixed by correcting the calculation of the 
maximum digits in a string representation of an
IEEE double precision value as printed by 
String::qs_append(double).


mysql-test/r/gis.result:
  Bug #29166: test case
mysql-test/t/gis.test:
  Bug #29166: test case
sql/spatial.cc:
  Bug #29166: correct calculation of the maximum digits in
  a string representation of a double
parent add1a96c
......@@ -885,4 +885,7 @@ AsText(a)
POINT(1 1)
LINESTRING(0 0,1 1,2 2)
drop table t1, t2;
SELECT 1;
1
1
End of 5.0 tests
......@@ -570,4 +570,24 @@ create table t2 as select f2 as a from t1 union select f3 from t1;
desc t2;
select AsText(a) from t2;
drop table t1, t2;
#
# Bug #29166: MYsql crash when query is run
#
# The test query itself is not logged : too large output.
# The real test is the second query : see if the first hasn't crashed the
# server
--disable_query_log
--disable_result_log
SELECT AsText(GeometryFromText(CONCAT(
'MULTIPOLYGON(((',
REPEAT ('-0.00000000001234567890123456789012 -0.123456789012345678,', 1000),
'-0.00000000001234567890123456789012 -0.123456789012345678',
')))'
))) AS a;
--enable_result_log
--enable_query_log
SELECT 1;
--echo End of 5.0 tests
......@@ -17,7 +17,28 @@
#ifdef HAVE_SPATIAL
#define MAX_DIGITS_IN_DOUBLE 16
/*
exponential notation :
1 sign
1 number before the decimal point
1 decimal point
14 number of significant digits (see String::qs_append(double))
1 'e' sign
1 exponent sign
3 exponent digits
==
22
"f" notation :
1 optional 0
1 sign
14 number significant digits (see String::qs_append(double) )
1 decimal point
==
17
*/
#define MAX_DIGITS_IN_DOUBLE 22
/***************************** Gis_class_info *******************************/
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment