MDEV-4478 check mysql-5.5 changes in spatial.cc.

not_enough_points() introduced to check if the spatial object is incorrect.

MDEV-4478 check mysql-5.5 changes in spatial.cc.
not_enough_points() introduced to check if the spatial object is incorrect.
9b67de47 · Alexey Botchkov · 48b403cd · 9b67de47 · 9b67de47
Commit 9b67de47 authored Jul 22, 2013 by Alexey Botchkov
Show whitespace changes
Inline Side-by-side

Showing with 58 additions and 54 deletions

sql/spatial.cc sql/spatial.cc +39 -49

sql/spatial.h sql/spatial.h +19 -5

No files found.
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -394,19 +394,18 @@ const char *Geometry::append_points(String *txt, uint32 n_points,
 const char *Geometry::get_mbr_for_points(MBR *mbr, const char *data,
 					 uint offset) const
 {
-  uint32 n_points;
+  uint32 points;
  /* read number of points */
  if (no_data(data, 4))
    return 0;
-  n_points= uint4korr(data);
+  points= uint4korr(data);
  data+= 4;
-  if (n_points > max_n_points ||
+  if (not_enough_points(data, points, offset))
-      no_data(data, (POINT_DATA_SIZE + offset) * n_points))
    return 0;
  /* Calculate MBR for points */
-  while (n_points--)
+  while (points--)
  {
    data+= offset;
    mbr->add_xy(data, data + SIZEOF_STORED_DOUBLE);
@@ -485,12 +484,16 @@ const Geometry::Class_info *Gis_point::get_class_info() const
 uint32 Gis_line_string::get_data_size() const 
 {
-  uint32 n_points, size;
+  uint32 n_points;
-  if (no_data(m_data, 4) ||
+  if (no_data(m_data, 4))
-      (n_points= uint4korr(m_data)) > max_n_points ||
-      no_data(m_data, (size= 4 + n_points * POINT_DATA_SIZE)))
    return GET_SIZE_ERROR;
-  return size;
+  n_points= uint4korr(m_data);
+  if (not_enough_points(m_data + 4, n_points))
+    return GET_SIZE_ERROR;
+  return 4 + n_points * POINT_DATA_SIZE;
 }
@@ -529,9 +532,8 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len,
  const char *wkb_end;
  Gis_point p;
-  if (len < 4 ||
+  if (len < 4 || (n_points= wkb_get_uint(wkb, bo)) < 1 ||
-      (n_points= wkb_get_uint(wkb, bo)) < 1 ||
+      ((len - 4) / POINT_DATA_SIZE) < n_points)
-      n_points > max_n_points)
    return 0;
  proper_length= 4 + n_points * POINT_DATA_SIZE;
@@ -560,8 +562,8 @@ bool Gis_line_string::get_data_as_wkt(String *txt, const char **end) const
  n_points= uint4korr(data);
  data += 4;
-  if (n_points < 1 || n_points > max_n_points ||
+  if (n_points < 1 ||
-      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points) ||
+      not_enough_points(data, n_points) ||
      txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1)*2 + 1) * n_points))
    return 1;
@@ -598,8 +600,7 @@ int Gis_line_string::geom_length(double *len) const
    return 1;
  n_points= uint4korr(data);
  data+= 4;
-  if (n_points < 1 || n_points > max_n_points ||
+  if (n_points < 1 || not_enough_points(data, n_points))
-      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
    return 1;
  get_point(&prev_x, &prev_y, data);
@@ -633,8 +634,7 @@ int Gis_line_string::is_closed(int *closed) const
    return 0;
  }
  data+= 4;
-  if (n_points == 0 || n_points > max_n_points ||
+  if (n_points == 0 || not_enough_points(data, n_points))
-      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
    return 1;
  /* Get first point */
@@ -669,8 +669,7 @@ int Gis_line_string::end_point(String *result) const
  if (no_data(m_data, 4))
    return 1;
  n_points= uint4korr(m_data);
-  if (n_points == 0 || n_points > max_n_points ||
+  if (n_points == 0 || not_enough_points(m_data+4, n_points))
-      no_data(m_data, POINT_DATA_SIZE * n_points))
    return 1;
  return create_point(result, m_data + 4 + (n_points - 1) * POINT_DATA_SIZE);
 }
@@ -683,9 +682,7 @@ int Gis_line_string::point_n(uint32 num, String *result) const
    return 1;
  num--;
  n_points= uint4korr(m_data);
-  if (num >= n_points ||
+  if (num >= n_points || not_enough_points(m_data+4, n_points))
-      num > max_n_points || // means (num > n_points || num < 1)
-      no_data(m_data, num * POINT_DATA_SIZE))
    return 1;
  return create_point(result, m_data + 4 + num*POINT_DATA_SIZE);
@@ -713,7 +710,7 @@ uint32 Gis_polygon::get_data_size() const
  while (n_linear_rings--)
  {
    if (no_data(data, 4) ||
-        (n_points= uint4korr(data)) > max_n_points)
+        not_enough_points(data+4, n_points= uint4korr(data)))
      return GET_SIZE_ERROR;
    data+= 4 + n_points*POINT_DATA_SIZE;
  }
@@ -813,8 +810,7 @@ bool Gis_polygon::get_data_as_wkt(String *txt, const char **end) const
      return 1;
    n_points= uint4korr(data);
    data+= 4;
-    if (n_points > max_n_points ||
+    if (not_enough_points(data, n_points) ||
-        no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points) ||
 	txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
      return 1;
    txt->qs_append('(');
@@ -868,8 +864,8 @@ int Gis_polygon::area(double *ar, const char **end_of_data) const
    if (no_data(data, 4))
      return 1;
    n_points= uint4korr(data);
-    if (n_points == 0 || n_points > max_n_points ||
+    if (n_points == 0 ||
-        no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
+        not_enough_points(data, n_points))
      return 1;
    get_point(&prev_x, &prev_y, data+4);
    data+= (4+SIZEOF_STORED_DOUBLE*2);
@@ -905,8 +901,7 @@ int Gis_polygon::exterior_ring(String *result) const
  n_points= uint4korr(data);
  data+= 4;
  length= n_points * POINT_DATA_SIZE;
-  if (n_points > max_n_points ||
+  if (not_enough_points(data, n_points) || result->reserve(1+4+4+ length))
-      no_data(data, length) || result->reserve(1+4+4+ length))
    return 1;
  result->q_append((char) wkb_ndr);
@@ -952,7 +947,7 @@ int Gis_polygon::interior_ring_n(uint32 num, String *result) const
  n_points= uint4korr(data);
  points_size= n_points * POINT_DATA_SIZE;
  data+= 4;
-  if (no_data(data, points_size) || result->reserve(1+4+4+ points_size))
+  if (not_enough_points(data, n_points) || result->reserve(1+4+4+ points_size))
    return 1;
  result->q_append((char) wkb_ndr);
@@ -989,8 +984,7 @@ int Gis_polygon::centroid_xy(double *x, double *y) const
      return 1;
    org_n_points= n_points= uint4korr(data);
    data+= 4;
-    if (n_points == 0 || n_points > max_n_points ||
+    if (n_points == 0 || not_enough_points(data, n_points))
-        no_data(data, (SIZEOF_STORED_DOUBLE*2) * n_points))
      return 1;
    get_point(&prev_x, &prev_y, data);
    data+= (SIZEOF_STORED_DOUBLE*2);
@@ -1050,13 +1044,12 @@ const Geometry::Class_info *Gis_polygon::get_class_info() const
 uint32 Gis_multi_point::get_data_size() const 
 {
  uint32 n_points;
-  uint32 size;
  if (no_data(m_data, 4) ||
-      (n_points= uint4korr(m_data)) > max_n_points ||
+      not_enough_points(m_data+4, (n_points= uint4korr(m_data)),
-      no_data(m_data, (size= 4 + n_points*(POINT_DATA_SIZE + WKB_HEADER_SIZE))))
+        WKB_HEADER_SIZE))
     return GET_SIZE_ERROR;
-  return size;
+  return  4 + n_points * (POINT_DATA_SIZE + WKB_HEADER_SIZE);
 }
@@ -1124,9 +1117,7 @@ bool Gis_multi_point::get_data_as_wkt(String *txt, const char **end) const
    return 1;
  n_points= uint4korr(m_data);
-  if (n_points > max_n_points ||
+  if (not_enough_points(m_data+4, n_points, WKB_HEADER_SIZE) ||
-      no_data(m_data+4,
-	      n_points * (SIZEOF_STORED_DOUBLE * 2 + WKB_HEADER_SIZE)) ||
      txt->reserve(((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
    return 1;
  *end= append_points(txt, n_points, m_data+4, WKB_HEADER_SIZE);
@@ -1189,7 +1180,8 @@ uint32 Gis_multi_line_string::get_data_size() const
  while (n_line_strings--)
  {
    if (no_data(data, WKB_HEADER_SIZE + 4) ||
-        (n_points= uint4korr(data + WKB_HEADER_SIZE)) > max_n_points)
+        not_enough_points(data + WKB_HEADER_SIZE+4,
+                          (n_points= uint4korr(data + WKB_HEADER_SIZE))))
      return GET_SIZE_ERROR;
    data+= (WKB_HEADER_SIZE + 4 + n_points*POINT_DATA_SIZE);
  }
@@ -1286,8 +1278,7 @@ bool Gis_multi_line_string::get_data_as_wkt(String *txt,
      return 1;
    n_points= uint4korr(data + WKB_HEADER_SIZE);
    data+= WKB_HEADER_SIZE + 4;
-    if (n_points > max_n_points ||
+    if (not_enough_points(data, n_points) ||
-        no_data(data, n_points * (SIZEOF_STORED_DOUBLE*2)) ||
 	txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points))
      return 1;
    txt->qs_append('(');
@@ -1348,7 +1339,7 @@ int Gis_multi_line_string::geometry_n(uint32 num, String *result) const
      return 1;
    n_points= uint4korr(data + WKB_HEADER_SIZE);
    length= WKB_HEADER_SIZE + 4+ POINT_DATA_SIZE * n_points;
-    if (n_points > max_n_points || no_data(data, length))
+    if (not_enough_points(data+WKB_HEADER_SIZE+4, n_points))
      return 1;
    if (!--num)
      break;
@@ -1448,7 +1439,7 @@ uint32 Gis_multi_polygon::get_data_size() const
    while (n_linear_rings--)
    {
      if (no_data(data, 4) ||
-          (n_points= uint4korr(data)) > max_n_points)
+          not_enough_points(data+4, (n_points= uint4korr(data))))
 	return GET_SIZE_ERROR;
      data+= 4 + n_points * POINT_DATA_SIZE;
    }
@@ -1552,8 +1543,7 @@ bool Gis_multi_polygon::get_data_as_wkt(String *txt, const char **end) const
        return 1;
      uint32 n_points= uint4korr(data);
      data+= 4;
-      if (n_points > max_n_points ||
+      if (not_enough_points(data, n_points) ||
-          no_data(data, (SIZEOF_STORED_DOUBLE * 2) * n_points) ||
 	  txt->reserve(2 + ((MAX_DIGITS_IN_DOUBLE + 1) * 2 + 1) * n_points,
 		       512))
 	return 1;
@@ -1636,7 +1626,7 @@ int Gis_multi_polygon::geometry_n(uint32 num, String *result) const
      if (no_data(data, 4))
 	return 1;
      n_points= uint4korr(data);
-      if (n_points > max_n_points)
+      if (not_enough_points(data + 4, n_points))
        return 1;
      data+= 4 + POINT_DATA_SIZE * n_points;
    }

--- a/sql/spatial.h
+++ b/sql/spatial.h
@@ -196,11 +196,6 @@ struct Geometry_buffer;
 class Geometry
 {
-public:
-  // Maximum number of points in feature that can fit into String
-  static const uint32 max_n_points=
-    (uint32) (INT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) /
-    POINT_DATA_SIZE;
 public:
  Geometry() {}                               /* Remove gcc warning */
  virtual ~Geometry() {}                        /* Remove gcc warning */
@@ -326,6 +321,25 @@ class Geometry
  {
    return (cur_data + data_amount > m_data_end);
  }
+  /**
+     Check if there're enough points remaining as requested
+     Need to perform the calculation in logical units, since multiplication
+     can overflow the size data type.
+     @arg data              pointer to the begining of the points array
+     @arg expected_points   number of points expected
+     @arg extra_point_space extra space for each point element in the array
+     @return               true if there are not enough points
+  */
+  inline bool not_enough_points(const char *data, uint32 expected_points,
+                                uint32 extra_point_space = 0) const
+  {
+    return (m_data_end < data ||
+            (expected_points > ((m_data_end - data) /
+                                (POINT_DATA_SIZE + extra_point_space))));
+  }
  const char *m_data;
  const char *m_data_end;
 };