diff options
| author | Ramil Kalimullin <ramil@mysql.com> | 2010-08-30 11:51:46 +0400 |
|---|---|---|
| committer | Ramil Kalimullin <ramil@mysql.com> | 2010-08-30 11:51:46 +0400 |
| commit | 6a113b215abde05ffe602111f54c2aef8e78bbd1 (patch) | |
| tree | ef3dfb3ae34526a2134b3a2dea694124193f5429 /sql/spatial.cc | |
| parent | 3bc7c508136589388ee794c42309d3db0a5d072f (diff) | |
| download | mariadb-git-6a113b215abde05ffe602111f54c2aef8e78bbd1.tar.gz | |
Fix for bug #51875: crash when loading data into geometry function polyfromwkb
Check for number of line strings in the incoming polygon data (wkb) and
for number of points in the incoming linestring wkb.
mysql-test/r/gis.result:
Fix for bug #51875: crash when loading data into geometry function polyfromwkb
- test result.
mysql-test/t/gis.test:
Fix for bug #51875: crash when loading data into geometry function polyfromwkb
- test case.
sql/spatial.cc:
Fix for bug #51875: crash when loading data into geometry function polyfromwkb
- creating a polygon from wkb check for number of line strings,
- creating a linestring from wkb check for number of line points.
Diffstat (limited to 'sql/spatial.cc')
| -rw-r--r-- | sql/spatial.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sql/spatial.cc b/sql/spatial.cc index 2305a8eb97d..8b869a5b1ca 100644 --- a/sql/spatial.cc +++ b/sql/spatial.cc @@ -528,7 +528,7 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len, n_points= wkb_get_uint(wkb, bo); proper_length= 4 + n_points * POINT_DATA_SIZE; - if (len < proper_length || res->reserve(proper_length)) + if (!n_points || len < proper_length || res->reserve(proper_length)) return 0; res->q_append(n_points); @@ -746,7 +746,9 @@ uint Gis_polygon::init_from_wkb(const char *wkb, uint len, wkbByteOrder bo, if (len < 4) return 0; - n_linear_rings= wkb_get_uint(wkb, bo); + if (!(n_linear_rings= wkb_get_uint(wkb, bo))) + return 0; + if (res->reserve(4, 512)) return 0; wkb+= 4; |