Commit 1532452a authored by gkodinov/kgeorge@magare.gmz's avatar gkodinov/kgeorge@magare.gmz
Browse files

Bug #29166: 

AsText() needs to know the maximum number of
characters a IEEE double precision value can
occupy to make sure there's enough buffer space.
The number was too small to hold all possible
values and this caused buffer overruns.
Fixed by correcting the calculation of the 
maximum digits in a string representation of an
IEEE double precision value as printed by 
String::qs_append(double).
parent eb454f85

mysql-test/r/gis.result

+3 −0
Original line number Diff line number Diff line
@@ -885,4 +885,7 @@ AsText(a) 
POINT(1 1)

LINESTRING(0 0,1 1,2 2)

drop table t1, t2;

SELECT 1;

1

1

End of 5.0 tests

mysql-test/t/gis.test

+20 −0
Original line number Diff line number Diff line
@@ -570,4 +570,24 @@ create table t2 as select f2 as a from t1 union select f3 from t1; 
desc t2;

select AsText(a) from t2; 

drop table t1, t2;



#

# Bug #29166: MYsql crash when query is run

#



# The test query itself is not logged : too large output.

# The real test is the second query : see if the first hasn't crashed the

# server

--disable_query_log

--disable_result_log

SELECT AsText(GeometryFromText(CONCAT(

  'MULTIPOLYGON(((',

  REPEAT ('-0.00000000001234567890123456789012 -0.123456789012345678,', 1000),

  '-0.00000000001234567890123456789012 -0.123456789012345678',

  ')))'

))) AS a;

--enable_result_log

--enable_query_log

SELECT 1;



--echo End of 5.0 tests

sql/spatial.cc

+22 −1
Original line number Diff line number Diff line
@@ -17,7 +17,28 @@ 


#ifdef HAVE_SPATIAL



#define MAX_DIGITS_IN_DOUBLE 16

/* 

  exponential notation :

  1   sign

  1   number before the decimal point

  1   decimal point

  14  number of significant digits (see String::qs_append(double))

  1   'e' sign

  1   exponent sign

  3   exponent digits

  ==

  22



  "f" notation :

  1   optional 0

  1   sign

  14  number significant digits (see String::qs_append(double) )

  1   decimal point

  ==

  17

*/



#define MAX_DIGITS_IN_DOUBLE 22



/***************************** Gis_class_info *******************************/