From: Date: July 5 2007 5:24pm Subject: bk commit into 5.0 tree (gkodinov:1.2518) BUG#29166 List-Archive: http://lists.mysql.com/commits/30384 X-Bug: 29166 Message-Id: <200707051524.l65FOofC028565@magare.gmz> Below is the list of changes that have just been committed into a local 5.0 repository of kgeorge. When kgeorge does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2007-07-05 18:24:48+03:00, gkodinov@stripped +3 -0 Bug #29166: AsText() needs to know the maximum number of characters a IEEE double precision value can occupy to make sure there's enough buffer space. The number was too small to hold all possible values and this caused buffer overruns. Fixed by correcting the calculation of the maximum digits in a string representation of an IEEE double precision value as printed by String::qs_append(double). mysql-test/r/gis.result@stripped, 2007-07-05 18:24:46+03:00, gkodinov@stripped +3 -0 Bug #29166: test case mysql-test/t/gis.test@stripped, 2007-07-05 18:24:47+03:00, gkodinov@stripped +20 -0 Bug #29166: test case sql/spatial.cc@stripped, 2007-07-05 18:24:47+03:00, gkodinov@stripped +22 -1 Bug #29166: correct calculation of the maximum digits in a string representation of a double diff -Nrup a/mysql-test/r/gis.result b/mysql-test/r/gis.result --- a/mysql-test/r/gis.result 2007-06-07 23:32:55 +03:00 +++ b/mysql-test/r/gis.result 2007-07-05 18:24:46 +03:00 @@ -885,4 +885,7 @@ AsText(a) POINT(1 1) LINESTRING(0 0,1 1,2 2) drop table t1, t2; +SELECT 1; +1 +1 End of 5.0 tests diff -Nrup a/mysql-test/t/gis.test b/mysql-test/t/gis.test --- a/mysql-test/t/gis.test 2007-06-07 23:32:55 +03:00 +++ b/mysql-test/t/gis.test 2007-07-05 18:24:47 +03:00 @@ -570,4 +570,24 @@ create table t2 as select f2 as a from t desc t2; select AsText(a) from t2; drop table t1, t2; + +# +# Bug #29166: MYsql crash when query is run +# + +# The test query itself is not logged : too large output. +# The real test is the second query : see if the first hasn't crashed the +# server +--disable_query_log +--disable_result_log +SELECT AsText(GeometryFromText(CONCAT( + 'MULTIPOLYGON(((', + REPEAT ('-0.00000000001234567890123456789012 -0.123456789012345678,', 1000), + '-0.00000000001234567890123456789012 -0.123456789012345678', + ')))' +))) AS a; +--enable_result_log +--enable_query_log +SELECT 1; + --echo End of 5.0 tests diff -Nrup a/sql/spatial.cc b/sql/spatial.cc --- a/sql/spatial.cc 2007-03-05 16:22:31 +02:00 +++ b/sql/spatial.cc 2007-07-05 18:24:47 +03:00 @@ -17,7 +17,28 @@ #ifdef HAVE_SPATIAL -#define MAX_DIGITS_IN_DOUBLE 16 +/* + exponential notation : + 1 sign + 1 number before the decimal point + 1 decimal point + 14 number of significant digits (see String::qs_append(double)) + 1 'e' sign + 1 exponent sign + 3 exponent digits + == + 22 + + "f" notation : + 1 optional 0 + 1 sign + 14 number significant digits (see String::qs_append(double) ) + 1 decimal point + == + 17 +*/ + +#define MAX_DIGITS_IN_DOUBLE 22 /***************************** Gis_class_info *******************************/