From 8aea62fa8a4ac6b065322814d2dcc2c2a9a7ec7e Mon Sep 17 00:00:00 2001
From: Ramil Kalimullin <ramil.kalimullin@oracle.com>
Date: Mon, 5 Mar 2012 21:58:07 +0400
Subject: [PATCH] Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS

Problem:
lack of incoming geometry data validation may
lead to a server crash when ISCLOSED() function called.

Solution:
necessary incoming data check added.


mysql-test/r/gis.result:
  Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
    test result.
mysql-test/t/gis.test:
  Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
    test case.
sql/spatial.cc:
  Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
    check if a LINESTRING has at least one point as we
  rely on that further.
---
 mysql-test/r/gis.result | 6 ++++++
 mysql-test/t/gis.test   | 7 +++++++
 sql/spatial.cc          | 3 ++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result
index acb55d225a7..9b901e0f93f 100644
--- a/mysql-test/r/gis.result
+++ b/mysql-test/r/gis.result
@@ -1075,4 +1075,10 @@ SPATIAL INDEX i1 (col1, col2)
 );
 ERROR HY000: Incorrect arguments to SPATIAL INDEX
 DROP TABLE t0, t1, t2;
+#
+# BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
+#
+SELECT ISCLOSED(CONVERT(CONCAT('     ', 0x2), BINARY(20)));
+ISCLOSED(CONVERT(CONCAT('     ', 0x2), BINARY(20)))
+NULL
 End of 5.1 tests
diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test
index f8cec14d9ae..fbd4c87cb97 100644
--- a/mysql-test/t/gis.test
+++ b/mysql-test/t/gis.test
@@ -812,4 +812,11 @@ CREATE TABLE t3 (
 # cleanup
 DROP TABLE t0, t1, t2;
 
+
+--echo #
+--echo # BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
+--echo #
+SELECT ISCLOSED(CONVERT(CONCAT('     ', 0x2), BINARY(20)));
+
+
 --echo End of 5.1 tests
diff --git a/sql/spatial.cc b/sql/spatial.cc
index ed3d72b91ec..0d2dd81c71e 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -627,7 +627,8 @@ int Gis_line_string::is_closed(int *closed) const
     return 0;
   }
   data+= 4;
-  if (no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
+  if (n_points == 0 ||
+      no_data(data, SIZEOF_STORED_DOUBLE * 2 * n_points))
     return 1;
 
   /* Get first point */