From c9742ceac5bd682e24a435c36524305eecca7950 Mon Sep 17 00:00:00 2001
From: Alexey Botchkov <holyfoot@askmonty.org>
Date: Sat, 15 Nov 2014 21:30:16 +0400
Subject: [PATCH] MDEV-6883 ST_WITHIN crashes server if (0,0) is matched to
 POLYGON((0 0)).   Fixed the case when a polygon contains a single-point ring.

---
 mysql-test/r/gis.result | 6 ++++++
 mysql-test/t/gis.test   | 6 ++++++
 sql/spatial.cc          | 8 +++++++-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/gis.result b/mysql-test/r/gis.result
index 6c4d117042a..1d4a1eea8ff 100644
--- a/mysql-test/r/gis.result
+++ b/mysql-test/r/gis.result
@@ -1540,3 +1540,9 @@ Warnings:
 Warning	1300	Invalid utf8 character string: 'E043'
 Warning	1300	Invalid utf8 character string: 'E043'
 drop table t1;
+#
+# MDEV-6883 ST_WITHIN crashes server if (0,0) is matched to POLYGON((0 0))
+#
+select st_within(GeomFromText('Polygon((0 0))'), Point(0,0));
+st_within(GeomFromText('Polygon((0 0))'), Point(0,0))
+1
diff --git a/mysql-test/t/gis.test b/mysql-test/t/gis.test
index 9e743a65cdb..34a0309b908 100644
--- a/mysql-test/t/gis.test
+++ b/mysql-test/t/gis.test
@@ -1398,3 +1398,9 @@ insert into t1 values(geomfromtext("POINT(0 9.2233720368548e18)"));
 insert into t1 values(geomfromtext("POINT(0 9.2233720368548e18)"));
 select equals(`a`,convert(`a` using utf8)) from `t1`;
 drop table t1;
+
+
+--echo #
+--echo # MDEV-6883 ST_WITHIN crashes server if (0,0) is matched to POLYGON((0 0))
+--echo #
+select st_within(GeomFromText('Polygon((0 0))'), Point(0,0));
diff --git a/sql/spatial.cc b/sql/spatial.cc
index 551c79d4d90..2c838379505 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -1233,11 +1233,15 @@ int Gis_polygon::store_shapes(Gcalc_shape_transporter *trn) const
     trn->start_ring();
     get_point(&first_x, &first_y, data);
     data+= POINT_DATA_SIZE;
-    n_points--;
+
     prev_x= first_x;
     prev_y= first_y;
     if (trn->add_point(first_x, first_y))
       return 1;
+
+    if (--n_points == 0)
+      goto single_point_ring;
+
     while (--n_points)
     {
       double x, y;
@@ -1262,6 +1266,8 @@ int Gis_polygon::store_shapes(Gcalc_shape_transporter *trn) const
         return 1;
     }
     data+= POINT_DATA_SIZE;
+
+single_point_ring:
     trn->complete_ring();
   }