optimizer_use_condition_selectivity>=3
Selectivity analysis should be disabled for Geometrical columns
for the case like geometric_field= string_constant.
The bug happens because of a combination of unfortunate circumstances:
1. Arguments args[0] and args[2] of Item_func_concat point recursively
(through Item_direct_view_ref's) to the same Item_func_conv_charset.
Both args[0]->args[0]->ref[0] and args[2]->args[0]->ref[0] refer to
this Item_func_conv_charset.
2. When Item_func_concat::args[0]->val_str() is called,
Item_func_conv_charset::val_str() writes its result to
Item_func_conc_charset::tmp_value.
3. Then, for optimization purposes (to avoid copying),
Item_func_substr::val_str() initializes Item_func_substr::tmp_value
to point to the buffer fragment owned by Item_func_conv_charset::tmp_value
Item_func_substr::tmp_value is returned as a result of
Item_func_concat::args[0]->val_str().
4. Due to optimization to avoid memory reallocs,
Item_func_concat::val_str() remembers the result of args[0]->val_str()
in "res" and further uses "res" to collect the return value.
5. When Item_func_concat::args[2]->val_str() is called,
Item_func_conv_charset::tmp_value gets overwritten (see #1),
which effectively overwrites args[0]'s Item_func_substr::tmp_value (see #3),
which effectively overwrites "res" (see #4).
This patch does the following:
a. Changes Item_func_conv_charset::val_str(String *str) to use
tmp_value and str the other way around. After this change tmp_value
is used to store a temporary result, while str is used to return the value.
The fixes the second problem (without SUBSTR):
SELECT CONCAT(t2,'-',t2) c2
FROM (SELECT CONVERT(t USING latin1) t2 FROM t1) sub;
As Item_func_concat::val_str() supplies two different buffers when calling
args[0]->val_str() and args[2]->val_str(), in the new reduction the result
created during args[0]->val_str() does not get overwritten by
args[2]->val_str().
b. Fixing the same problem in val_str() for similar classes
Item_func_to_base64
Item_func_from_base64
Item_func_weight_string
Item_func_hex
Item_func_unhex
Item_func_quote
Item_func_compress
Item_func_uncompress
Item_func_des_encrypt
Item_func_des_decrypt
Item_func_conv_charset
Item_func_reverse
Item_func_soundex
Item_func_aes_encrypt
Item_func_aes_decrypt
Item_func_buffer
c. Fixing Item_func::val_str_from_val_str_ascii() the same way.
Now Item_str_ascii_func::ascii_buff is used for temporary value,
while the parameter passed to val_str() is used to return the result.
This fixes the same problem when conversion (from ASCII to e.g. UCS2)
takes place. See the ctype_ucs.test for example queries that returned
wrong results before the fix.
d. Some Item_func descendand classes had temporary String buffers
(tmp_value and tmp_str), but did not really use them.
Removing these temporary buffers from:
Item_func_decode_histogram
Item_func_format
Item_func_binlog_gtid_pos
Item_func_spatial_collection:
e. Removing Item_func_buffer::tmp_value, because it's not used any more.
f. Renaming Item_func_[un]compress::buffer to "tmp_value",
for consistency with other classes.
Note, this patch does not fix the following classes
(although they have a similar problem):
Item_str_conv
Item_func_make_set
Item_char_typecast
They have a complex implementations and simple swapping between "tmp_value"
and "str" won't work. These classes will be fixed separately.
When the distance in ST_BUFFER is too far negative the coordinates can run out of the operational
area. We should just return an empty geometry in this case.
Additional fixes for possible overflows in length-related
calculations in 'spatial' implementations.
Checks added to the ::get_data_size() methods.
max_n_points decreased to occupy less 2G size. An
object of that size is practically inoperable anyway.
The bug was found by Alyssa Milburn.
If the number of points of a geometry feature read from
binary representation is greater than 0x10000000, then
the (uint32) (num_points * 16) will cut the higher byte,
which leads to various errors.
Fixed by additional check if (num_points > max_n_points).
The bug was found by Alyssa Milburn.
If the number of points of a geometry feature read from
binary representation is greater than 0x10000000, then
the (uint32) (num_points * 16) will cut the higher byte,
which leads to various errors.
Fixed by additional check if (num_points > max_n_points).
Autointersections of an object were treated as nodes, so the wrong result.
per-file comments:
mysql-test/r/gis.result
Bug #1043845 st_distance() results are incorrect depending on variable order.
test result updated.
mysql-test/t/gis.test
Bug #1043845 st_distance() results are incorrect depending on variable order.
test case added.
sql/item.cc
small fix to make compilers happy.
sql/item_geofunc.cc
Bug #1043845 st_distance() results are incorrect depending on variable order.
Skip intersection points when calculate distance.
A defect in the subquery substitution code may lead to a server crash:
setting substitution's name should be followed by setting its length
(to keep them in sync).
mysql-test/r/gis.result:
BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN GEOMETRY FUNCTION ARGUMENTS
test result.
mysql-test/t/gis.test:
BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN GEOMETRY FUNCTION ARGUMENTS
test case.
sql/item_subselect.cc:
BUG#12537203 - CRASH WHEN SUBSELECTING GLOBAL VARIABLES IN GEOMETRY FUNCTION ARGUMENTS
set substitution's name length as well as the name itself (to keep them in sync).
Problem:
lack of incoming geometry data validation may
lead to a server crash when ISCLOSED() function called.
Solution:
necessary incoming data check added.
mysql-test/r/gis.result:
Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
test result.
mysql-test/t/gis.test:
Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
test case.
sql/spatial.cc:
Fix for BUG#12414917 - ISCLOSED() CRASHES ON 64-BIT BUILDS
check if a LINESTRING has at least one point as we
rely on that further.
The predicate is re-written from
((`test`.`g1`.`a` = geometryfromtext('')) or ...
to
((`test`.`g1`.`a` = <cache>(geometryfromtext(''))) or ...
The range optimizer calls save_in_field_no_warnings, in order to fetch keys.
save_in_field_no_warnings returns 0 because of the cache wrapper,
and get_mm_leaf() proceeded to call Field_blob::get_key_image()
which accesses un-initialized data.
mysql-test/r/gis.result:
New test case.
mysql-test/t/gis.test:
New test case.
sql/item.cc:
If we have cached a null_value, then verify that the Field can accept it.
per-file comments:
mysql-test/r/gis.result
bug 855336 ST_LENGTH does not work on GEOMETRYCOLLECTIONs fixed.
test result updated.
mysql-test/t/gis.test
bug 855336 ST_LENGTH does not work on GEOMETRYCOLLECTIONs fixed.
test case added.
sql/item_geofunc.cc
bug 855336 ST_LENGTH does not work on GEOMETRYCOLLECTIONs fixed.
geom_length() call fixed.
sql/spatial.cc
bug 855336 ST_LENGTH does not work on GEOMETRYCOLLECTIONs fixed.
Geometry_collection::geom_length implemented.
sql/spatial.h
bug 855336 ST_LENGTH does not work on GEOMETRYCOLLECTIONs fixed.
Geometry_collection::geom_length declaration added.
855253 Compiler error: gcalc_slicescan.cc:2036: error: suggest parentheses around comparison in operand of .|. in maria-5.3-gis
850775 ST_AREA does not work on GEOMETRYCOLLECTIONs in maria-5.3-gis
per-file comments:
mysql-test/r/gis.result
test result updated.
mysql-test/t/gis.test
test case added for 850775.
sql/gcalc_slicescan.cc
compiler error fixed.
sql/spatial.cc
ST_AREA implementation for GEOMETRY_COLLECTION, POINT and LINESTRING.
sql/spatial.h
area() declarations added.
We didn't implement an empty geometry. And returning NULL instead of it is not
quite correct. So here is the implementation of the empty value as GEOMETRYCOLLECTION().
per-file comments:
mysql-test/r/gis-precise.result
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
test result updated.
mysql-test/r/gis.result
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
test result updated.
mysql-test/t/gis-precise.test
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
test case added.
mysql-test/t/gis.test
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
test case added.
sql/field.cc
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
store GEOMETRYCOLLECTION() properly.
sql/gcalc_tools.cc
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
create the GEOMETRYCOLLECTION() for the empty result.
sql/gstream.h
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
next_symbol() added.
sql/spatial.cc
bug 801466 ST_INTERSECTION() returns invalid value on empty intersection in maria-5.3-gis.
code modified to handle 0 geometries in the GEOMETRYCOLLECTION properly.
Field_geom::reset() failed to reset its base Field_blob.
The range optimizer used the un-initilized field during optimization and execution.
mysql-test/r/gis.result:
New test case.
mysql-test/t/gis.test:
New test case.
sql/field.h:
Field_geom::reset() must call Field_blob::reset(), even if the field is not nullable.
