Description:
Got a crash on 5.0.48-enterprise today:
Stack trace (shortened):

!Gis_read_stream::get_next_word  Line 47
!Geometry::create_from_wkt  Line 171
!Item_func_geometry_from_text::val_str  Line 67
!Item::send  Line 4865
!select_send::send_data  Line 1025
!end_send Line 11377
!evaluate_join_record Line 10670
!sub_select  Line 10554
!do_select Line 10317
!JOIN::exec  Line 2069
!mysql_select  Line 2249
!handle_select  Line 255
!mysql_execute_command  Line 2666
!mysql_parse  Line 6092
!dispatch_command  Line 1812
!do_command  Line 1586
!handle_one_connection  Line 1197
!pthread_start  Line 62
!_threadstart Line 196

How to repeat:
DROP TABLE IF EXISTS `t1`;
CREATE TABLE `t1` ( `col9` set('a'), `col89` date) ENGINE=MyISAM DEFAULT CHARSET=latin1;
INSERT INTO `t1` VALUES ('','0000-00-00');
select geomfromtext(col9,col89) as a from t1;

Suggested fix:
.

better stack traces for 5.0.48 and 5.1.23BK

Attachment: bug30955_stack_traces.txt (text/plain), 5.54 KiB.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/34815

ChangeSet@1.2684, 2007-10-03 13:35:35+05:00, holyfoot@mysql.com +3 -0
  Bug #30955 geomfromtext() crasher.
  
  end-of-line check missed in Gis_read_stream::get_next_word,
  what can lead to crashes (expecially with NULL strings).
  
  End-of-line check added

The patch http://lists.mysql.com/commits/34815 is ok to push

Pushed into 4.1.24

Pushed into 5.0.52

Pushed into 5.1.23-beta

Pushed into 6.0.4-alpha

Noted in 4.1.24, 5.0.52, 5.1.23, 6.0.4 changelogs.

The GeomFromText() function could cause a server crash if the first
argument was NULL or the empty string.