Bug #38990 Arbitrary data input plus GIS functions causes mysql server crash
Submitted: 24 Aug 2008 9:24 Modified: 28 May 2009 17:30
Reporter: Norbert Tretkowski Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: GIS Severity:S2 (Serious)
Version:5.0.67, 4.1, 5.0, 5.1, 6.0 bzr OS:Any (Debian x86_64, x32)
Assigned to: Alexey Botchkov CPU Architecture:Any

File: Maximum allowed size is 3MB.
Description:
Privacy:

If the data you need to attach is more than 3MB, you should create a compressed archive of the data and a README file that describes the data with a filename that includes the bug number (recommended filename: mysql-bug-data-38990.zip) and upload one to sftp.oracle.com. A free Oracle Web (SSO) account (the one you use to login bugs.mysql.com) and a client that supports SFTP are required in order to access the SFTP server.

To upload the file to sftp.oracle.com:

  1. Open an SFTP client and connect to sftp.oracle.com. Specify port 2021 and remote directory /support/incoming/.
  2. Log in with your newly created Oracle Web account (email address) and password.
  3. Upload the archive to /support/incoming.
  4. Once you have uploaded the file, add a comment to this bug to notify us about it.
Example: sftp -oPort=2021 -oUser=email sftp.oracle.com:/support/incoming

Usage Notes: This directory is unlistable, which means that once you have uploaded your file, you will not be able to see it. A file cannot be uploaded more than once with the same filename. The filename must be changed before attempting to upload the file again. The filename should always start with mysql-bug- prefix. Files are retained on the SFTP server for 7 days and then permanently removed.

[24 Aug 2008 9:25] Norbert Tretkowski
country.sql

Attachment: country.sql (text/x-sql), 24.91 KiB.

[24 Aug 2008 9:25] Norbert Tretkowski
mysql-crash.sql

Attachment: mysql-crash.sql (text/x-sql), 437 bytes.

[25 Aug 2008 7:42] Shane Bester
stack trace of crash

Attachment: bug38990_5.0.66a_stacktrace.txt (text/plain), 4.85 KiB.