Description:
For some polygons, buffer function crashes mysqld, with a mysql server has gone away error message.

The polygon below is from a real data set and has 1123 points. I have generalized it to 200 points and the buffer then works, without crashing the server.

The polygon's points were too big for the bug report. Will attach once filed.

How to repeat:
set @geom=geomfromtext('POLYGON((458515.0 526624.0,....,458515.0 526624.0))'));

set @buff=buffer(@geom,100);

mysqld crashes

File containing query to make geometry to reproduce bug

Attachment: buffer.txt (text/plain), 39.81 KiB.

File containing query to make geometry to reproduce bug, corrected

Attachment: buffer.txt (text/plain), 19.95 KiB.

Thank you for the bug report. It is that server self-compiled or release package if yes which one?. Thanks in advance.

Miguel, it is built from source from 5.1 WL#1326,  bzr branch lp:~mysql/mysql-server/mysql-5.1-wl1326
These bugs are usually assigned to Holyfoot, as he is the developer who has created the new GIS functions.

Thank you for the report.

Verified as described.

Backtrace in my env:

Thread 1 (process 6220):
#0  0x0000003429e0b002 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000000b055d9 in my_write_core (sig=11) at stacktrace.c:310
#2  0x00000000006958d5 in handle_segfault (sig=11) at mysqld.cc:2536
#3  <signal handler called>
#4  0x000000000064a750 in get_n_sincos (n=16653, sinus=0x40a80380, cosinus=0x40a80378) at item_geofunc.cc:824
#5  0x000000000064a905 in fill_gap (trn=0x40a803f0, x=458515, y=526624, ax=nan(0x8000000000000), ay=nan(0x8000000000000), bx=22.810891686770937, by=97.363562077680825, d=100, 
    empty_gap=0x40a8041e) at item_geofunc.cc:863
#6  0x000000000064aea3 in Item_func_buffer::add_edge_buffer (this=0xe7833f8, p1=0xe7d8480, p2=0xe7d84b0, p3=0xe7ac0b0, d=100, round_p1=false, round_p2=false) at item_geofunc.cc:929
#7  0x000000000064b4cf in Item_func_buffer::add_poly_buffer (this=0xe7833f8, ptr_p=0x40a80558, n_p=0x40a80554, d=100) at item_geofunc.cc:1014
#8  0x000000000064ba56 in Item_func_buffer::val_str (this=0xe7833f8, str_value=0xe783a90) at item_geofunc.cc:1113
#9  0x00000000005ef345 in Item_func_set_user_var::check (this=0xe7836d0, use_result_field=false) at item_func.cc:4160
#10 0x00000000006bc5cf in set_var_user::check (this=0xe783b10, thd=0xe71b078) at set_var.cc:3594
#11 0x00000000006bbf4b in sql_set_variables (thd=0xe71b078, var_list=0xe71d438) at set_var.cc:3443
#12 0x00000000006aa949 in mysql_execute_command (thd=0xe71b078) at sql_parse.cc:3450
#13 0x00000000006b1f9c in mysql_parse (thd=0xe71b078, inBuf=0xe783188 "set @buff=buffer(@geom,100)", length=27, found_semicolon=0x40a81ed0) at sql_parse.cc:5929
#14 0x00000000006a48f0 in dispatch_command (command=COM_QUERY, thd=0xe71b078, packet=0xe78c099 "set @buff=buffer(@geom,100)", packet_length=27) at sql_parse.cc:1216
#15 0x00000000006a3976 in do_command (thd=0xe71b078) at sql_parse.cc:857
#16 0x00000000006a1de2 in handle_one_connection (arg=0xe71b078) at sql_connect.cc:1115
#17 0x0000003429e061b5 in start_thread () from /lib64/libpthread.so.0
#18 0x00000034292cd39d in clone () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92967

2664 Alexey Botchkov	2009-12-04
      Bug#46372      buffer of linestring returns multipolygon in certain cases
          there was a mistake in handling of 'holes' in the polygons.
          Fixed by adding the 'first_poly_node' pointer to the res_point
          structure to point to the first point of the surrounding polygon.
          Also a set of debugging functions was added. It doesn't affect the
          working fucntions, but greatly simplifies the debugging.
          This path fixes also bug#46498 and bug#45883 also.
      
      per-file comments:
        sql/gcalc_slicescan.cc
      Bug#46372      buffer of linestring returns multipolygon in certain cases
        sql/gcalc_slicescan.h
      Bug#46372      buffer of linestring returns multipolygon in certain cases
        sql/gcalc_tools.cc
      Bug#46372      buffer of linestring returns multipolygon in certain cases
        sql/gcalc_tools.h
      Bug#46372      buffer of linestring returns multipolygon in certain cases
        sql/item_geofunc.cc
      Bug#46372      buffer of linestring returns multipolygon in certain cases
        sql/spatial.cc
      Bug#46372      buffer of linestring returns multipolygon in certain cases

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/95206

2665 Alexey Botchkov	2009-12-20
      Bug#45883      Buffer function crashes mysqld
        When two next nodes of an polygon have exactly same coordinates,
        the calculation of the buffer can crash.
      
      modified:
        sql/gcalc_slicescan.cc
      Bug#45883      Buffer function crashes mysqld
        sql/gcalc_slicescan.h
      Bug#45883      Buffer function crashes mysqld
        sql/gcalc_tools.cc
      Bug#45883      Buffer function crashes mysqld
        sql/gcalc_tools.h
      Bug#45883      Buffer function crashes mysqld
        sql/item_geofunc.cc
      Bug#45883      Buffer function crashes mysqld
        sql/item_geofunc.h
      Bug#45883      Buffer function crashes mysqld
        sql/spatial.cc
      Bug#45883      Buffer function crashes mysqld
        sql/spatial.h
      Bug#45883      Buffer function crashes mysqld

This bug was earlier fixed in mysql-gis tree (before mysql-5.6 release).