MDEV-31766 SIGSEGV in maria_rtree_split_page | maria_rtree_add_key.

Raise an error when UPDATE with the bad spatial object.

Author: Alexey Botchkov

mysql-test/main/gis-rtree.result

@@ -1629,3 +1629,8 @@ DROP TABLE t1;
 #
 # End of 10.1 tests
 #
+CREATE TABLE t1 (c POINT NOT NULL,SPATIAL (c));
+INSERT INTO t1 VALUES (ST_GEOMFROMTEXT ('POINT(1 0)'));
+UPDATE t1 SET c='';
+ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field
+DROP TABLE t1;

mysql-test/main/gis-rtree.test

@@ -1010,3 +1010,15 @@ DROP TABLE t1;
 --echo #
 --echo # End of 10.1 tests
 --echo #
+
+#
+# Bug #31766 SIGSEGV in maria_rtree_split_page | maria_rtree_add_key
+#
+
+CREATE TABLE t1 (c POINT NOT NULL,SPATIAL (c));
+INSERT INTO t1 VALUES (ST_GEOMFROMTEXT ('POINT(1 0)'));
+--error ER_CANT_CREATE_GEOMETRY_OBJECT
+UPDATE t1 SET c='';
+DROP TABLE t1;
+
+

mysql-test/suite/innodb_gis/r/innodb_gis_rtree.result

@@ -1629,3 +1629,8 @@ DROP TABLE t1;
 #
 # End of 10.1 tests
 #
+CREATE TABLE t1 (c POINT NOT NULL,SPATIAL (c));
+INSERT INTO t1 VALUES (ST_GEOMFROMTEXT ('POINT(1 0)'));
+UPDATE t1 SET c='';
+ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field
+DROP TABLE t1;

mysql-test/suite/maria/maria-gis-rtree.result

@@ -1484,3 +1484,8 @@ COUNT(*)
 2
 DROP TABLE t1;
 End of 5.0 tests.
+CREATE TABLE t1 (c POINT NOT NULL,SPATIAL (c));
+INSERT INTO t1 VALUES (ST_GEOMFROMTEXT ('POINT(1 0)'));
+UPDATE t1 SET c='';
+ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field
+DROP TABLE t1;

mysql-test/suite/maria/maria-gis-rtree.test

@@ -886,3 +886,13 @@ SELECT COUNT(*) FROM t1 IGNORE INDEX (b) WHERE
 DROP TABLE t1;
 
 --echo End of 5.0 tests.
+
+#
+# Bug #31766 SIGSEGV in maria_rtree_split_page | maria_rtree_add_key
+#
+
+CREATE TABLE t1 (c POINT NOT NULL,SPATIAL (c));
+INSERT INTO t1 VALUES (ST_GEOMFROMTEXT ('POINT(1 0)'));
+--error ER_CANT_CREATE_GEOMETRY_OBJECT
+UPDATE t1 SET c='';
+DROP TABLE t1;

storage/maria/ma_update.c

@@ -16,6 +16,7 @@
 #include "ma_fulltext.h"
 #include "ma_rt_index.h"
 #include "trnman.h"
+#include <mysqld_error.h>
 
 /**
    Update an old row in a MARIA table
@@ -113,10 +114,19 @@ int maria_update(register MARIA_HA *info, const uchar *oldrec,
       {
         MARIA_KEY new_key, old_key;
 
-        (*keyinfo->make_key)(info,&new_key, i, new_key_buff, newrec,
-                             pos, info->trn->trid);
-        (*keyinfo->make_key)(info,&old_key, i, old_key_buff,
-                             oldrec, pos, info->cur_row.trid);
+        if (!(*keyinfo->make_key)(info,&new_key, i, new_key_buff, newrec,
+                                  pos, info->trn->trid))
+          goto err;
+
+        if (!(*keyinfo->make_key)(info,&old_key, i, old_key_buff,
+                                  oldrec, pos, info->cur_row.trid))
+        {
+          /*
+            Can't make a key from the record from the table already.
+            Sholdn't happen normally. Table is corrupted.
+          */
+          goto err;
+        }
 
         /* The above changed info->lastkey2. Inform maria_rnext_same(). */
         info->update&= ~HA_STATE_RNEXT_SAME;
@@ -204,7 +214,7 @@ int maria_update(register MARIA_HA *info, const uchar *oldrec,
     save_errno= HA_ERR_INTERNAL_ERROR;          /* Should never happen */
 
   if (my_errno == HA_ERR_FOUND_DUPP_KEY || my_errno == HA_ERR_OUT_OF_MEM ||
-      my_errno == HA_ERR_RECORD_FILE_FULL)
+      my_errno == HA_ERR_RECORD_FILE_FULL || my_errno == HA_ERR_NULL_IN_SPATIAL)
   {
     info->errkey= (int) i;
     flag=0;