MDEV-39911: Crash in ST_SIMPLIFY of a collection geometry

[DaveGosselin-MariaDB]

ST_SIMPLIFY of a multilinestring, polygon, multipolygon, or geometry collection reserved space for the result header but omitted the four byte element count that it then appends. This resulted in a buffer overrun.

Reserve the full header size, including the count, in each of the four collection simplify functions, the same fix applied for MDEV-35062 and MDEV-36042.

[gemini-code-assist]

Code Review

This pull request addresses a crash (MDEV-39911) in the ST_SIMPLIFY function when processing collection geometries. The crash was caused by insufficient buffer reservation in the simplify methods of Gis_polygon, Gis_multi_line_string, Gis_multi_polygon, and Gis_geometry_collection, which failed to account for the element count in the WKB header. The fix ensures that an additional sizeof(uint32) is reserved and adds error handling for the reservation process. Relevant test cases have also been added to prevent regression. There are no review comments, and I have no additional feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.