diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2017-05-17 15:16:24 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2017-05-19 20:26:56 +0200 |
| commit | 7c03edf2fe66855a8ce8f2575c3aaf66af975377 (patch) | |
| tree | 7e793f937b759c8808668c8924b71a962f9b21f8 | |
| parent | 335c4ab790254462753ba4ed8b074c5847b2708f (diff) | |
| download | mariadb-git-7c03edf2fe66855a8ce8f2575c3aaf66af975377.tar.gz | |
MDEV-6262 analyze the coverity report on mariadb
uploaded 10.0, analyzed everything with the Impact=High
(and a couple of Medium)
37 files changed, 96 insertions, 63 deletions
diff --git a/client/mysql.cc b/client/mysql.cc index a9310a87d8e..3461f8bbc75 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -3061,7 +3061,6 @@ static int com_server_help(String *buffer __attribute__((unused)), { unsigned int num_fields= mysql_num_fields(result); my_ulonglong num_rows= mysql_num_rows(result); - mysql_fetch_fields(result); if (num_fields==3 && num_rows==1) { if (!(cur= mysql_fetch_row(result))) diff --git a/client/mysql_upgrade.c b/client/mysql_upgrade.c index f2d94871f07..397a252cdc0 100644 --- a/client/mysql_upgrade.c +++ b/client/mysql_upgrade.c @@ -1042,7 +1042,7 @@ static int check_version_match(void) int main(int argc, char **argv) { - char self_name[FN_REFLEN]; + char self_name[FN_REFLEN + 1]; MY_INIT(argv[0]); @@ -1050,7 +1050,7 @@ int main(int argc, char **argv) if (GetModuleFileName(NULL, self_name, FN_REFLEN) == 0) #endif { - strncpy(self_name, argv[0], FN_REFLEN); + strmake_buf(self_name, argv[0]); } if (init_dynamic_string(&ds_args, "", 512, 256) || diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc index bab94d6e5ee..e85d306c834 100644 --- a/client/mysqladmin.cc +++ b/client/mysqladmin.cc @@ -614,6 +614,7 @@ static my_bool sql_connect(MYSQL *mysql, uint wait) static int execute_commands(MYSQL *mysql,int argc, char **argv) { + int ret = 0; const char *status; /* MySQL documentation relies on the fact that mysqladmin will @@ -1107,7 +1108,8 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) if (strcmp(typed_password, verified) != 0) { my_printf_error(0,"Passwords don't match",MYF(ME_BELL)); - return -1; + ret = -1; + goto password_done; } } else @@ -1134,7 +1136,8 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) { my_printf_error(0, "Could not determine old_passwords setting from server; error: '%s'", error_flags, mysql_error(mysql)); - return -1; + ret = -1; + goto password_done; } else { @@ -1145,7 +1148,8 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) "Could not get old_passwords setting from " "server; error: '%s'", error_flags, mysql_error(mysql)); - return -1; + ret = -1; + goto password_done; } if (!mysql_num_rows(res)) old= 1; @@ -1170,15 +1174,15 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) { my_printf_error(0, "Can't turn off logging; error: '%s'", error_flags, mysql_error(mysql)); - return -1; + ret = -1; } + else if (mysql_query(mysql,buff)) { if (mysql_errno(mysql)!=1290) { my_printf_error(0,"unable to change password; error: '%s'", error_flags, mysql_error(mysql)); - return -1; } else { @@ -1192,9 +1196,10 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) " --skip-grant-tables).\n" "Use: \"mysqladmin flush-privileges password '*'\"" " instead", error_flags); - return -1; } + ret = -1; } +password_done: /* free up memory from prompted password */ if (typed_password != argv[1]) { @@ -1296,7 +1301,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) return 1; } } - return 0; + return ret; } /** diff --git a/client/mysqlbinlog.cc b/client/mysqlbinlog.cc index 29355d013c7..804c6314ef9 100644 --- a/client/mysqlbinlog.cc +++ b/client/mysqlbinlog.cc @@ -1976,7 +1976,7 @@ static Exit_status dump_remote_log_entries(PRINT_EVENT_INFO *print_event_info, int2store(buf + BIN_LOG_HEADER_SIZE, binlog_flags); size_t tlen = strlen(logname); - if (tlen > UINT_MAX) + if (tlen > sizeof(buf) - 10) { error("Log name too long."); DBUG_RETURN(ERROR_STOP); diff --git a/client/mysqldump.c b/client/mysqldump.c index 245f24dd508..6877a5cee3b 100644 --- a/client/mysqldump.c +++ b/client/mysqldump.c @@ -2818,6 +2818,8 @@ static uint get_table_structure(char *table, char *db, char *table_type, my_free(scv_buff); + if (path) + my_fclose(sql_file, MYF(MY_WME)); DBUG_RETURN(0); } else @@ -5827,8 +5829,7 @@ static my_bool get_view_structure(char *table, char* db) dynstr_free(&ds_view); } - if (switch_character_set_results(mysql, default_charset)) - DBUG_RETURN(1); + switch_character_set_results(mysql, default_charset); /* If a separate .sql file was opened, close it now */ if (sql_file != md_result_file) diff --git a/client/mysqltest.cc b/client/mysqltest.cc index d903484bd4d..f9715bfbfdb 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -1721,13 +1721,12 @@ void log_msg(const char *fmt, ...) int cat_file(DYNAMIC_STRING* ds, const char* filename) { int fd; - size_t len; + int len; char buff[16384]; if ((fd= my_open(filename, O_RDONLY, MYF(0))) < 0) return 1; - while((len= my_read(fd, (uchar*)&buff, - sizeof(buff)-1, MYF(0))) > 0) + while((len= (int)my_read(fd, (uchar*)&buff, sizeof(buff)-1, MYF(0))) > 0) { char *p= buff, *start= buff,*end=buff+len; while (p < end) diff --git a/mysys/lf_hash.c b/mysys/lf_hash.c index 0699f5d49fe..7edf5e3a03d 100644 --- a/mysys/lf_hash.c +++ b/mysys/lf_hash.c @@ -485,7 +485,10 @@ static int initialize_bucket(LF_HASH *hash, LF_SLIST * volatile *node, return -1; if (*el == NULL && bucket && unlikely(initialize_bucket(hash, el, parent, pins))) + { + my_free(dummy); return -1; + } dummy->hashnr= my_reverse_bits(bucket) | 0; /* dummy node */ dummy->key= dummy_key; dummy->keylen= 0; diff --git a/mysys/ma_dyncol.c b/mysys/ma_dyncol.c index 85c0b947497..d0d6254d11c 100644 --- a/mysys/ma_dyncol.c +++ b/mysys/ma_dyncol.c @@ -4039,6 +4039,7 @@ mariadb_dyncol_val_double(double *dbl, DYNAMIC_COLUMN_VALUE *val) *dbl= strtod(str, &end); if (*end != '\0') rc= ER_DYNCOL_TRUNCATED; + free(str); break; } case DYN_COL_DECIMAL: diff --git a/mysys/waiting_threads.c b/mysys/waiting_threads.c index 1fe6a0f9a1c..f2b1bbb5993 100644 --- a/mysys/waiting_threads.c +++ b/mysys/waiting_threads.c @@ -561,7 +561,7 @@ my_bool wt_resource_id_memcmp(const void *a, const void *b) { /* we use the fact that there's no padding in the middle of WT_RESOURCE_ID */ compile_time_assert(offsetof(WT_RESOURCE_ID, type) == sizeof(ulonglong)); - return memcmp(a, b, sizeof_WT_RESOURCE_ID); + return MY_TEST(memcmp(a, b, sizeof_WT_RESOURCE_ID)); } /** diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c index fbca8bf9e93..a4d1deb8ada 100644 --- a/plugin/auth_pam/auth_pam.c +++ b/plugin/auth_pam/auth_pam.c @@ -141,6 +141,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) if (new_username && strcmp(new_username, info->user_name)) strncpy(info->authenticated_as, new_username, sizeof(info->authenticated_as)); + info->authenticated_as[sizeof(info->authenticated_as)-1]= 0; end: pam_end(pamh, status); diff --git a/plugin/feedback/sender_thread.cc b/plugin/feedback/sender_thread.cc index 9417dc85b7d..4a7da3000ca 100644 --- a/plugin/feedback/sender_thread.cc +++ b/plugin/feedback/sender_thread.cc @@ -204,7 +204,7 @@ static void send_report(const char *when) /* otherwise, prepare the THD and TABLE_LIST, create and fill the temporary table with data just like - SELECT * FROM IFROEMATION_SCHEMA.feedback is doing, + SELECT * FROM INFORMATION_SCHEMA.FEEDBACK is doing, read and concatenate table data into a String. */ if (!(thd= new THD())) diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index de0b7bfae8e..c4b6fa361a3 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1041,6 +1041,7 @@ static int start_logging() error_header(); fprintf(stderr, "logging started to the file %s.\n", alt_fname); strncpy(current_log_buf, alt_fname, sizeof(current_log_buf)); + current_log_buf[sizeof(current_log_buf)-1]= 0; } else if (output_type == OUTPUT_SYSLOG) { @@ -2570,6 +2571,7 @@ static void update_file_path(MYSQL_THD thd, } strncpy(path_buffer, new_name, sizeof(path_buffer)); + path_buffer[sizeof(path_buffer)-1]= 0; file_path= path_buffer; exit_func: internal_stop_logging= 0; @@ -2622,6 +2624,7 @@ static void update_incl_users(MYSQL_THD thd, flogger_mutex_lock(&lock_operations); mark_always_logged(thd); strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer)); + incl_user_buffer[sizeof(incl_user_buffer)-1]= 0; incl_users= incl_user_buffer; user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1); error_header(); @@ -2640,6 +2643,7 @@ static void update_excl_users(MYSQL_THD thd __attribute__((unused)), flogger_mutex_lock(&lock_operations); mark_always_logged(thd); strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer)); + excl_user_buffer[sizeof(excl_user_buffer)-1]= 0; excl_users= excl_user_buffer; user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0); error_header(); @@ -2771,6 +2775,7 @@ static void update_syslog_ident(MYSQL_THD thd __attribute__((unused)), { char *new_ident= (*(char **) save) ? *(char **) save : empty_str; strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer)); + syslog_ident_buffer[sizeof(syslog_ident_buffer)-1]= 0; syslog_ident= syslog_ident_buffer; error_header(); fprintf(stderr, "SYSYLOG ident was changed to '%s'\n", syslog_ident); diff --git a/sql-common/client_plugin.c b/sql-common/client_plugin.c index dd87b01d932..f93e50125c5 100644 --- a/sql-common/client_plugin.c +++ b/sql-common/client_plugin.c @@ -375,8 +375,7 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type, if (!(sym= dlsym(dlhandle, plugin_declarations_sym))) { errmsg= "not a plugin"; - (void)dlclose(dlhandle); - goto err; + goto errc; } plugin= (struct st_mysql_client_plugin*)sym; @@ -384,19 +383,19 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type, if (type >=0 && type != plugin->type) { errmsg= "type mismatch"; - goto err; + goto errc; } if (strcmp(name, plugin->name)) { errmsg= "name mismatch"; - goto err; + goto errc; } if (type < 0 && find_plugin(name, plugin->type)) { errmsg= "it is already loaded"; - goto err; + goto errc; } plugin= add_plugin(mysql, plugin, dlhandle, argc, args); @@ -406,6 +405,8 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type, DBUG_PRINT ("leave", ("plugin loaded ok")); DBUG_RETURN (plugin); +errc: + dlclose(dlhandle); err: mysql_mutex_unlock(&LOCK_load_client_plugin); DBUG_PRINT ("leave", ("plugin load error : %s", errmsg)); diff --git a/sql/discover.cc b/sql/discover.cc index d8ed718fc58..d8bf6ca79c5 100644 --- a/sql/discover.cc +++ b/sql/discover.cc @@ -89,8 +89,7 @@ int readfrm(const char *name, const uchar **frmdata, size_t *len) error= 0; err: - if (file > 0) - (void) mysql_file_close(file, MYF(MY_WME)); + (void) mysql_file_close(file, MYF(MY_WME)); err_end: /* Here when no file */ DBUG_RETURN (error); diff --git a/sql/filesort.cc b/sql/filesort.cc index 73a6c89e53f..8a7d5610dc2 100644 --- a/sql/filesort.cc +++ b/sql/filesort.cc @@ -914,6 +914,7 @@ write_keys(Sort_param *param, Filesort_info *fs_info, uint count, /* check we won't have more buffpeks than we can possibly keep in memory */ if (my_b_tell(buffpek_pointers) + sizeof(BUFFPEK) > (ulonglong)UINT_MAX) goto err; + bzero(&buffpek, sizeof(buffpek)); buffpek.file_pos= my_b_tell(tempfile); if ((ha_rows) count > param->max_rows) count=(uint) param->max_rows; /* purecov: inspected */ diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 0aa917cb7fe..32cdda9debc 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -7702,7 +7702,7 @@ static int show_default_keycache(THD *thd, SHOW_VAR *var, char *buff) { struct st_data { KEY_CACHE_STATISTICS stats; - SHOW_VAR var[8]; + SHOW_VAR var[9]; } *data; SHOW_VAR *v; diff --git a/sql/opt_range.cc b/sql/opt_range.cc index 8f9d5abfa4d..481d8445fa8 100644 --- a/sql/opt_range.cc +++ b/sql/opt_range.cc @@ -7549,7 +7549,10 @@ QUICK_SELECT_I *TRP_ROR_UNION::make_quick(PARAM *param, { if (!(quick= (*scan)->make_quick(param, FALSE, &quick_roru->alloc)) || quick_roru->push_quick_back(quick)) + { + delete quick_roru; DBUG_RETURN(NULL); + } } quick_roru->records= records; quick_roru->read_time= read_cost; @@ -11194,9 +11197,7 @@ QUICK_RANGE_SELECT *get_quick_select_for_ref(THD *thd, TABLE *table, */ thd->mem_root= old_root; - if (!quick || create_err) - return 0; /* no ranges found */ - if (quick->init()) + if (!quick || create_err || quick->init()) goto err; quick->records= records; diff --git a/sql/records.cc b/sql/records.cc index a37f7a18c11..940fd97d123 100644 --- a/sql/records.cc +++ b/sql/records.cc @@ -69,7 +69,7 @@ static int rr_index_desc(READ_RECORD *info); bool init_read_record_idx(READ_RECORD *info, THD *thd, TABLE *table, bool print_error, uint idx, bool reverse) { - int error; + int error= 0; DBUG_ENTER("init_read_record_idx"); empty_record(table); diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index a88e6d776c7..1a02a2ae84c 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -3022,7 +3022,7 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length) { stmt->state= Query_arena::STMT_ERROR; stmt->last_errno= thd->get_stmt_da()->sql_errno(); - strncpy(stmt->last_error, thd->get_stmt_da()->message(), MYSQL_ERRMSG_SIZE); + strmake_buf(stmt->last_error, thd->get_stmt_da()->message()); } thd->set_stmt_da(save_stmt_da); diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc index 560b7ede183..ebe89e2b4a0 100644 --- a/sql/sql_repl.cc +++ b/sql/sql_repl.cc @@ -3685,9 +3685,6 @@ bool mysql_show_binlog_events(THD* thd) Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF)) DBUG_RETURN(TRUE); - Format_description_log_event *description_event= new - Format_description_log_event(3); /* MySQL 4.0 by default */ - DBUG_ASSERT(thd->lex->sql_command == SQLCOM_SHOW_BINLOG_EVENTS || thd->lex->sql_command == SQLCOM_SHOW_RELAYLOG_EVENTS); @@ -3713,6 +3710,9 @@ bool mysql_show_binlog_events(THD* thd) binary_log= &(mi->rli.relay_log); } + Format_description_log_event *description_event= new + Format_description_log_event(3); /* MySQL 4.0 by default */ + if (binary_log->is_open()) { LEX_MASTER_INFO *lex_mi= &thd->lex->mi; diff --git a/sql/sql_show.cc b/sql/sql_show.cc index ae074eee556..3f161fb8aec 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3016,7 +3016,7 @@ static bool show_status_array(THD *thd, const char *wild, for (; variables->name; variables++) { - bool wild_checked; + bool wild_checked= 0; strnmov(prefix_end, variables->name, len); name_buffer[sizeof(name_buffer)-1]=0; /* Safety */ if (ucase_names) diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 5ff79a2f235..99248457bb8 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -1660,7 +1660,10 @@ Sys_var_gtid_binlog_state::do_check(THD *thd, set_var *var) return true; } if (res->length() == 0) + { list= NULL; + list_len= 0; + } else if (!(list= gtid_parse_string_to_list(res->ptr(), res->length(), &list_len))) { diff --git a/storage/csv/ha_tina.cc b/storage/csv/ha_tina.cc index 35596a59c86..a8ae617a588 100644 --- a/storage/csv/ha_tina.cc +++ b/storage/csv/ha_tina.cc @@ -1484,13 +1484,13 @@ int ha_tina::repair(THD* thd, HA_CHECK_OPT* check_opt) /* Don't assert in field::val() functions */ table->use_all_columns(); - if (!(buf= (uchar*) my_malloc(table->s->reclength, MYF(MY_WME)))) - DBUG_RETURN(HA_ERR_OUT_OF_MEM); /* position buffer to the start of the file */ if (init_data_file()) DBUG_RETURN(HA_ERR_CRASHED_ON_REPAIR); + if (!(buf= (uchar*) my_malloc(table->s->reclength, MYF(MY_WME)))) + DBUG_RETURN(HA_ERR_OUT_OF_MEM); /* Local_saved_data_file_length is initialized during the lock phase. Sometimes this is not getting executed before ::repair (e.g. for @@ -1574,9 +1574,9 @@ int ha_tina::repair(THD* thd, HA_CHECK_OPT* check_opt) DBUG_RETURN(my_errno ? my_errno : -1); share->tina_write_opened= FALSE; } - if (mysql_file_close(data_file, MYF(0)) || - mysql_file_close(repair_file, MYF(0)) || - mysql_file_rename(csv_key_file_data, + mysql_file_close(data_file, MYF(0)); + mysql_file_close(repair_file, MYF(0)); + if (mysql_file_rename(csv_key_file_data, repaired_fname, share->data_file_name, MYF(0))) DBUG_RETURN(-1); @@ -1698,13 +1698,14 @@ int ha_tina::check(THD* thd, HA_CHECK_OPT* check_opt) DBUG_ENTER("ha_tina::check"); old_proc_info= thd_proc_info(thd, "Checking table"); - if (!(buf= (uchar*) my_malloc(table->s->reclength, MYF(MY_WME)))) - DBUG_RETURN(HA_ERR_OUT_OF_MEM); /* position buffer to the start of the file */ if (init_data_file()) DBUG_RETURN(HA_ERR_CRASHED); + if (!(buf= (uchar*) my_malloc(table->s->reclength, MYF(MY_WME)))) + DBUG_RETURN(HA_ERR_OUT_OF_MEM); + /* Local_saved_data_file_length is initialized during the lock phase. Check does not use store_lock in certain cases. So, we set it diff --git a/storage/maria/ma_check.c b/storage/maria/ma_check.c index bd5c67c0409..851f21888d8 100644 --- a/storage/maria/ma_check.c +++ b/storage/maria/ma_check.c @@ -4215,6 +4215,7 @@ int maria_repair_parallel(HA_CHECK *param, register MARIA_HA *info, printf("Data records: %s\n", llstr(start_records, llbuff)); } + bzero(&new_data_cache, sizeof(new_data_cache)); if (initialize_variables_for_repair(param, &sort_info, &tmp_sort_param, info, rep_quick, &backup_share)) goto err; diff --git a/storage/maria/ma_loghandler.c b/storage/maria/ma_loghandler.c index 86a8970d7a7..096d14f2d57 100644 --- a/storage/maria/ma_loghandler.c +++ b/storage/maria/ma_loghandler.c @@ -953,6 +953,7 @@ static File create_logfile_by_number_no_cache(uint32 file_no) { DBUG_PRINT("error", ("Error %d during syncing directory '%s'", errno, log_descriptor.directory)); + mysql_file_close(file, MYF(0)); translog_stop_writing(); DBUG_RETURN(-1); } @@ -1454,17 +1455,16 @@ LSN translog_get_file_max_lsn_stored(uint32 file) if (translog_read_file_header(&info, fd)) { DBUG_PRINT("error", ("Can't read file header")); - DBUG_RETURN(LSN_ERROR); + info.max_lsn= LSN_ERROR; } if (mysql_file_close(fd, MYF(MY_WME))) { DBUG_PRINT("error", ("Can't close file")); - DBUG_RETURN(LSN_ERROR); + info.max_lsn= LSN_ERROR; } - DBUG_PRINT("info", ("Max lsn: (%lu,0x%lx)", - LSN_IN_PARTS(info.max_lsn))); + DBUG_PRINT("info", ("Max lsn: (%lu,0x%lx)", LSN_IN_PARTS(info.max_lsn))); DBUG_RETURN(info.max_lsn); } } @@ -1638,13 +1638,15 @@ static my_bool translog_create_new_file() if (allocate_dynamic(&log_descriptor.open_files, log_descriptor.max_file - log_descriptor.min_file + 2)) goto error_lock; - if ((file->handler.file= - create_logfile_by_number_no_cache(file_no)) == -1) + + /* this call just expand the array */ + if (insert_dynamic(&log_descriptor.open_files, (uchar*)&file)) + goto error_lock; + + if ((file->handler.file= create_logfile_by_number_no_cache(file_no)) == -1) goto error_lock; translog_file_init(file, file_no, 0); - /* this call just expand the array */ - insert_dynamic(&log_descriptor.open_files, (uchar*)&file); log_descriptor.max_file++; { char *start= (char*) dynamic_element(&log_descriptor.open_files, 0, @@ -1678,6 +1680,7 @@ error_lock: mysql_rwlock_unlock(&log_descriptor.open_files_lock); error: translog_stop_writing(); + my_free(file); DBUG_RETURN(1); } @@ -3985,11 +3988,14 @@ my_bool translog_init_with_table(const char *directory, /* Start new log system from scratch */ log_descriptor.horizon= MAKE_LSN(start_file_num, TRANSLOG_PAGE_SIZE); /* header page */ - if ((file->handler.file= - create_logfile_by_number_no_cache(start_file_num)) == -1) - goto err; translog_file_init(file, start_file_num, 0); if (insert_dynamic(&log_descriptor.open_files, (uchar*)&file)) + { + my_free(file); + goto err; + } + if ((file->handler.file= + create_logfile_by_number_no_cache(start_file_num)) == -1) goto err; log_descriptor.min_file= log_descriptor.max_file= start_file_num; if (translog_write_file_header()) diff --git a/storage/maria/ma_packrec.c b/storage/maria/ma_packrec.c index 6a4e7ea99cf..4127c4f5fcf 100644 --- a/storage/maria/ma_packrec.c +++ b/storage/maria/ma_packrec.c @@ -1445,7 +1445,7 @@ uint _ma_pack_get_block_info(MARIA_HA *maria, MARIA_BIT_BUFF *bit_buff, maria->blob_length=info->blob_len; } info->filepos=filepos+head_length; - if (file > 0) + if (file >= 0) { info->offset=MY_MIN(info->rec_len, ref_length - head_length); memcpy(*rec_buff_p, header + head_length, info->offset); diff --git a/storage/maria/ma_recovery.c b/storage/maria/ma_recovery.c index a09662544a2..5a36c9db8ca 100644 --- a/storage/maria/ma_recovery.c +++ b/storage/maria/ma_recovery.c @@ -1988,7 +1988,7 @@ prototype_redo_exec_hook(UNDO_KEY_INSERT) const HA_KEYSEG *keyseg= info->s->keyinfo[keynr].seg; ulonglong value; char llbuf[22]; - uchar *to; + uchar reversed[MARIA_MAX_KEY_BUFF], *to; tprint(tracef, " state older than record\n"); /* we read the record to find the auto_increment value */ enlarge_buffer(rec); @@ -2005,7 +2005,6 @@ prototype_redo_exec_hook(UNDO_KEY_INSERT) if (keyseg->flag & HA_SWAP_KEY) { /* We put key from log record to "data record" packing format... */ - uchar reversed[MARIA_MAX_KEY_BUFF]; uchar *key_ptr= to; uchar *key_end= key_ptr + keyseg->length; to= reversed + keyseg->length; diff --git a/storage/myisam/ha_myisam.cc b/storage/myisam/ha_myisam.cc index 2cfaa5ebdcc..8ec3c3681e9 100644 --- a/storage/myisam/ha_myisam.cc +++ b/storage/myisam/ha_myisam.cc @@ -1248,6 +1248,7 @@ int ha_myisam::assign_to_keycache(THD* thd, HA_CHECK_OPT *check_opt) { KEY_CACHE *new_key_cache= check_opt->key_cache; const char *errmsg= 0; + char buf[STRING_BUFFER_USUAL_SIZE]; int error= HA_ADMIN_OK; ulonglong map; TABLE_LIST *table_list= table->pos_in_table_list; @@ -1264,7 +1265,6 @@ int ha_myisam::assign_to_keycache(THD* thd, HA_CHECK_OPT *check_opt) if ((error= mi_assign_to_key_cache(file, map, new_key_cache))) { - char buf[STRING_BUFFER_USUAL_SIZE]; my_snprintf(buf, sizeof(buf), "Failed to flush to index file (errno: %d)", error); errmsg= buf; diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c index bdb2fdf8447..7e846fc262c 100644 --- a/storage/myisam/mi_open.c +++ b/storage/myisam/mi_open.c @@ -151,7 +151,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) } share->mode=open_mode; errpos=1; - if (mysql_file_read(kfile, share->state.header.file_version, head_length, + if (mysql_file_read(kfile, (uchar*)&share->state.header, head_length, MYF(MY_NABP))) { my_errno= HA_ERR_NOT_A_TABLE; diff --git a/storage/xtradb/buf/buf0dump.cc b/storage/xtradb/buf/buf0dump.cc index 5f83d401f98..51c41cc1b78 100644 --- a/storage/xtradb/buf/buf0dump.cc +++ b/storage/xtradb/buf/buf0dump.cc @@ -604,6 +604,7 @@ buf_load() if (dump_n == 0) { ut_free(dump); + ut_free(dump_tmp); ut_sprintf_timestamp(now); buf_load_status(STATUS_NOTICE, "Buffer pool(s) load completed at %s " diff --git a/storage/xtradb/dict/dict0mem.cc b/storage/xtradb/dict/dict0mem.cc index ee6de30cd40..0f48c7c69e3 100644 --- a/storage/xtradb/dict/dict0mem.cc +++ b/storage/xtradb/dict/dict0mem.cc @@ -321,8 +321,8 @@ dict_mem_table_col_rename_low( ut_ad(from_len <= NAME_LEN); ut_ad(to_len <= NAME_LEN); - char from[NAME_LEN]; - strncpy(from, s, NAME_LEN); + char from[NAME_LEN + 1]; + strncpy(from, s, NAME_LEN + 1); if (from_len == to_len) { /* The easy case: simply replace the column name in diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index d0eef98f064..7d1ed3da5fd 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -3219,13 +3219,13 @@ innobase_convert_identifier( ibool file_id)/*!< in: TRUE=id is a table or database name; FALSE=id is an UTF-8 string */ { + char nz2[MAX_TABLE_NAME_LEN + 1]; const char* s = id; int q; if (file_id) { char nz[MAX_TABLE_NAME_LEN + 1]; - char nz2[MAX_TABLE_NAME_LEN + 1]; /* Decode the table name. The MySQL function expects a NUL-terminated string. The input and output strings diff --git a/storage/xtradb/log/log0online.cc b/storage/xtradb/log/log0online.cc index 3cd1412098d..ee5136376fa 100644 --- a/storage/xtradb/log/log0online.cc +++ b/storage/xtradb/log/log0online.cc @@ -1453,6 +1453,7 @@ log_online_setup_bitmap_file_range( if (UNIV_UNLIKELY(array_pos >= bitmap_files->count)) { log_online_diagnose_inconsistent_dir(bitmap_files); + os_file_closedir(bitmap_dir); return FALSE; } diff --git a/storage/xtradb/srv/srv0srv.cc b/storage/xtradb/srv/srv0srv.cc index 22d7312643b..bd1bc2c7131 100644 --- a/storage/xtradb/srv/srv0srv.cc +++ b/storage/xtradb/srv/srv0srv.cc @@ -2483,7 +2483,8 @@ purge_archived_logs( if (dirnamelen + strlen(fileinfo.name) + 2 > OS_FILE_MAX_PATH) continue; - snprintf(archived_log_filename + dirnamelen, OS_FILE_MAX_PATH, + snprintf(archived_log_filename + dirnamelen, + OS_FILE_MAX_PATH - dirnamelen - 1, "%s", fileinfo.name); if (before_no) { diff --git a/strings/ctype.c b/strings/ctype.c index d8a1dd7502b..25fc2e29877 100644 --- a/strings/ctype.c +++ b/strings/ctype.c @@ -750,7 +750,7 @@ static int cs_value(MY_XML_PARSER *st,const char *attr, size_t len) /* Rules: Context */ case _CS_CONTEXT: - if (len < sizeof(i->context) + 1) + if (len < sizeof(i->context)) { memcpy(i->context, attr, len); i->context[len]= '\0'; diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 4e4768559d4..4978faafb67 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -1033,6 +1033,7 @@ static void test_wl4435_2() \ rs_metadata= mysql_stmt_result_metadata(ps); \ fields= mysql_fetch_fields(rs_metadata); \ + mysql_free_result(rs_metadata); \ \ rc= mysql_stmt_bind_result(ps, &psp); \ check_execute(ps, rc); \ diff --git a/unittest/mysys/ma_dyncol-t.c b/unittest/mysys/ma_dyncol-t.c index b3fff638b65..3b43c10a6a8 100644 --- a/unittest/mysys/ma_dyncol-t.c +++ b/unittest/mysys/ma_dyncol-t.c @@ -687,6 +687,9 @@ void test_update_many(uint *column_numbers, uint *column_values, err: ok(rc, "%s", "update_many"); /* cleanup */ + free(val); + free(upd); + free(res); mariadb_dyncol_free(&str1); mariadb_dyncol_free(&str2); } |