diff --git a/client/mysqltest.c b/client/mysqltest.c
index fd1c928b4fdf434d4183a5543d473ff59c769d73..a168099e6d699f6cdc7876347b7362ce079b258d 100644
--- a/client/mysqltest.c
+++ b/client/mysqltest.c
@@ -2302,6 +2302,7 @@ static VAR* var_init(VAR* v, const char* name, int name_len, const char* val,
   if (!(tmp_var->str_val = my_malloc(val_alloc_len+1, MYF(MY_WME))))
     die("Out of memory");
 
+  /* 'name' may be NULL here, but in this case name_len is 0 */
   memcpy(tmp_var->name, name, name_len);
   if (val)
   {
diff --git a/dbug/dbug.c b/dbug/dbug.c
index a4f9d5ecd4bf9f3a30fc85970d68ce2eb7d5f5b7..c6df6b105c56a62979433533af73303b5a5abd47 100644
--- a/dbug/dbug.c
+++ b/dbug/dbug.c
@@ -501,7 +501,7 @@ void _db_push_ (const char *control)
   if (! _db_fp_)
     _db_fp_= stderr;		/* Output stream, default stderr */
 
-  if (control && *control == '-')
+  if (*control == '-')
   {
     if (*++control == '#')
       control++;
diff --git a/mysys/charset.c b/mysys/charset.c
index ba6733185e081d2750e32078f423261c19b495aa..5e5be9e1b4220953abb90015cbf29e65a96fde5b 100644
--- a/mysys/charset.c
+++ b/mysys/charset.c
@@ -300,7 +300,25 @@ static CHARSET_INFO *find_charset_by_name(CHARSET_INFO **table,
   return NULL;
 }
 
-static CHARSET_INFO *add_charset(uint cs_number, const char *cs_name, myf flags)
+/*
+  Read charset from file.
+
+  NOTES
+    One never has to deallocate character sets. They will all be deallocated
+    by my_once_free() when program ends.
+  
+    If my_once_alloc() fails then this function may 'leak' some memory
+    which my_once_free() will deallocate, but this is so unlikely to happen
+    that this can be ignored.
+
+  RETURN
+   0	Error
+   #	Pointer to allocated charset structure
+*/
+ 
+
+static CHARSET_INFO *add_charset(uint cs_number, const char *cs_name,
+				 myf flags)
 {
   CHARSET_INFO tmp_cs,*cs;
   uchar tmp_ctype[CTYPE_TABLE_SIZE];
@@ -317,21 +335,27 @@ static CHARSET_INFO *add_charset(uint cs_number, const char *cs_name, myf flags)
   cs->sort_order=tmp_sort_order;
   cs->strxfrm_multiply=cs->mbmaxlen=1;
   if (read_charset_file(cs_number, cs, flags))
-    return NULL;
-
-  cs           = (CHARSET_INFO*) my_once_alloc(sizeof(CHARSET_INFO),
-                                               MYF(MY_WME));
-  *cs=tmp_cs;
-  cs->name     = (char *) my_once_alloc((uint) strlen(cs_name)+1, MYF(MY_WME));
-  cs->ctype    = (uchar*) my_once_alloc(CTYPE_TABLE_SIZE,      MYF(MY_WME));
-  cs->to_lower = (uchar*) my_once_alloc(TO_LOWER_TABLE_SIZE,   MYF(MY_WME));
-  cs->to_upper = (uchar*) my_once_alloc(TO_UPPER_TABLE_SIZE,   MYF(MY_WME));
+    return 0;
+
+  if (!(cs= (CHARSET_INFO*) my_once_alloc(sizeof(CHARSET_INFO),
+					  MYF(MY_WME))))
+    return 0;
+
+  *cs= tmp_cs;
+  cs->name=	(char *) my_once_alloc((uint) strlen(cs_name)+1, MYF(MY_WME));
+  cs->ctype= 	(uchar*) my_once_alloc(CTYPE_TABLE_SIZE,      MYF(MY_WME));
+  cs->to_lower= (uchar*) my_once_alloc(TO_LOWER_TABLE_SIZE,   MYF(MY_WME));
+  cs->to_upper= (uchar*) my_once_alloc(TO_UPPER_TABLE_SIZE,   MYF(MY_WME));
   cs->sort_order=(uchar*) my_once_alloc(SORT_ORDER_TABLE_SIZE, MYF(MY_WME));
-  cs->number   = cs_number;
-  memcpy((char*) cs->name,	 (char*) cs_name,	strlen(cs_name) + 1);
-  memcpy((char*) cs->ctype,	 (char*) tmp_ctype,	sizeof(tmp_ctype));
-  memcpy((char*) cs->to_lower, (char*) tmp_to_lower,	sizeof(tmp_to_lower));
-  memcpy((char*) cs->to_upper, (char*) tmp_to_upper,	sizeof(tmp_to_upper));
+  if (!cs->name || !cs->ctype || !cs->to_lower || !cs->to_upper ||
+      !cs->sort_order)
+    return 0;
+
+  cs->number=    cs_number;
+  memcpy((char*) cs->name,	 (char*) cs_name,    strlen(cs_name) + 1);
+  memcpy((char*) cs->ctype,	 (char*) tmp_ctype,  sizeof(tmp_ctype));
+  memcpy((char*) cs->to_lower, (char*) tmp_to_lower, sizeof(tmp_to_lower));
+  memcpy((char*) cs->to_upper, (char*) tmp_to_upper, sizeof(tmp_to_upper));
   memcpy((char*) cs->sort_order, (char*) tmp_sort_order,
 	 sizeof(tmp_sort_order));
   insert_dynamic(&cs_info_table, (gptr) &cs);
diff --git a/regex/reginit.c b/regex/reginit.c
index 18647c386fceb4aee8a0b36bb74585af9bf5cf14..309685fadf24b4cd36cd8bdad418e39bb296542c 100644
--- a/regex/reginit.c
+++ b/regex/reginit.c
@@ -49,6 +49,16 @@ void regex_init()
     for (i=0; i < CCLASS_LAST ; i++)
     {
       char *tmp=(char*) malloc(count[i]+1);
+      if (!tmp)
+      {
+	/*
+	  This is very unlikely to happen as this function is called once
+	  at program startup
+	*/
+	fprintf(stderr,
+		"Fatal error: Can't allocate memory in regex_init\n");
+	exit(1);
+      }
       memcpy(tmp,buff[i],count[i]*sizeof(char));
       tmp[count[i]]=0;
       cclasses[i].chars=tmp;
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index dd1ec6bd2da187c0399a89ae3cd26e87c573d5b4..40b18755744ed454523ecc4c165914845ba1fa01 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -2043,6 +2043,10 @@ String* Item_func_export_set::val_str(String* str)
     null_value=1;
     return 0;
   }
+  /*
+    Arg count can only be 3, 4 or 5 here. This is guaranteed from the
+    grammar for EXPORT_SET()
+  */
   switch(arg_count) {
   case 5:
     num_set_values = (uint) args[4]->val_int();