diff --git a/client/mysqltest.c b/client/mysqltest.c index fd1c928b4fdf434d4183a5543d473ff59c769d73..a168099e6d699f6cdc7876347b7362ce079b258d 100644 --- a/client/mysqltest.c +++ b/client/mysqltest.c @@ -2302,6 +2302,7 @@ static VAR* var_init(VAR* v, const char* name, int name_len, const char* val, if (!(tmp_var->str_val = my_malloc(val_alloc_len+1, MYF(MY_WME)))) die("Out of memory"); + /* 'name' may be NULL here, but in this case name_len is 0 */ memcpy(tmp_var->name, name, name_len); if (val) { diff --git a/dbug/dbug.c b/dbug/dbug.c index a4f9d5ecd4bf9f3a30fc85970d68ce2eb7d5f5b7..c6df6b105c56a62979433533af73303b5a5abd47 100644 --- a/dbug/dbug.c +++ b/dbug/dbug.c @@ -501,7 +501,7 @@ void _db_push_ (const char *control) if (! _db_fp_) _db_fp_= stderr; /* Output stream, default stderr */ - if (control && *control == '-') + if (*control == '-') { if (*++control == '#') control++; diff --git a/mysys/charset.c b/mysys/charset.c index ba6733185e081d2750e32078f423261c19b495aa..5e5be9e1b4220953abb90015cbf29e65a96fde5b 100644 --- a/mysys/charset.c +++ b/mysys/charset.c @@ -300,7 +300,25 @@ static CHARSET_INFO *find_charset_by_name(CHARSET_INFO **table, return NULL; } -static CHARSET_INFO *add_charset(uint cs_number, const char *cs_name, myf flags) +/* + Read charset from file. + + NOTES + One never has to deallocate character sets. They will all be deallocated + by my_once_free() when program ends. + + If my_once_alloc() fails then this function may 'leak' some memory + which my_once_free() will deallocate, but this is so unlikely to happen + that this can be ignored. + + RETURN + 0 Error + # Pointer to allocated charset structure +*/ + + +static CHARSET_INFO *add_charset(uint cs_number, const char *cs_name, + myf flags) { CHARSET_INFO tmp_cs,*cs; uchar tmp_ctype[CTYPE_TABLE_SIZE]; @@ -317,21 +335,27 @@ static CHARSET_INFO *add_charset(uint cs_number, const char *cs_name, myf flags) cs->sort_order=tmp_sort_order; cs->strxfrm_multiply=cs->mbmaxlen=1; if (read_charset_file(cs_number, cs, flags)) - return NULL; - - cs = (CHARSET_INFO*) my_once_alloc(sizeof(CHARSET_INFO), - MYF(MY_WME)); - *cs=tmp_cs; - cs->name = (char *) my_once_alloc((uint) strlen(cs_name)+1, MYF(MY_WME)); - cs->ctype = (uchar*) my_once_alloc(CTYPE_TABLE_SIZE, MYF(MY_WME)); - cs->to_lower = (uchar*) my_once_alloc(TO_LOWER_TABLE_SIZE, MYF(MY_WME)); - cs->to_upper = (uchar*) my_once_alloc(TO_UPPER_TABLE_SIZE, MYF(MY_WME)); + return 0; + + if (!(cs= (CHARSET_INFO*) my_once_alloc(sizeof(CHARSET_INFO), + MYF(MY_WME)))) + return 0; + + *cs= tmp_cs; + cs->name= (char *) my_once_alloc((uint) strlen(cs_name)+1, MYF(MY_WME)); + cs->ctype= (uchar*) my_once_alloc(CTYPE_TABLE_SIZE, MYF(MY_WME)); + cs->to_lower= (uchar*) my_once_alloc(TO_LOWER_TABLE_SIZE, MYF(MY_WME)); + cs->to_upper= (uchar*) my_once_alloc(TO_UPPER_TABLE_SIZE, MYF(MY_WME)); cs->sort_order=(uchar*) my_once_alloc(SORT_ORDER_TABLE_SIZE, MYF(MY_WME)); - cs->number = cs_number; - memcpy((char*) cs->name, (char*) cs_name, strlen(cs_name) + 1); - memcpy((char*) cs->ctype, (char*) tmp_ctype, sizeof(tmp_ctype)); - memcpy((char*) cs->to_lower, (char*) tmp_to_lower, sizeof(tmp_to_lower)); - memcpy((char*) cs->to_upper, (char*) tmp_to_upper, sizeof(tmp_to_upper)); + if (!cs->name || !cs->ctype || !cs->to_lower || !cs->to_upper || + !cs->sort_order) + return 0; + + cs->number= cs_number; + memcpy((char*) cs->name, (char*) cs_name, strlen(cs_name) + 1); + memcpy((char*) cs->ctype, (char*) tmp_ctype, sizeof(tmp_ctype)); + memcpy((char*) cs->to_lower, (char*) tmp_to_lower, sizeof(tmp_to_lower)); + memcpy((char*) cs->to_upper, (char*) tmp_to_upper, sizeof(tmp_to_upper)); memcpy((char*) cs->sort_order, (char*) tmp_sort_order, sizeof(tmp_sort_order)); insert_dynamic(&cs_info_table, (gptr) &cs); diff --git a/regex/reginit.c b/regex/reginit.c index 18647c386fceb4aee8a0b36bb74585af9bf5cf14..309685fadf24b4cd36cd8bdad418e39bb296542c 100644 --- a/regex/reginit.c +++ b/regex/reginit.c @@ -49,6 +49,16 @@ void regex_init() for (i=0; i < CCLASS_LAST ; i++) { char *tmp=(char*) malloc(count[i]+1); + if (!tmp) + { + /* + This is very unlikely to happen as this function is called once + at program startup + */ + fprintf(stderr, + "Fatal error: Can't allocate memory in regex_init\n"); + exit(1); + } memcpy(tmp,buff[i],count[i]*sizeof(char)); tmp[count[i]]=0; cclasses[i].chars=tmp; diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index dd1ec6bd2da187c0399a89ae3cd26e87c573d5b4..40b18755744ed454523ecc4c165914845ba1fa01 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -2043,6 +2043,10 @@ String* Item_func_export_set::val_str(String* str) null_value=1; return 0; } + /* + Arg count can only be 3, 4 or 5 here. This is guaranteed from the + grammar for EXPORT_SET() + */ switch(arg_count) { case 5: num_set_values = (uint) args[4]->val_int();