sql/sql_base.cc:
  Replace strmov() with strnmov() to remove the possibility for buffer overflow.
sql/sql_parse.cc:
  Reject COM_FIELD_LIST with too-big table or wildcard argument.
  (libmysqlclient doesn't allow sending too long arguments anyway, but we
  need this to protect against buffer overflow exploits).