MDEV-6262 analyze the coverity report on mariadb

uploaded 10.0, analyzed everything with the Impact=High
(and a couple of Medium)

client/mysql.cc

@@ -3061,7 +3061,6 @@ static int com_server_help(String *buffer __attribute__((unused)),
   {
     unsigned int num_fields= mysql_num_fields(result);
     my_ulonglong num_rows= mysql_num_rows(result);
-    mysql_fetch_fields(result);
     if (num_fields==3 && num_rows==1)
     {
       if (!(cur= mysql_fetch_row(result)))

client/mysql_upgrade.c

@@ -1042,15 +1042,15 @@ static int check_version_match(void)
 
 int main(int argc, char **argv)
 {
-  char self_name[FN_REFLEN];
+  char self_name[FN_REFLEN + 1];
 
   MY_INIT(argv[0]);
 
 #if __WIN__
   if (GetModuleFileName(NULL, self_name, FN_REFLEN) == 0)
 #endif
   {
-    strncpy(self_name, argv[0], FN_REFLEN);
+    strmake_buf(self_name, argv[0]);
   }
 
   if (init_dynamic_string(&ds_args, "", 512, 256) ||

client/mysqladmin.cc

@@ -614,6 +614,7 @@ static my_bool sql_connect(MYSQL *mysql, uint wait)
 
 static int execute_commands(MYSQL *mysql,int argc, char **argv)
 {
+  int ret = 0;
   const char *status;
   /*
     MySQL documentation relies on the fact that mysqladmin will
@@ -1107,7 +1108,8 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
         if (strcmp(typed_password, verified) != 0)
         {
           my_printf_error(0,"Passwords don't match",MYF(ME_BELL));
-          return -1;
+          ret = -1;
+          goto password_done;
         }
       }
       else
@@ -1134,7 +1136,8 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
           {
             my_printf_error(0, "Could not determine old_passwords setting from server; error: '%s'",
                 	    error_flags, mysql_error(mysql));
-            return -1;
+            ret = -1;
+            goto password_done;
           }
           else
           {
@@ -1145,7 +1148,8 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
                               "Could not get old_passwords setting from "
                               "server; error: '%s'",
         		      error_flags, mysql_error(mysql));
-              return -1;
+              ret = -1;
+              goto password_done;
             }
             if (!mysql_num_rows(res))
               old= 1;
@@ -1170,15 +1174,15 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
       {
 	my_printf_error(0, "Can't turn off logging; error: '%s'",
 			error_flags, mysql_error(mysql));
-	return -1;
+        ret = -1;
       }
+      else
       if (mysql_query(mysql,buff))
       {
 	if (mysql_errno(mysql)!=1290)
 	{
 	  my_printf_error(0,"unable to change password; error: '%s'",
 			  error_flags, mysql_error(mysql));
-	  return -1;
 	}
 	else
 	{
@@ -1192,9 +1196,10 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
 			  " --skip-grant-tables).\n"
 			  "Use: \"mysqladmin flush-privileges password '*'\""
 			  " instead", error_flags);
-	  return -1;
 	}
+        ret = -1;
       }
+password_done:
       /* free up memory from prompted password */
       if (typed_password != argv[1]) 
       {
@@ -1296,7 +1301,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
       return 1;
     }
   }
-  return 0;
+  return ret;
 }
 
 /**

client/mysqlbinlog.cc

@@ -1976,7 +1976,7 @@ static Exit_status dump_remote_log_entries(PRINT_EVENT_INFO *print_event_info,
   int2store(buf + BIN_LOG_HEADER_SIZE, binlog_flags);
 
   size_t tlen = strlen(logname);
-  if (tlen > UINT_MAX) 
+  if (tlen > sizeof(buf) - 10)
   {
     error("Log name too long.");
     DBUG_RETURN(ERROR_STOP);

client/mysqldump.c

@@ -2818,6 +2818,8 @@ static uint get_table_structure(char *table, char *db, char *table_type,
 
           my_free(scv_buff);
 
+          if (path)
+            my_fclose(sql_file, MYF(MY_WME));
           DBUG_RETURN(0);
         }
         else
@@ -5827,8 +5829,7 @@ static my_bool get_view_structure(char *table, char* db)
     dynstr_free(&ds_view);
   }
 
-  if (switch_character_set_results(mysql, default_charset))
-    DBUG_RETURN(1);
+  switch_character_set_results(mysql, default_charset);
 
   /* If a separate .sql file was opened, close it now */
   if (sql_file != md_result_file)

client/mysqltest.cc

@@ -1721,13 +1721,12 @@ void log_msg(const char *fmt, ...)
 int cat_file(DYNAMIC_STRING* ds, const char* filename)
 {
   int fd;
-  size_t len;
+  int len;
   char buff[16384];
 
   if ((fd= my_open(filename, O_RDONLY, MYF(0))) < 0)
     return 1;
-  while((len= my_read(fd, (uchar*)&buff,
-                      sizeof(buff)-1, MYF(0))) > 0)
+  while((len= (int)my_read(fd, (uchar*)&buff, sizeof(buff)-1, MYF(0))) > 0)
   {
     char *p= buff, *start= buff,*end=buff+len;
     while (p < end)

mysys/lf_hash.c

@@ -485,7 +485,10 @@ static int initialize_bucket(LF_HASH *hash, LF_SLIST * volatile *node,
     return -1;
   if (*el == NULL && bucket &&
       unlikely(initialize_bucket(hash, el, parent, pins)))
+  {
+    my_free(dummy);
     return -1;
+  }
   dummy->hashnr= my_reverse_bits(bucket) | 0; /* dummy node */
   dummy->key= dummy_key;
   dummy->keylen= 0;

mysys/ma_dyncol.c

@@ -4039,6 +4039,7 @@ mariadb_dyncol_val_double(double *dbl, DYNAMIC_COLUMN_VALUE *val)
         *dbl= strtod(str, &end);
         if (*end != '\0')
           rc= ER_DYNCOL_TRUNCATED;
+        free(str);
         break;
       }
     case DYN_COL_DECIMAL:

mysys/waiting_threads.c

@@ -561,7 +561,7 @@ my_bool wt_resource_id_memcmp(const void *a, const void *b)
 {
   /* we use the fact that there's no padding in the middle of WT_RESOURCE_ID */
   compile_time_assert(offsetof(WT_RESOURCE_ID, type) == sizeof(ulonglong));
-  return memcmp(a, b, sizeof_WT_RESOURCE_ID);
+  return MY_TEST(memcmp(a, b, sizeof_WT_RESOURCE_ID));
 }
 
 /**

plugin/auth_pam/auth_pam.c

@@ -141,6 +141,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
   if (new_username && strcmp(new_username, info->user_name))
     strncpy(info->authenticated_as, new_username,
             sizeof(info->authenticated_as));
+  info->authenticated_as[sizeof(info->authenticated_as)-1]= 0;
 
 end:
   pam_end(pamh, status);

plugin/feedback/sender_thread.cc

@@ -204,7 +204,7 @@ static void send_report(const char *when)
     /*
       otherwise, prepare the THD and TABLE_LIST,
       create and fill the temporary table with data just like
-      SELECT * FROM IFROEMATION_SCHEMA.feedback is doing,
+      SELECT * FROM INFORMATION_SCHEMA.FEEDBACK is doing,
       read and concatenate table data into a String.
     */
     if (!(thd= new THD()))

plugin/server_audit/server_audit.c

@@ -1041,6 +1041,7 @@ static int start_logging()
     error_header();
     fprintf(stderr, "logging started to the file %s.\n", alt_fname);
     strncpy(current_log_buf, alt_fname, sizeof(current_log_buf));
+    current_log_buf[sizeof(current_log_buf)-1]= 0;
   }
   else if (output_type == OUTPUT_SYSLOG)
   {
@@ -2570,6 +2571,7 @@ static void update_file_path(MYSQL_THD thd,
   }
 
   strncpy(path_buffer, new_name, sizeof(path_buffer));
+  path_buffer[sizeof(path_buffer)-1]= 0;
   file_path= path_buffer;
 exit_func:
   internal_stop_logging= 0;
@@ -2622,6 +2624,7 @@ static void update_incl_users(MYSQL_THD thd,
     flogger_mutex_lock(&lock_operations);
   mark_always_logged(thd);
   strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer));
+  incl_user_buffer[sizeof(incl_user_buffer)-1]= 0;
   incl_users= incl_user_buffer;
   user_coll_fill(&incl_user_coll, incl_users, &excl_user_coll, 1);
   error_header();
@@ -2640,6 +2643,7 @@ static void update_excl_users(MYSQL_THD thd  __attribute__((unused)),
     flogger_mutex_lock(&lock_operations);
   mark_always_logged(thd);
   strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer));
+  excl_user_buffer[sizeof(excl_user_buffer)-1]= 0;
   excl_users= excl_user_buffer;
   user_coll_fill(&excl_user_coll, excl_users, &incl_user_coll, 0);
   error_header();
@@ -2771,6 +2775,7 @@ static void update_syslog_ident(MYSQL_THD thd  __attribute__((unused)),
 {
   char *new_ident= (*(char **) save) ? *(char **) save : empty_str;
   strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer));
+  syslog_ident_buffer[sizeof(syslog_ident_buffer)-1]= 0;
   syslog_ident= syslog_ident_buffer;
   error_header();
   fprintf(stderr, "SYSYLOG ident was changed to '%s'\n", syslog_ident);

sql-common/client_plugin.c

@@ -375,28 +375,27 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type,
   if (!(sym= dlsym(dlhandle, plugin_declarations_sym)))
   {
     errmsg= "not a plugin";
-    (void)dlclose(dlhandle);
-    goto err;
+    goto errc;
   }
 
   plugin= (struct st_mysql_client_plugin*)sym;
 
   if (type >=0 && type != plugin->type)
   {
     errmsg= "type mismatch";
-    goto err;
+    goto errc;
   }
 
   if (strcmp(name, plugin->name))
   {
     errmsg= "name mismatch";
-    goto err;
+    goto errc;
   }
 
   if (type < 0 && find_plugin(name, plugin->type))
   {
     errmsg= "it is already loaded";
-    goto err;
+    goto errc;
   }
 
   plugin= add_plugin(mysql, plugin, dlhandle, argc, args);
@@ -406,6 +405,8 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type,
   DBUG_PRINT ("leave", ("plugin loaded ok"));
   DBUG_RETURN (plugin);
 
+errc:
+  dlclose(dlhandle);
 err:
   mysql_mutex_unlock(&LOCK_load_client_plugin);
   DBUG_PRINT ("leave", ("plugin load error : %s", errmsg));

sql/discover.cc

@@ -89,8 +89,7 @@ int readfrm(const char *name, const uchar **frmdata, size_t *len)
   error= 0;
 
  err:
-  if (file > 0)
-    (void) mysql_file_close(file, MYF(MY_WME));
+  (void) mysql_file_close(file, MYF(MY_WME));
 
  err_end:		      /* Here when no file */
   DBUG_RETURN (error);

sql/filesort.cc

@@ -914,6 +914,7 @@ write_keys(Sort_param *param,  Filesort_info *fs_info, uint count,
   /* check we won't have more buffpeks than we can possibly keep in memory */
   if (my_b_tell(buffpek_pointers) + sizeof(BUFFPEK) > (ulonglong)UINT_MAX)
     goto err;
+  bzero(&buffpek, sizeof(buffpek));
   buffpek.file_pos= my_b_tell(tempfile);
   if ((ha_rows) count > param->max_rows)
     count=(uint) param->max_rows;               /* purecov: inspected */

sql/mysqld.cc

@@ -7702,7 +7702,7 @@ static int show_default_keycache(THD *thd, SHOW_VAR *var, char *buff)
 {
   struct st_data {
     KEY_CACHE_STATISTICS stats;
-    SHOW_VAR var[8];
+    SHOW_VAR var[9];
   } *data;
   SHOW_VAR *v;
 

sql/opt_range.cc

@@ -7549,7 +7549,10 @@ QUICK_SELECT_I *TRP_ROR_UNION::make_quick(PARAM *param,
     {
       if (!(quick= (*scan)->make_quick(param, FALSE, &quick_roru->alloc)) ||
           quick_roru->push_quick_back(quick))
+      {
+        delete quick_roru;
         DBUG_RETURN(NULL);
+      }
     }
     quick_roru->records= records;
     quick_roru->read_time= read_cost;
@@ -11194,9 +11197,7 @@ QUICK_RANGE_SELECT *get_quick_select_for_ref(THD *thd, TABLE *table,
   */
   thd->mem_root= old_root;
 
-  if (!quick || create_err)
-    return 0;			/* no ranges found */
-  if (quick->init())
+  if (!quick || create_err || quick->init())
     goto err;
   quick->records= records;
 

sql/records.cc

@@ -69,7 +69,7 @@ static int rr_index_desc(READ_RECORD *info);
 bool init_read_record_idx(READ_RECORD *info, THD *thd, TABLE *table,
                           bool print_error, uint idx, bool reverse)
 {
-  int error;
+  int error= 0;
   DBUG_ENTER("init_read_record_idx");
 
   empty_record(table);

sql/sql_prepare.cc

@@ -3022,7 +3022,7 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length)
   {
     stmt->state= Query_arena::STMT_ERROR;
     stmt->last_errno= thd->get_stmt_da()->sql_errno();
-    strncpy(stmt->last_error, thd->get_stmt_da()->message(), MYSQL_ERRMSG_SIZE);
+    strmake_buf(stmt->last_error, thd->get_stmt_da()->message());
   }
   thd->set_stmt_da(save_stmt_da);
 

sql/sql_repl.cc

@@ -3685,9 +3685,6 @@ bool mysql_show_binlog_events(THD* thd)
                             Protocol::SEND_NUM_ROWS | Protocol::SEND_EOF))
     DBUG_RETURN(TRUE);
 
-  Format_description_log_event *description_event= new
-    Format_description_log_event(3); /* MySQL 4.0 by default */
-
   DBUG_ASSERT(thd->lex->sql_command == SQLCOM_SHOW_BINLOG_EVENTS ||
               thd->lex->sql_command == SQLCOM_SHOW_RELAYLOG_EVENTS);
 
@@ -3713,6 +3710,9 @@ bool mysql_show_binlog_events(THD* thd)
     binary_log= &(mi->rli.relay_log);
   }
 
+  Format_description_log_event *description_event= new
+    Format_description_log_event(3); /* MySQL 4.0 by default */
+
   if (binary_log->is_open())
   {
     LEX_MASTER_INFO *lex_mi= &thd->lex->mi;

sql/sql_show.cc

@@ -3016,7 +3016,7 @@ static bool show_status_array(THD *thd, const char *wild,
 
   for (; variables->name; variables++)
   {
-    bool wild_checked;
+    bool wild_checked= 0;
     strnmov(prefix_end, variables->name, len);
     name_buffer[sizeof(name_buffer)-1]=0;       /* Safety */
     if (ucase_names)

sql/sys_vars.cc

@@ -1660,7 +1660,10 @@ Sys_var_gtid_binlog_state::do_check(THD *thd, set_var *var)
     return true;
   }
   if (res->length() == 0)
+  {
     list= NULL;
+    list_len= 0;
+  }
   else if (!(list= gtid_parse_string_to_list(res->ptr(), res->length(),
                                              &list_len)))
   {