diff --git a/sql/sql_table.cc b/sql/sql_table.cc index cb03411b9ef..c31ba5bb259 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -378,7 +378,8 @@ uint filename_to_tablename(const char *from, char *to, uint to_length DBUG_ENTER("filename_to_tablename"); DBUG_PRINT("enter", ("from '%s'", from)); - if (!memcmp(from, tmp_file_prefix, tmp_file_prefix_length)) + if (strlen(from) >= tmp_file_prefix_length && + !memcmp(from, tmp_file_prefix, tmp_file_prefix_length)) { /* Temporary table name. */ res= (strnmov(to, from, to_length) - to); diff --git a/strings/ctype-utf8.c b/strings/ctype-utf8.c index 343884827e1..4976a9cf31a 100644 --- a/strings/ctype-utf8.c +++ b/strings/ctype-utf8.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -4391,6 +4391,8 @@ my_mb_wc_filename(CHARSET_INFO *cs __attribute__((unused)), return MY_CS_TOOSMALL3; byte1= s[1]; + if (byte1 == 0) + return MY_CS_ILSEQ; /* avoid possible out-of-bounds read */ byte2= s[2]; if (byte1 >= 0x30 && byte1 <= 0x7F &&