Author: Honza Horak <hhorak@redhat.com>
License: BSD

Error: STRING_OVERFLOW (CWE-120):
mysql-5.1.70/sql/sql_trigger.cc:2192: fixed_size_dest: You might overrun the 512 byte fixed-size string "this->m_parse_error_message" by copying "error_message" without checking the length.
mysql-5.1.70/sql/sql_trigger.cc:2192: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

Error: STRING_OVERFLOW (CWE-120):
mysql-5.1.70/storage/innobase/handler/ha_innodb.cc:5908: fixed_size_dest: You might overrun the 512 byte fixed-size string "name2" by copying "name" without checking the length.
mysql-5.1.70/storage/innobase/handler/ha_innodb.cc:5908: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.


diff -up mysql-5.1.70/sql/sql_trigger.cc.so1 mysql-5.1.70/sql/sql_trigger.cc
--- mysql-5.1.70/sql/sql_trigger.cc.so1	2013-07-24 16:00:58.617991501 +0200
+++ mysql-5.1.70/sql/sql_trigger.cc	2013-07-24 16:00:19.731012019 +0200
@@ -2189,7 +2189,8 @@ void Table_triggers_list::mark_fields_us
 void Table_triggers_list::set_parse_error_message(char *error_message)
 {
   m_has_unparseable_trigger= true;
-  strcpy(m_parse_error_message, error_message);
+  strncpy(m_parse_error_message, error_message, sizeof(m_parse_error_message)-1);
+  m_parse_error_message[sizeof(m_parse_error_message)-1] = '\0';
 }
 
 
diff -up mysql-5.1.70/storage/innobase/handler/ha_innodb.cc.so1 mysql-5.1.70/storage/innobase/handler/ha_innodb.cc
--- mysql-5.1.70/storage/innobase/handler/ha_innodb.cc.so1	2013-07-24 15:49:42.980366344 +0200
+++ mysql-5.1.70/storage/innobase/handler/ha_innodb.cc	2013-07-24 15:58:04.268083502 +0200
@@ -5905,7 +5905,8 @@ ha_innobase::create(
 		DBUG_RETURN(HA_ERR_TO_BIG_ROW);
 	}
 
-	strcpy(name2, name);
+	strncpy(name2, name, sizeof(name2)-1);
+	name2[sizeof(name2)-1] = '\0';
 
 	normalize_table_name(norm_name, name2);