The following problems have been found by Coverity - static analysis tool.

mysql-5.5.31/plugin/semisync/semisync_master.cc:672:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. 

mysql-5.5.31/plugin/semisync/semisync_master.cc:661:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function. 

mysql-5.5.31/plugin/semisync/semisync_master.cc:555:parameter_as_source – Note: This defect has an elevated risk because the source argument is a parameter of the current function.

diff -up mysql-5.5.31/plugin/semisync/semisync_master.cc.covscan-stroverflow mysql-5.5.31/plugin/semisync/semisync_master.cc

--- mysql-5.5.31/plugin/semisync/semisync_master.cc.covscan-stroverflow	2013-06-17 09:04:47.214621154 +0200

+++ mysql-5.5.31/plugin/semisync/semisync_master.cc	2013-06-17 09:08:32.189617218 +0200

@@ -552,7 +552,8 @@ int ReplSemiSyncMaster::reportReplyBinlo

   if (need_copy_send_pos)

   {

-    strcpy(reply_file_name_, log_file_name);

+    strncpy(reply_file_name_, log_file_name, sizeof(reply_file_name_)-1);

+    reply_file_name_[sizeof(reply_file_name_)-1] = '\0';

     reply_file_pos_ = log_file_pos;

     reply_file_name_inited_ = true;

@@ -658,7 +659,8 @@ int ReplSemiSyncMaster::commitTrx(const

         if (cmp <= 0)

 	{

           /* This thd has a lower position, let's update the minimum info. */

-          strcpy(wait_file_name_, trx_wait_binlog_name);

+          strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1);

+          wait_file_name_[sizeof(wait_file_name_)-1] = '\0';

           wait_file_pos_ = trx_wait_binlog_pos;

           rpl_semi_sync_master_wait_pos_backtraverse++;

@@ -669,7 +671,8 @@ int ReplSemiSyncMaster::commitTrx(const

       }

       else

       {

-        strcpy(wait_file_name_, trx_wait_binlog_name);

+        strncpy(wait_file_name_, trx_wait_binlog_name, sizeof(wait_file_name_)-1);

+        wait_file_name_[sizeof(wait_file_name_)-1] = '\0';

         wait_file_pos_ = trx_wait_binlog_pos;

         wait_file_name_inited_ = true;

mysql-5.5.31/sql/rpl_handler.cc:306:fixed_size_dest – You might overrun the 512 byte fixed-size string "log_info->log_file" by copying "log_file + dirname_length(log_file)" without checking the length. diff -up mysql-5.5.31/sql/rpl_handler.cc.covscan-stroverflow mysql-5.5.31/sql/rpl_handler.cc

--- mysql-5.5.31/sql/rpl_handler.cc.covscan-stroverflow	2013-06-17 10:51:04.940509594 +0200

+++ mysql-5.5.31/sql/rpl_handler.cc	2013-06-17 10:51:08.959509523 +0200

@@ -303,7 +303,8 @@ int Binlog_storage_delegate::after_flush

     my_pthread_setspecific_ptr(RPL_TRANS_BINLOG_INFO, log_info);

   }

-  strcpy(log_info->log_file, log_file+dirname_length(log_file));

+  strncpy(log_info->log_file, log_file+dirname_length(log_file), sizeof(log_info->log_file)-1);

+  log_info->log_file[sizeof(log_info->log_file)-1] = '\0';

   log_info->log_pos = log_pos;

   int ret= 0;

mysql-5.5.31/sql/sp_rcontext.h:87:buffer_size_warning – Calling strncpy with a maximum size argument of 512 bytes on destination array "this->m_message" of size 512 bytes might leave the destination string unterminated. 

diff -up mysql-5.5.31/sql/sp_rcontext.h.covscan-stroverflow mysql-5.5.31/sql/sp_rcontext.h

--- mysql-5.5.31/sql/sp_rcontext.h.covscan-stroverflow	2013-06-17 13:28:32.540344334 +0200

+++ mysql-5.5.31/sql/sp_rcontext.h	2013-06-17 13:29:23.673343443 +0200

@@ -84,7 +84,8 @@ public:

     memcpy(m_sql_state, sqlstate, SQLSTATE_LENGTH);

     m_sql_state[SQLSTATE_LENGTH]= '\0';

-    strncpy(m_message, msg, MYSQL_ERRMSG_SIZE);

+    strncpy(m_message, msg, sizeof(m_message)-1);

+    m_message[sizeof(m_message)-1] = '\0';

   }

   void clear()