MDEV-18659: Fix string truncation/overflow in InnoDB and XtraDB

Fix the warnings issued by GCC 8 -Wstringop-truncation
and -Wstringop-overflow in InnoDB and XtraDB.

This work is motivated by Jan Lindström. The patch mainly differs
from his original one as follows:

(1) We remove explicit initialization of stack-allocated string buffers.
The minimum amount of initialization that is needed is a terminating
NUL character.
(2) GCC issues a warning for invoking strncpy(dest, src, sizeof dest)
because if strlen(src) >= sizeof dest, there would be no terminating
NUL byte in dest. We avoid this problem by invoking strncpy() with
a limit that is 1 less than the buffer size, and by always writing
NUL to the last byte of the buffer.
(3) We replace strncpy() with memcpy() or strcpy() in those cases
when the result is functionally equivalent.

Note: fts_fetch_index_words() never deals with len==UNIV_SQL_NULL.
This was enforced by an assertion that limits the maximum length
to FTS_MAX_WORD_LEN. Also, the encoding that InnoDB uses for
the compressed fulltext index is not byte-order agnostic, that is,
InnoDB data files that use FULLTEXT INDEX are not portable between
big-endian and little-endian systems.

extra/mariabackup/backup_copy.cc

@@ -501,7 +501,8 @@ datafile_open(const char *file, datafile_cur_t *cursor, uint thread_n)
 	5.6+. We want to make "local" copies for the backup. */
 	strncpy(cursor->rel_path,
 		xb_get_relative_path(cursor->abs_path, FALSE),
-		sizeof(cursor->rel_path));
+		(sizeof cursor->rel_path) - 1);
+	cursor->rel_path[(sizeof cursor->rel_path) - 1] = '\0';
 
 	cursor->file = os_file_create_simple_no_error_handling(0,
 							cursor->abs_path,
@@ -642,8 +643,7 @@ mkdirp(const char *pathname, int Flags, myf MyFlags)
 	/* make a parent directory path */
 	if (!(parent= (char *)malloc(len)))
           return(-1);
-	strncpy(parent, pathname, len);
-	parent[len-1]= 0;
+	memcpy(parent, pathname, len);
 
 	for (p = parent + strlen(parent);
 	    !is_path_separator(*p) && p != parent; p--);

extra/mariabackup/encryption_plugin.cc

@@ -67,7 +67,8 @@ void encryption_plugin_backup_init(MYSQL *mysql)
 
   /* Required  to load the plugin later.*/
   add_to_plugin_load_list(plugin_load.c_str());
-  strncpy(opt_plugin_dir, dir, FN_REFLEN);
+  strncpy(opt_plugin_dir, dir, FN_REFLEN - 1);
+  opt_plugin_dir[FN_REFLEN - 1] = '\0';
 
   oss << "plugin_dir=" << '"' << dir << '"' << endl;
 
@@ -133,7 +134,10 @@ void encryption_plugin_prepare_init(int argc, char **argv)
   add_to_plugin_load_list(xb_plugin_load);
 
   if (xb_plugin_dir)
-    strncpy(opt_plugin_dir, xb_plugin_dir, FN_REFLEN);
+  {
+    strncpy(opt_plugin_dir, xb_plugin_dir, FN_REFLEN - 1);
+    opt_plugin_dir[FN_REFLEN - 1] = '\0';
+  }
 
   char **new_argv = new char *[argc + 1];
   new_argv[0] = XTRABACKUP_EXE;

extra/mariabackup/fil_cur.cc

@@ -152,7 +152,8 @@ xb_fil_cur_open(
 	cursor->space_id = node->space->id;
 	cursor->is_system = !fil_is_user_tablespace_id(node->space->id);
 
-	strncpy(cursor->abs_path, node->name, sizeof(cursor->abs_path));
+	strncpy(cursor->abs_path, node->name, (sizeof cursor->abs_path) - 1);
+	cursor->abs_path[(sizeof cursor->abs_path) - 1] = '\0';
 
 	/* Get the relative path for the destination tablespace name, i.e. the
 	one that can be appended to the backup root directory. Non-system
@@ -160,7 +161,8 @@ xb_fil_cur_open(
 	5.6+. We want to make "local" copies for the backup. */
 	strncpy(cursor->rel_path,
 		xb_get_relative_path(cursor->abs_path, cursor->is_system),
-		sizeof(cursor->rel_path));
+		(sizeof cursor->rel_path) - 1);
+	cursor->rel_path[(sizeof cursor->rel_path) - 1] = '\0';
 
 	/* In the backup mode we should already have a tablespace handle created
 	by fil_load_single_table_tablespace() unless it is a system

extra/mariabackup/xtrabackup.cc

@@ -2251,8 +2251,9 @@ check_if_skip_table(
 		return(FALSE);
 	}
 
-	strncpy(buf, dbname, FN_REFLEN);
-	buf[tbname - 1 - dbname] = 0;
+	strncpy(buf, dbname, FN_REFLEN - 1);
+	buf[FN_REFLEN - 1] = '\0';
+	buf[tbname - 1 - dbname] = '\0';
 
 	const skip_database_check_result skip_database =
 			check_if_skip_database(buf);
@@ -2260,7 +2261,6 @@ check_if_skip_table(
 		return (TRUE);
 	}
 
-	buf[FN_REFLEN - 1] = '\0';
 	buf[tbname - 1 - dbname] = '.';
 
 	/* Check if there's a suffix in the table name. If so, truncate it. We
@@ -4990,7 +4990,8 @@ xtrabackup_apply_delta(
 	}
 	dst_path[strlen(dst_path) - 6] = '\0';
 
-	strncpy(space_name, filename, FN_REFLEN);
+	strncpy(space_name, filename, FN_REFLEN - 1);
+	space_name[FN_REFLEN - 1] = '\0';
 	space_name[strlen(space_name) -  6] = 0;
 
 	if (!get_meta_path(src_path, meta_path)) {
@@ -6036,7 +6037,8 @@ xtrabackup_prepare_func(int argc, char ** argv)
 				p = next + 1;
 			}
 			info_file_path[len - 4] = 0;
-			strncpy(table_name, prev, FN_REFLEN);
+			strncpy(table_name, prev, FN_REFLEN - 1);
+			table_name[FN_REFLEN - 1] = '\0';
 
 			info_file_path[len - 4] = '.';
 
@@ -6072,8 +6074,7 @@ xtrabackup_prepare_func(int argc, char ** argv)
 			mach_write_to_4(page    , 0x78706f72UL);
 			mach_write_to_4(page + 4, 0x74696e66UL);/*"xportinf"*/
 			mach_write_to_4(page + 8, n_index);
-			strncpy((char *) page + 12,
-				table_name, 500);
+			strncpy((char *) page + 12, table_name, FN_REFLEN);
 
 			msg("mariabackup: export metadata of "
 			    "table '%s' to file `%s` "

storage/innobase/dict/dict0dict.cc

@@ -1626,15 +1626,8 @@ dict_table_rename_in_cache(
 	ut_ad(mutex_own(&(dict_sys->mutex)));
 
 	/* store the old/current name to an automatic variable */
-	if (strlen(table->name) + 1 <= sizeof(old_name)) {
-		memcpy(old_name, table->name, strlen(table->name) + 1);
-	} else {
-		ut_print_timestamp(stderr);
-		fprintf(stderr, "InnoDB: too long table name: '%s', "
-			"max length is %d\n", table->name,
-			MAX_FULL_NAME_LEN);
-		ut_error;
-	}
+	ut_a(strlen(table->name) < sizeof old_name);
+	strcpy(old_name, table->name);
 
 	fold = ut_fold_string(new_name);
 
@@ -1845,7 +1838,7 @@ dict_table_rename_in_cache(
 
 			ulint	db_len;
 			char*	old_id;
-			char    old_name_cs_filename[MAX_TABLE_NAME_LEN+20];
+			char    old_name_cs_filename[MAX_FULL_NAME_LEN+1];
 			uint    errors = 0;
 
 			/* All table names are internally stored in charset
@@ -1862,7 +1855,8 @@ dict_table_rename_in_cache(
 			in old_name_cs_filename */
 
 			strncpy(old_name_cs_filename, old_name,
-				MAX_TABLE_NAME_LEN);
+				MAX_FULL_NAME_LEN);
+			old_name_cs_filename[MAX_FULL_NAME_LEN] = '\0';
 			if (strstr(old_name, TEMP_TABLE_PATH_PREFIX) == NULL) {
 
 				innobase_convert_to_system_charset(
@@ -1884,7 +1878,9 @@ dict_table_rename_in_cache(
 					/* Old name already in
 					my_charset_filename */
 					strncpy(old_name_cs_filename, old_name,
-						MAX_TABLE_NAME_LEN);
+						MAX_FULL_NAME_LEN);
+					old_name_cs_filename[MAX_FULL_NAME_LEN]
+						= '\0';
 				}
 			}
 
@@ -1910,7 +1906,7 @@ dict_table_rename_in_cache(
 
 				/* This is a generated >= 4.0.18 format id */
 
-				char	table_name[MAX_TABLE_NAME_LEN] = "";
+				char	table_name[MAX_TABLE_NAME_LEN + 1];
 				uint	errors = 0;
 
 				if (strlen(table->name) > strlen(old_name)) {
@@ -1924,6 +1920,7 @@ dict_table_rename_in_cache(
 				/* Convert the table name to UTF-8 */
 				strncpy(table_name, table->name,
 					MAX_TABLE_NAME_LEN);
+				table_name[MAX_TABLE_NAME_LEN] = '\0';
 				innobase_convert_to_system_charset(
 					strchr(table_name, '/') + 1,
 					strchr(table->name, '/') + 1,
@@ -1933,9 +1930,10 @@ dict_table_rename_in_cache(
 					/* Table name could not be converted
 					from charset my_charset_filename to
 					UTF-8. This means that the table name
-					is already in UTF-8 (#mysql#50). */
+					is already in UTF-8 (#mysql50#). */
 					strncpy(table_name, table->name,
 						MAX_TABLE_NAME_LEN);
+					table_name[MAX_TABLE_NAME_LEN] = '\0';
 				}
 
 				/* Replace the prefix 'databasename/tablename'

storage/innobase/fts/fts0opt.cc

 /*****************************************************************************
 
 Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved.
-Copyright (c) 2016, MariaDB Corporation. All Rights reserved.
+Copyright (c) 2016, 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -673,18 +673,17 @@ fts_fetch_index_words(
 	fts_zip_t*	zip = static_cast<fts_zip_t*>(user_arg);
 	que_node_t*	exp = sel_node->select_list;
 	dfield_t*	dfield = que_node_get_val(exp);
-	short		len =  static_cast<short>(dfield_get_len(dfield));
+
+	ut_a(dfield_get_len(dfield) <= FTS_MAX_WORD_LEN);
+
+	uint16		len = uint16(dfield_get_len(dfield));
 	void*		data = dfield_get_data(dfield);
 
 	/* Skip the duplicate words. */
-	if (zip->word.f_len == static_cast<ulint>(len)
-	    && !memcmp(zip->word.f_str, data, len)) {
-
+	if (zip->word.f_len == len && !memcmp(zip->word.f_str, data, len)) {
 		return(TRUE);
 	}
 
-	ut_a(len <= FTS_MAX_WORD_LEN);
-
 	memcpy(zip->word.f_str, data, len);
 	zip->word.f_len = len;
 
@@ -692,6 +691,9 @@ fts_fetch_index_words(
 	ut_a(zip->zp->next_in == NULL);
 
 	/* The string is prefixed by len. */
+	/* FIXME: This is not byte order agnostic (InnoDB data files
+	with FULLTEXT INDEX are not portable between little-endian and
+	big-endian systems!) */
 	zip->zp->next_in = reinterpret_cast<byte*>(&len);
 	zip->zp->avail_in = sizeof(len);
 
@@ -715,7 +717,6 @@ fts_fetch_index_words(
 				zip->zp->next_in = static_cast<byte*>(data);
 				zip->zp->avail_in = len;
 				ut_a(len <= FTS_MAX_WORD_LEN);
-				len = 0;
 			}
 			break;
 

storage/innobase/include/dict0crea.ic

 /*****************************************************************************
 
 Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved.
+Copyright (c) 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -65,11 +66,11 @@ dict_create_add_foreign_id(
 			sprintf(id, "%s_ibfk_%lu", name,
 				(ulong) (*id_nr)++);
 		} else {
-			char	table_name[MAX_TABLE_NAME_LEN + 20] = "";
+			char	table_name[MAX_TABLE_NAME_LEN + 21];
 			uint	errors = 0;
 
-			strncpy(table_name, name,
-				MAX_TABLE_NAME_LEN + 20);
+			strncpy(table_name, name, (sizeof table_name) - 1);
+			table_name[(sizeof table_name) - 1] = '\0';
 
 			innobase_convert_to_system_charset(
 				strchr(table_name, '/') + 1,
@@ -78,7 +79,8 @@ dict_create_add_foreign_id(
 
 			if (errors) {
 				strncpy(table_name, name,
-					MAX_TABLE_NAME_LEN + 20);
+					(sizeof table_name) - 1);
+				table_name[(sizeof table_name) - 1] = '\0';
 			}
 
 			/* no overflow if number < 1e13 */

storage/innobase/row/row0mysql.cc

@@ -5173,11 +5173,12 @@ row_rename_table_for_mysql(
 
 	if (!new_is_tmp) {
 		/* Rename all constraints. */
-		char	new_table_name[MAX_TABLE_NAME_LEN] = "";
-		char	old_table_utf8[MAX_TABLE_NAME_LEN] = "";
+		char	new_table_name[MAX_TABLE_NAME_LEN + 1];
+		char	old_table_utf8[MAX_TABLE_NAME_LEN + 1];
 		uint	errors = 0;
 
 		strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN);
+		old_table_utf8[MAX_TABLE_NAME_LEN] = '\0';
 		innobase_convert_to_system_charset(
 			strchr(old_table_utf8, '/') + 1,
 			strchr(old_name, '/') +1,
@@ -5188,6 +5189,7 @@ row_rename_table_for_mysql(
 			my_charset_filename to UTF-8. This means that the
 			table name is already in UTF-8 (#mysql#50). */
 			strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN);
+			old_table_utf8[MAX_TABLE_NAME_LEN] = '\0';
 		}
 
 		info = pars_info_create();
@@ -5198,6 +5200,7 @@ row_rename_table_for_mysql(
 					  old_table_utf8);
 
 		strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN);
+		new_table_name[MAX_TABLE_NAME_LEN] = '\0';
 		innobase_convert_to_system_charset(
 			strchr(new_table_name, '/') + 1,
 			strchr(new_name, '/') +1,
@@ -5208,6 +5211,7 @@ row_rename_table_for_mysql(
 			my_charset_filename to UTF-8. This means that the
 			table name is already in UTF-8 (#mysql#50). */
 			strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN);
+			new_table_name[MAX_TABLE_NAME_LEN] = '\0';
 		}
 
 		pars_info_add_str_literal(info, "new_table_utf8", new_table_name);

storage/innobase/srv/srv0start.cc

@@ -3,7 +3,7 @@
 Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
 Copyright (c) 2008, Google Inc.
 Copyright (c) 2009, Percona Inc.
-Copyright (c) 2013, 2017, MariaDB Corporation.
+Copyright (c) 2013, 2019, MariaDB Corporation.
 
 Portions of this file contain modifications contributed and copyrighted by
 Google, Inc. Those modifications are gratefully acknowledged and are described
@@ -3354,9 +3354,8 @@ srv_get_meta_data_filename(
 	if (strncmp(suffix, ".cfg", suffix_len) == 0) {
 		strcpy(filename, path);
 	} else {
-		ut_ad(strncmp(suffix, ".ibd", suffix_len) == 0);
-
-		strncpy(filename, path, len - suffix_len);
+		ut_ad(!strcmp(suffix, ".ibd"));
+		memcpy(filename, path, len - suffix_len);
 		suffix = filename + (len - suffix_len);
 		strcpy(suffix, ".cfg");
 	}

storage/xtradb/dict/dict0dict.cc

@@ -1632,15 +1632,8 @@ dict_table_rename_in_cache(
 	ut_ad(mutex_own(&(dict_sys->mutex)));
 
 	/* store the old/current name to an automatic variable */
-	if (strlen(table->name) + 1 <= sizeof(old_name)) {
-		memcpy(old_name, table->name, strlen(table->name) + 1);
-	} else {
-		ut_print_timestamp(stderr);
-		fprintf(stderr, "InnoDB: too long table name: '%s', "
-			"max length is %d\n", table->name,
-			MAX_FULL_NAME_LEN);
-		ut_error;
-	}
+	ut_a(strlen(table->name) < sizeof old_name);
+	strcpy(old_name, table->name);
 
 	fold = ut_fold_string(new_name);
 
@@ -1851,7 +1844,7 @@ dict_table_rename_in_cache(
 
 			ulint	db_len;
 			char*	old_id;
-			char    old_name_cs_filename[MAX_TABLE_NAME_LEN+20];
+			char    old_name_cs_filename[MAX_FULL_NAME_LEN+1];
 			uint    errors = 0;
 
 			/* All table names are internally stored in charset
@@ -1868,7 +1861,8 @@ dict_table_rename_in_cache(
 			in old_name_cs_filename */
 
 			strncpy(old_name_cs_filename, old_name,
-				MAX_TABLE_NAME_LEN);
+				MAX_FULL_NAME_LEN);
+			old_name_cs_filename[MAX_FULL_NAME_LEN] = '\0';
 			if (strstr(old_name, TEMP_TABLE_PATH_PREFIX) == NULL) {
 
 				innobase_convert_to_system_charset(
@@ -1890,7 +1884,9 @@ dict_table_rename_in_cache(
 					/* Old name already in
 					my_charset_filename */
 					strncpy(old_name_cs_filename, old_name,
-						MAX_TABLE_NAME_LEN);
+						MAX_FULL_NAME_LEN);
+					old_name_cs_filename[MAX_FULL_NAME_LEN]
+						= '\0';
 				}
 			}
 
@@ -1916,7 +1912,7 @@ dict_table_rename_in_cache(
 
 				/* This is a generated >= 4.0.18 format id */
 
-				char	table_name[MAX_TABLE_NAME_LEN] = "";
+				char	table_name[MAX_TABLE_NAME_LEN + 1];
 				uint	errors = 0;
 
 				if (strlen(table->name) > strlen(old_name)) {
@@ -1930,6 +1926,7 @@ dict_table_rename_in_cache(
 				/* Convert the table name to UTF-8 */
 				strncpy(table_name, table->name,
 					MAX_TABLE_NAME_LEN);
+				table_name[MAX_TABLE_NAME_LEN] = '\0';
 				innobase_convert_to_system_charset(
 					strchr(table_name, '/') + 1,
 					strchr(table->name, '/') + 1,
@@ -1939,9 +1936,10 @@ dict_table_rename_in_cache(
 					/* Table name could not be converted
 					from charset my_charset_filename to
 					UTF-8. This means that the table name
-					is already in UTF-8 (#mysql#50). */
+					is already in UTF-8 (#mysql50#). */
 					strncpy(table_name, table->name,
 						MAX_TABLE_NAME_LEN);
+					table_name[MAX_TABLE_NAME_LEN] = '\0';
 				}
 
 				/* Replace the prefix 'databasename/tablename'

storage/xtradb/fts/fts0opt.cc

 /*****************************************************************************
 
 Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved.
-Copyright (c) 2016, MariaDB Corporation. All Rights reserved.
+Copyright (c) 2016, 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -673,18 +673,17 @@ fts_fetch_index_words(
 	fts_zip_t*	zip = static_cast<fts_zip_t*>(user_arg);
 	que_node_t*	exp = sel_node->select_list;
 	dfield_t*	dfield = que_node_get_val(exp);
-	short		len =  static_cast<short>(dfield_get_len(dfield));
+
+	ut_a(dfield_get_len(dfield) <= FTS_MAX_WORD_LEN);
+
+	uint16		len = uint16(dfield_get_len(dfield));
 	void*		data = dfield_get_data(dfield);
 
 	/* Skip the duplicate words. */
-	if (zip->word.f_len == static_cast<ulint>(len)
-	    && !memcmp(zip->word.f_str, data, len)) {
-
+	if (zip->word.f_len == len && !memcmp(zip->word.f_str, data, len)) {
 		return(TRUE);
 	}
 
-	ut_a(len <= FTS_MAX_WORD_LEN);
-
 	memcpy(zip->word.f_str, data, len);
 	zip->word.f_len = len;
 
@@ -692,6 +691,9 @@ fts_fetch_index_words(
 	ut_a(zip->zp->next_in == NULL);
 
 	/* The string is prefixed by len. */
+	/* FIXME: This is not byte order agnostic (InnoDB data files
+	with FULLTEXT INDEX are not portable between little-endian and
+	big-endian systems!) */
 	zip->zp->next_in = reinterpret_cast<byte*>(&len);
 	zip->zp->avail_in = sizeof(len);
 
@@ -715,7 +717,6 @@ fts_fetch_index_words(
 				zip->zp->next_in = static_cast<byte*>(data);
 				zip->zp->avail_in = len;
 				ut_a(len <= FTS_MAX_WORD_LEN);
-				len = 0;
 			}
 			break;
 

storage/xtradb/include/dict0crea.ic

 /*****************************************************************************
 
 Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved.
+Copyright (c) 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -65,11 +66,11 @@ dict_create_add_foreign_id(
 			sprintf(id, "%s_ibfk_%lu", name,
 				(ulong) (*id_nr)++);
 		} else {
-			char	table_name[MAX_TABLE_NAME_LEN + 20] = "";
+			char	table_name[MAX_TABLE_NAME_LEN + 21];
 			uint	errors = 0;
 
-			strncpy(table_name, name,
-				MAX_TABLE_NAME_LEN + 20);
+			strncpy(table_name, name, (sizeof table_name) - 1);
+			table_name[(sizeof table_name) - 1] = '\0';
 
 			innobase_convert_to_system_charset(
 				strchr(table_name, '/') + 1,
@@ -78,7 +79,8 @@ dict_create_add_foreign_id(
 
 			if (errors) {
 				strncpy(table_name, name,
-					MAX_TABLE_NAME_LEN + 20);
+					(sizeof table_name) - 1);
+				table_name[(sizeof table_name) - 1] = '\0';
 			}
 
 			/* no overflow if number < 1e13 */

storage/xtradb/include/log0online.h

 /*****************************************************************************
 
 Copyright (c) 2011-2012, Percona Inc. All Rights Reserved.
+Copyright (c) 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -146,7 +147,7 @@ struct log_online_bitmap_file_range_struct {
 	size_t	count;					/*!< Number of files */
 	/*!< Dynamically-allocated array of info about individual files */
 	struct files_t {
-		char	name[FN_REFLEN];	/*!< Name of a file */
+		char	name[OS_FILE_MAX_PATH+1];/*!< Name of a file */
 		lsn_t	start_lsn;		/*!< Starting LSN of data in
 						this file */
 		ulong	seq_num;		/*!< Sequence number of	this

storage/xtradb/log/log0online.cc

 /*****************************************************************************
 
 Copyright (c) 2011-2012 Percona Inc. All Rights Reserved.
-Copyright (C) 2016, MariaDB Corporation.
+Copyright (C) 2016, 2019, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -1453,8 +1453,9 @@ log_online_setup_bitmap_file_range(
 
 			bitmap_files->files[array_pos].seq_num = file_seq_num;
 			strncpy(bitmap_files->files[array_pos].name,
-				bitmap_dir_file_info.name, FN_REFLEN);
-			bitmap_files->files[array_pos].name[FN_REFLEN - 1]
+				bitmap_dir_file_info.name,
+				OS_FILE_MAX_PATH);
+			bitmap_files->files[array_pos].name[OS_FILE_MAX_PATH]
 				= '\0';
 			bitmap_files->files[array_pos].start_lsn
 				= file_start_lsn;

storage/xtradb/row/row0mysql.cc

@@ -5183,11 +5183,12 @@ row_rename_table_for_mysql(
 
 	if (!new_is_tmp) {
 		/* Rename all constraints. */
-		char	new_table_name[MAX_TABLE_NAME_LEN] = "";
-		char	old_table_utf8[MAX_TABLE_NAME_LEN] = "";
+		char	new_table_name[MAX_TABLE_NAME_LEN + 1];
+		char	old_table_utf8[MAX_TABLE_NAME_LEN + 1];
 		uint	errors = 0;
 
 		strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN);
+		old_table_utf8[MAX_TABLE_NAME_LEN] = '\0';
 		innobase_convert_to_system_charset(
 			strchr(old_table_utf8, '/') + 1,
 			strchr(old_name, '/') +1,
@@ -5198,6 +5199,7 @@ row_rename_table_for_mysql(
 			my_charset_filename to UTF-8. This means that the
 			table name is already in UTF-8 (#mysql#50). */
 			strncpy(old_table_utf8, old_name, MAX_TABLE_NAME_LEN);
+			old_table_utf8[MAX_TABLE_NAME_LEN] = '\0';
 		}
 
 		info = pars_info_create();
@@ -5208,6 +5210,7 @@ row_rename_table_for_mysql(
 					  old_table_utf8);
 
 		strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN);
+		new_table_name[MAX_TABLE_NAME_LEN] = '\0';
 		innobase_convert_to_system_charset(
 			strchr(new_table_name, '/') + 1,
 			strchr(new_name, '/') +1,
@@ -5218,6 +5221,7 @@ row_rename_table_for_mysql(
 			my_charset_filename to UTF-8. This means that the
 			table name is already in UTF-8 (#mysql#50). */
 			strncpy(new_table_name, new_name, MAX_TABLE_NAME_LEN);
+			new_table_name[MAX_TABLE_NAME_LEN] = '\0';
 		}
 
 		pars_info_add_str_literal(info, "new_table_utf8", new_table_name);

storage/xtradb/srv/srv0start.cc

@@ -3,7 +3,7 @@
 Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
 Copyright (c) 2008, Google Inc.
 Copyright (c) 2009, Percona Inc.
-Copyright (c) 2013, 2017, MariaDB Corporation
+Copyright (c) 2013, 2019, MariaDB Corporation.
 
 Portions of this file contain modifications contributed and copyrighted by
 Google, Inc. Those modifications are gratefully acknowledged and are described
@@ -3476,9 +3476,8 @@ srv_get_meta_data_filename(
 	if (strncmp(suffix, ".cfg", suffix_len) == 0) {
 		strcpy(filename, path);
 	} else {
-		ut_ad(strncmp(suffix, ".ibd", suffix_len) == 0);
-
-		strncpy(filename, path, len - suffix_len);
+		ut_ad(!strcmp(suffix, ".ibd"));
+		memcpy(filename, path, len - suffix_len);
 		suffix = filename + (len - suffix_len);
 		strcpy(suffix, ".cfg");
 	}