diff --git a/dbug/dbug.c b/dbug/dbug.c
index 3f6c9b2f980..a4f9d5ecd4b 100644
--- a/dbug/dbug.c
+++ b/dbug/dbug.c
@@ -919,7 +919,6 @@ void _db_doprnt_ (const char *format,...)
     }
     (void) fprintf (_db_fp_, "%s: ", state->u_keyword);
     (void) vfprintf (_db_fp_, format, args);
-    va_end(args);
     (void) fputc('\n',_db_fp_);
     dbug_flush(state);
     errno=save_errno;
diff --git a/myisam/mi_open.c b/myisam/mi_open.c
index 077d8c7da3a..60049325c5c 100644
--- a/myisam/mi_open.c
+++ b/myisam/mi_open.c
@@ -35,6 +35,14 @@ static void setup_key_functions(MI_KEYDEF *keyinfo);
 					pos+=size;}
 
 
+#define disk_pos_assert(pos, end_pos) \
+if (pos > end_pos)             \
+{                              \
+  my_errno=HA_ERR_CRASHED;     \
+  goto err;                    \
+}
+
+
 /******************************************************************************
 ** Return the shared struct if the table is already open.
 ** In MySQL the server will handle version issues.
@@ -70,7 +78,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
     key_parts,unique_key_parts,tmp_length,uniques;
   char name_buff[FN_REFLEN], org_name [FN_REFLEN], index_name[FN_REFLEN],
        data_name[FN_REFLEN];
-  char *disk_cache,*disk_pos;
+  char *disk_cache, *disk_pos, *end_pos;
   MI_INFO info,*m_info,*old_info;
   MYISAM_SHARE share_buff,*share;
   ulong rec_per_key_part[MI_MAX_POSSIBLE_KEY*MI_MAX_KEY_SEG];
@@ -138,11 +146,12 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
 
     info_length=mi_uint2korr(share->state.header.header_length);
     base_pos=mi_uint2korr(share->state.header.base_pos);
-    if (!(disk_cache=(char*) my_alloca(info_length)))
+    if (!(disk_cache=(char*) my_alloca(info_length+128)))
     {
       my_errno=ENOMEM;
       goto err;
     }
+    end_pos=disk_cache+info_length;
     errpos=2;
 
     VOID(my_seek(kfile,0L,MY_SEEK_SET,MYF(0)));
@@ -288,6 +297,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
       for (i=0 ; i < keys ; i++)
       {
 	disk_pos=mi_keydef_read(disk_pos, &share->keyinfo[i]);
+        disk_pos_assert(disk_pos + share->keyinfo[i].keysegs * MI_KEYSEG_SIZE,
+			end_pos);
 	set_if_smaller(share->blocksize,share->keyinfo[i].block_length);
 	share->keyinfo[i].seg=pos;
 	for (j=0 ; j < share->keyinfo[i].keysegs; j++,pos++)
@@ -319,6 +330,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
       for (i=0 ; i < uniques ; i++)
       {
 	disk_pos=mi_uniquedef_read(disk_pos, &share->uniqueinfo[i]);
+        disk_pos_assert(disk_pos + share->uniqueinfo[i].keysegs *
+			MI_KEYSEG_SIZE, end_pos);
 	share->uniqueinfo[i].seg=pos;
 	for (j=0 ; j < share->uniqueinfo[i].keysegs; j++,pos++)
 	{
@@ -344,6 +357,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
     for (i=0 ; i < keys ; i++)
       setup_key_functions(share->keyinfo+i);
 
+    disk_pos_assert(disk_pos + share->base.fields *MI_COLUMNDEF_SIZE, end_pos);
     for (i=j=offset=0 ; i < share->base.fields ; i++)
     {
       disk_pos=mi_recinfo_read(disk_pos,&share->rec[i]);
diff --git a/mysql-test/mysql-test-run.sh b/mysql-test/mysql-test-run.sh
index b6ff7dea199..65c960d13fa 100644
--- a/mysql-test/mysql-test-run.sh
+++ b/mysql-test/mysql-test-run.sh
@@ -330,7 +330,7 @@ while test $# -gt 0; do
       USE_RUNNING_SERVER=""
       ;;
     --valgrind)
-      VALGRIND="valgrind --alignment=8 --leak-check=yes"
+      VALGRIND="valgrind --alignment=8 --leak-check=yes --num-callers=16"
       EXTRA_MASTER_MYSQLD_OPT="$EXTRA_MASTER_MYSQLD_OPT --skip-safemalloc"
       EXTRA_SLAVE_MYSQLD_OPT="$EXTRA_SLAVE_MYSQLD_OPT --skip-safemalloc"
       SLEEP_TIME_AFTER_RESTART=10
diff --git a/mysys/default.c b/mysys/default.c
index c354e1744bc..cfdda17fb5f 100644
--- a/mysys/default.c
+++ b/mysys/default.c
@@ -38,6 +38,7 @@
 #include "mysys_priv.h"
 #include "m_string.h"
 #include "m_ctype.h"
+#include <my_dir.h>
 
 char *defaults_extra_file=0;
 
@@ -61,13 +62,13 @@ DATADIR,
 NullS,
 };
 
-#define default_ext   	".cnf"		/* extension for config file */
+#define default_ext	".cnf"		/* extension for config file */
 #ifdef __WIN__
 #include <winbase.h>
 #define windows_ext	".ini"
 #endif
 
-static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc,
+static my_bool search_default_file(DYNAMIC_ARRAY *args,MEM_ROOT *alloc,
 				   const char *dir, const char *config_file,
 				   const char *ext, TYPELIB *group);
 
@@ -242,6 +243,20 @@ static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc,
   {
     strmov(name,config_file);
   }
+  fn_format(name,name,"","",4);
+#if !defined(__WIN__) && !defined(OS2)
+  {
+    MY_STAT stat_info;
+    if (!my_stat(name,&stat_info,MYF(0)))
+      return 0;
+    if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files */
+    {
+      fprintf(stderr, "warning: World-writeable config file %s is ignored\n",
+              name);
+      return 0;
+    }
+  }
+#endif
   if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0))))
     return 0;					/* Ignore wrong files */
 
diff --git a/mysys/my_lib.c b/mysys/my_lib.c
index a06120894c5..035bafd07b9 100644
--- a/mysys/my_lib.c
+++ b/mysys/my_lib.c
@@ -103,7 +103,7 @@ MY_DIR	*my_dir(const char *path, myf MyFlags)
   char	dirent_tmp[sizeof(struct dirent)+_POSIX_PATH_MAX+1];
 #endif
   DBUG_ENTER("my_dir");
-  DBUG_PRINT("my",("path: '%s' stat: %d  MyFlags: %d",path,MyFlags));
+  DBUG_PRINT("my",("path: '%s' MyFlags: %d",path,MyFlags));
 
 #if defined(THREAD) && !defined(HAVE_READDIR_R)
   pthread_mutex_lock(&THR_LOCK_open);
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index daa5bfcc7ff..411c9778c3e 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -4225,7 +4225,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
     if (!mysqld_user)
       mysqld_user= argument;
     else
-      fprintf(stderr, "Warning: Ignoring user change to '%s' becasue the user is set to '%s' earlier on the command line\n", argument, mysqld_user);
+      fprintf(stderr, "Warning: Ignoring user change to '%s' because the user was set to '%s' earlier on the command line\n", argument, mysqld_user);
     break;
   case 'L':
     strmake(language, argument, sizeof(language)-1);
diff --git a/sql/slave.cc b/sql/slave.cc
index daca8fe1cf6..5ddea7501e4 100644
--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -401,9 +401,9 @@ int terminate_slave_threads(MASTER_INFO* mi,int thread_mask,bool skip_lock)
     DBUG_PRINT("info",("Terminating IO thread"));
     mi->abort_slave=1;
     if ((error=terminate_slave_thread(mi->io_thd,io_lock,
-				        io_cond_lock,
-					&mi->stop_cond,
-					&mi->slave_running)) &&
+				      io_cond_lock,
+				      &mi->stop_cond,
+				      &mi->slave_running)) &&
 	!force_all)
       DBUG_RETURN(error);
   }
@@ -443,12 +443,10 @@ int terminate_slave_thread(THD* thd, pthread_mutex_t* term_lock,
     be referening freed memory trying to kick it
   */
   THD_CHECK_SENTRY(thd);
-  if (*slave_running)
+
+  while (*slave_running)			// Should always be true
   {
     KICK_SLAVE(thd);
-  }
-  while (*slave_running)
-  {
     /*
       There is a small chance that slave thread might miss the first
       alarm. To protect againts it, resend the signal until it reacts
@@ -456,10 +454,6 @@ int terminate_slave_thread(THD* thd, pthread_mutex_t* term_lock,
     struct timespec abstime;
     set_timespec(abstime,2);
     pthread_cond_timedwait(term_cond, cond_lock, &abstime);
-    if (*slave_running)
-    {
-      KICK_SLAVE(thd);
-    }
   }
   if (term_lock)
     pthread_mutex_unlock(term_lock);
diff --git a/sql/sql_class.cc b/sql/sql_class.cc
index a99d17b0ec4..a481b365182 100644
--- a/sql/sql_class.cc
+++ b/sql/sql_class.cc
@@ -419,12 +419,14 @@ CHANGED_TABLE_LIST* THD::changed_table_dup(const char *key, long key_length)
 #ifdef SIGNAL_WITH_VIO_CLOSE
 void THD::close_active_vio()
 {
+  DBUG_ENTER("close_active_vio");
   safe_mutex_assert_owner(&LOCK_delete); 
   if (active_vio)
   {
     vio_close(active_vio);
     active_vio = 0;
   }
+  DBUG_RETURN;
 }
 #endif