Description:
during some long running subquery tests, under valgrind memcheck I found this:

Thread 12:                                                
Conditional jump or move depends on uninitialised value(s)
at 0x8241470: remove_const(sql_select.cc:6963)            
by 0x8254BAC: JOIN::optimize(sql_select.cc:1186)          
by 0x825C7CC: mysql_select                                
by 0x825CF6A: mysql_explain_union(sql_select.cc:16260)    
by 0x8257404: select_describe(sql_select.cc:16201)        
by 0x825A156: JOIN::exec(sql_select.cc:7014)              
by 0x825C89E: mysql_select                                
by 0x825CF6A: mysql_explain_union(sql_select.cc:16260)    
by 0x81F203E: execute_sqlcom_select(sql_parse.cc:4743)    
by 0x81F5B8E: mysql_execute_command(sql_parse.cc:2073)    
by 0x81FAB6B: mysql_parse(sql_parse.cc:5645)              
by 0x81FAFB7: dispatch_command(sql_parse.cc:1137)         

sql_select.cc:6963 looks like this

else if (!(order_tables & not_const_tables))
{
  if (order->item[0]->with_subselect) <-----here
     order->item[0]->val_str(&order->item[0]->str_value);
  DBUG_PRINT("info",("removing: %s", order->item[0]->full_name()));
  continue;		// skip const item
}

How to repeat:
no idea! thousands of queries ran, and no logging was enabled.

how to repeat:
-------------

I ran mysqld under valgrind like this:
valgrind --tool=memcheck   --leak-check=yes -v --show-reachable=yes  ./sql/mysqld --basedir=./ --datadir=/home/sbester/mysql/5.1/mysql-5.1.26-rc-linux-i686/data/ --language=./sql/share/english --skip-grant-tables --skip-name-resolve

you must change the paths to match your own paths.

then run mysql -A test and paste the following SQL:

drop table if exists `t3`;
drop table if exists `t4`;
create table `t3` (`a` bit(1) not null,`b` int) engine=myisam;
create table `t4` (`c` int) engine=innodb;
explain select `b` from `t3` where `a` not in(select `b` from `t3`,`t4` group by  `a`) group by `a`;

Some observations:
o) running the query again does not give another error. See get another error, you have to restart mysqld
o) error only happens when t4 is innodb table
o) seems related to t3 having a bit column.

5.0.66a also affected.

hah! happens in 5.1.35 using the testcase provided.

[sbester@box1 mysql-5.1.35-linux-i686]$ valgrind --version
valgrind-3.2.1

$ valgrind --tool=memcheck --leak-check=full --db-attach=yes --db-command="/home/sbester/gdb-6.8/gdb/gdb --pid=%p" -v --show-reachable=yes  ./bin/mysqld  --no-defaults --basedir=./ --datadir=./data  --skip-grant-tables --skip-name-resolve --server-id=2 --port=3310 --socket=sock.sock --gdb --skip-stack-trace

Version: '5.1.35-debug'  socket: 'sock.sock'  port: 3310  yes
==11056== Thread 10:
==11056== Conditional jump or move depends on uninitialised value(s)
 at: remove_const (sql_select.cc:7020)
 by: JOIN::optimize (sql_select.cc:1197)
 by: mysql_select (sql_select.cc:2364)
 by: mysql_explain_union (sql_select.cc:16381)
 by: select_describe (sql_select.cc:16322)
 by: JOIN::exec (sql_select.cc:7071)
 by: mysql_select (sql_select.cc:2378)
 by: mysql_explain_union (sql_select.cc:16381)
 by: execute_sqlcom_select (sql_parse.cc:4987)
 by: mysql_execute_command( (sql_parse.cc:2211)
 by: mysql_parse (sql_parse.cc:5929)
 by: dispatch_command (sql_parse.cc:1216)

mysql -uroot -A -h127.0.0.1 -P3310 test

drop table if exists `t3`;
drop table if exists `t4`;
create table `t3` (`a` bit(1) not null,`b` int) engine=myisam;
create table `t4` (`c` int) engine=innodb;
explain select `b` from `t3` where `a` not in(select `b` from 
`t3`,`t4` group by  `a`) group by `a`;

sql_select.cc:7020 is this line:
else if (!(order_tables & not_const_tables))
    {
      if (order->item[0]->with_subselect)  <--------here

I tried mysql-advanced-gpl-5.1.34-linux-i686-glibc23.tar.gz package 
and it also shows the error.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/75536

2764 Georgi Kodinov	2009-06-03
      Bug #36995: valgrind error in remove_const during subquery executions
      
      When copying the Item class one must copy its attributes as well.
     @ mysql-test/r/innodb_mysql.result
        Bug #36995: test case
     @ mysql-test/t/innodb_mysql.test
        Bug #36995: test case
     @ sql/item.cc
        Bug #36995: copy attributes in the copy constructor

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/75594

2764 Georgi Kodinov	2009-06-04
      Bug #36995: valgrind error in remove_const during subquery executions
      
      When copying the Item class one must copy its attributes as well.
     @ mysql-test/r/innodb_mysql.result
        Bug #36995: test case
     @ mysql-test/t/innodb_mysql.test
        Bug #36995: test case
     @ sql/item.cc
        Bug #36995: copy attributes in the copy constructor

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/75595

2765 Georgi Kodinov	2009-06-04
      Bug #36995: valgrind error in remove_const during subquery executions
      
      When copying the Item class one must copy its attributes as well.
     @ mysql-test/r/innodb_mysql.result
        Bug #36995: test case
     @ mysql-test/t/innodb_mysql.test
        Bug #36995: test case
     @ sql/item.cc
        Bug #36995: copy attributes in the copy constructor

Pushed into 5.0.84 (revid:gkodinov@mysql.com-20090616082753-kwe0l8uoictxhojf) (version source revid:azundris@mysql.com-20090605212937-9kcqi5zjat2f2awm) (merge vers: 5.0.83) (pib:6)

Pushed into 5.1.36 (revid:joro@sun.com-20090616102155-3zhezogudt4uxdyn) (version source revid:azundris@mysql.com-20090606160500-zm37psz7u1m96y5l) (merge vers: 5.1.36) (pib:6)

Pushed into 5.4.4-alpha (revid:alik@sun.com-20090616183122-chjzbaa30qopdra9) (version source revid:azundris@mysql.com-20090606160423-aym8s5rn51nmg387) (merge vers: 6.0.12-alpha) (pib:11)

Noted in 5.0.84, 5.1.37, 5.4.4 changelogs.

A Valgrind error during subquery execution was corrected.

Noted in 5.4.2 changelog because next 5.4 version will be 5.4.2 and not 5.4.4.

Ignore previous comment about 5.4.2.

Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)

Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers: 5.1.37-ndb-6.3.27) (pib:11)

Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers: 5.1.37-ndb-6.2.19) (pib:11)

Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)

The 5.4 fix has been pushed to 5.4.2.