Description:
MySQL crashes with a JIT debug assertion "_CrtIsValidHeapPointer(pUserData)" 
The stack trace is as follows: 
ChildEBP RetAddr  
0012fcbc 004cc69e mysql!realloc_help(void * pUserData = 0x00373950, unsigned int * pnNewSize = 0x0012fd14, int nBlockUse = 1, char * szFileName = 0x00000000 "", int nLine = 0, int fRealloc = 1)+0x2b1 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c @ 785]
0012fd08 004d5949 mysql!_realloc_dbg(void * pUserData = 0x00373950, unsigned int nNewSize = 0x1210, int nBlockUse = 1, char * szFileName = 0x00000000 "", int nLine = 0)+0x5e [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c @ 1032]
0012fd28 00430e21 mysql!realloc(void * pUserData = 0x00373950, unsigned int nNewSize = 0x1210)+0x19 [f:\dd\vctools\crt_bld\self_x86\crt\src\dbgrealloc.c @ 60]
0012fd58 0040c085 mysql!my_realloc(void * oldpoint = 0x00373950, unsigned int size = 0x1210, int my_flags = 16)+0xc1 [z:\work\win32-6.0-pe-stage\mysys\my_realloc.c @ 62]
0012fd78 00403d0d mysql!String::realloc(unsigned int alloc_length = 0x1208)+0x55 [z:\work\win32-6.0-pe-stage\client\sql_string.cc @ 75]
0012fe28 00402eb4 mysql!add_line(class String * buffer = 0x0070a308, char * line = 0x00377e93 ".................................???", char * in_string = 0x0012fe9b "", bool * ml_comment = 0x0012fe8b, bool truncated = false)+0x9dd [z:\work\win32-6.0-pe-stage\client\mysql.cc @ 2308]
0012fedc 00401f32 mysql!read_and_execute(bool interactive = false)+0x314 [z:\work\win32-6.0-pe-stage\client\mysql.cc @ 1957]
0012ff6c 004cb617 mysql!main(int argc = 6, char ** argv = 0x00377c78)+0x412 [z:\work\win32-6.0-pe-stage\client\mysql.cc @ 1225]
0012ffb8 004cb4ef mysql!__tmainCRTStartup(void)+0x117 [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c @ 266]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - 
0012ffc0 7c817067 mysql!mainCRTStartup(void)+0xf [f:\dd\vctools\crt_bld\self_x86\crt\src\crt0.c @ 182]
WARNING: Stack unwind information not available. Following frames may be wrong.
0012fff0 00000000 kernel32!RegisterWaitForInputIdle+0x49

How to repeat:
Run the binlog.binlog_base64_flag, binlog.binlog_old_versions etc  in test using a debug binary on a win32 host.

Crash is reproducible by the following mysqltest test file :
--exec echo "select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; select 1 AS x from DUAL; " |$MYSQL test

For commands of the type 
echo "<something>" | mysql ....
the error returned after reading all the incoming data is not ERROR_HANDLE_EOF, but ERROR_BROKEN_PIPE(109).
This causes functions like e.g. my_win_read() to detect an error instead of returning EOF (0).

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/71552

3187 Georgi Kodinov	2009-04-07
      Bug #44133: mysql binary crashes with an exception reading command input
      
      Added an extra code for EOF condition in my_win_read(). 
      According to the MSDN:
      "If an anonymous pipe is being used and the write handle has been closed,
      when ReadFile attempts to read using the pipe's corresponding read handle,
      the function returns FALSE and GetLastError returns ERROR_BROKEN_PIPE."
      And anonymous pipes are (evidently) being used by command pipelining
      "command1 | command2 | ..." in windows.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/71614

3190 Georgi Kodinov	2009-04-08
      Addendum to bug #44133: added explanation in a code comment

Pushed into 6.0.12-alpha (revid:svoj@sun.com-20090506125450-yokcmvqf2g7jhujq) (version source revid:joro@sun.com-20090408085709-okwvxnazwmodhwog) (merge vers: 6.0.11-alpha) (pib:6)

Noted in 6.0.12 changelog.

On Windows, if the mysql client was reading input from a pipe, it
could crash attempting to read after EOF.