Description:
Running an intersection query of one polygon against a table containing many polygons crashes mysql, with the following dump.

stack_bottom = 0x469500d8 thread_stack 0x40000
/usr/local/mysql-5.1-gis/libexec/mysqld(my_print_stacktrace+0x29) [0x89b139]
/usr/local/mysql-5.1-gis/libexec/mysqld(handle_segfault+0x23e) [0x5b0f50]
/lib64/libpthread.so.0 [0x329340de70]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_scan_iterator::intersection_scan()+0x1e0) [0x753ab6]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_scan_iterator::handle_intersections()+0x84) [0x75414e]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_scan_iterator::normal_scan()+0x2de) [0x754714]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_function::find_function(gcalc_scan_iterator&)+0x2e) [0x755d50]
/usr/local/mysql-5.1-gis/libexec/mysqld(Item_func_spatial_rel::val_int()+0x251) [0x56f59f]
/usr/local/mysql-5.1-gis/libexec/mysqld [0x613684]
/usr/local/mysql-5.1-gis/libexec/mysqld(sub_select(JOIN*, st_join_table*, bool)+0xcc) [0x6198e2]
/usr/local/mysql-5.1-gis/libexec/mysqld [0x62f1b1]
/usr/local/mysql-5.1-gis/libexec/mysqld(JOIN::exec()+0x1eb2) [0x63442e]
/usr/local/mysql-5.1-gis/libexec/mysqld(mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*)+0x68b) [0x6350b3]
/usr/local/mysql-5.1-gis/libexec/mysqld(handle_select(THD*, st_lex*, select_result*, unsigned long)+0x1b8) [0x6355e4]
/usr/local/mysql-5.1-gis/libexec/mysqld [0x5ba1d7]
/usr/local/mysql-5.1-gis/libexec/mysqld(mysql_execute_command(THD*)+0x6281) [0x5c335f]
/usr/local/mysql-5.1-gis/libexec/mysqld(mysql_parse(THD*, char const*, unsigned int, char const**)+0x194) [0x5c4068]
/usr/local/mysql-5.1-gis/libexec/mysqld(dispatch_command(enum_server_command, THD*, char*, unsigned int)+0xbb4) [0x5c527a]
/usr/local/mysql-5.1-gis/libexec/mysqld(do_command(THD*)+0x226) [0x5c621e]
/usr/local/mysql-5.1-gis/libexec/mysqld(handle_one_connection+0xb0b) [0x5b6029]
/lib64/libpthread.so.0 [0x32934062f7]
/lib64/libc.so.6(clone+0x6d) [0x3292cd1e3d]

How to repeat:
create the containing geometry

mysql>select geom into @geom from country;

try and find all tiles inside this geometry;

mysql> select tile_name from grid where intersects(@geom, geom);

ERROR 2013 (HY000): Lost connection to MySQL server during query

sql file to create these two tables to be attached below.

Have ftp'd sql file to recreate tables as bug-data-47429.zip

Thank you for the report.

Verified memory errors, although in my case server doesn't crash, but just prints into error log file:

...
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'gcalc_slicescan.cc:36'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'gcalc_slicescan.cc:60'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'gcalc_slicescan.cc:60'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'my_alloc.c:201'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'sql_select.cc:6631'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'mf_iocache.c:1826'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'array.c:309'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'sql_string.h:193'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'sql_string.h:193'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at 'gcalc_slicescan.cc:60'

Could you assign this to Alexey Botchkov, who has been working on spatial bugs recently. Thank you.

Noted in 5.6.3 changelog.

Spatial operations on certain corner cases could cause a server
crash: Polygons with zero-point linerings; polygons with touching
linerings.