Description:
MySQL crashes while fulltext searching in boolean mode without closed quote.

Working examples : 
"aa bb"
"aa" bb"

Server crashes at :
"aa bb
aa "bb

It's not happening on 4.1.7 version.

How to repeat:

CREATE TABLE `a` (
  `id` int(11) NOT NULL auto_increment,
  `title` varchar(100) NOT NULL default '',
  PRIMARY KEY  (`id`),
  FULLTEXT KEY `title` (`title`)
) TYPE=MyISAM AUTO_INCREMENT=3 ;

INSERT INTO `a` VALUES (1, 'aa bb cc');
INSERT INTO `a` VALUES (2, 'bb aa');

SELECT * FROM `a` WHERE MATCH ( title ) AGAINST ( '"aa bb' IN BOOLEAN MODE );

I was unable to repeat the crash with current BK source:

miguel@hegel:~/dbs/4.0$ bin/mysql -uroot test
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.0.25-debug-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE TABLE `a` (
    ->   `id` int(11) NOT NULL auto_increment,
    ->   `title` varchar(100) NOT NULL default '',
    ->   PRIMARY KEY  (`id`),
    ->   FULLTEXT KEY `title` (`title`)
    -> ) TYPE=MyISAM AUTO_INCREMENT=3 ;
Query OK, 0 rows affected (0.04 sec)

mysql> INSERT INTO `a` VALUES (1, 'aa bb cc');
Query OK, 1 row affected (0.01 sec)

mysql> INSERT INTO `a` VALUES (2, 'bb aa');
Query OK, 1 row affected (0.00 sec)

mysql> SELECT * FROM `a` WHERE MATCH ( title ) AGAINST ( '"aa bb' IN BOOLEAN MODE );
Empty set (0.00 sec)

mysql>

I've found that this is similar to :
#5089: Server crashing on fulltext search for short keys in boolean mode

In this situation we can say that it is happening in production version 4.0.20, however not in newest one 4.0.24.

Wojciech Olearczyk