Description:
Test 'sp' shows invalid write in valgrind

 Invalid write of size 4
    at 0x81D097D: THD::rollback_item_tree_changes() (sql_class.cc:892)
    by 0x8333825: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned*, bool, sp_instr*) (sp_head.cc:2250)
    by 0x8334286: sp_instr_freturn::execute(THD*, unsigned*) (sp_head.cc:2628)
    by 0x8330ECF: sp_head::execute(THD*) (sp_head.cc:1075)
    by 0x833144D: sp_head::execute_function(THD*, Item**, unsigned, Field*) (sp_head.cc:1317)
    by 0x8182F7C: Item_func_sp::execute(Field**) (item_func.cc:4827)
    by 0x8184A3F: Item_func_sp::val_int() (item_func.h:1416)
    by 0x8162E8B: Item::send(Protocol*, String*) (item.cc:4512)
    by 0x81D0BF4: select_send::send_data(List<Item>&) (sql_class.cc:989)
    by 0x824AA19: JOIN::exec() (sql_select.cc:1280)
    by 0x824C7F8: mysql_select(THD*, Item***, st_table_list*, unsigned, List<Item>&, Item*,
                               unsigned, st_order*, st_order*, Item*, st_order*, unsigned long,
                               select_result*, st_select_l st_select_lex*) (sql_select.cc:1933)
    by 0x824CF19: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:238)
    by 0x81FA870: mysql_execute_command(THD*) (sql_parse.cc:2541)
    by 0x8202260: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:5887)
    by 0x8202BE3: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1762)
    by 0x82042B5: handle_one_connection (sql_parse.cc:1548)
  Address 0x7FC6658 is just below the stack ptr.  To suppress, use: --workaround-gcc296-bugs=yes

How to repeat:
Run the testcase

Kent, I believe this bug was fixed by the fix for Bug#18037.
Could you please verify it (or have it verified) again?

I was not able to repeat with today's 5.1-BK (ChangeSet@1.2247, 2006-07-13 19:12:20+02:00):

openxs@suse:~/work/mysql-5.1/mysql-test> ./mysql-test-run.pl --valgrind sp
Logging: ./mysql-test-run.pl --valgrind sp
Turning on valgrind for all executables
Running valgrind with options "--show-reachable=yes"
Using "../libtool" when running valgrind or debugger
Using ndbcluster if necessary, mysqld supports it
Setting mysqld to support SSL connections
Using MTR_BUILD_THREAD      = 0
Using MASTER_MYPORT         = 9306
Using MASTER_MYPORT1        = 9307
Using SLAVE_MYPORT          = 9308
Using SLAVE_MYPORT1         = 9309
Using SLAVE_MYPORT2         = 9310
Using NDBCLUSTER_PORT       = 9310
Using NDBCLUSTER_PORT_SLAVE = 9311
Using IM_PORT               = 9312
Using IM_MYSQLD1_PORT       = 9313
Using IM_MYSQLD2_PORT       = 9314
Killing Possible Leftover Processes
Removing Stale Files
Installing Master Database
Installing Master Database
=======================================================
Starting Tests in the 'main' suite

TEST                           RESULT         TIME (ms)
-------------------------------------------------------

sp                             [ pass ]          85549
-------------------------------------------------------
Ending Tests
Shutting-down MySQL daemon

Master(s) shutdown finished
Slave(s) shutdown finished
All 1 tests were successful.
mysql-test-run: WARNING: Got errors/warnings while running tests, please examine
 "/home/openxs/work/mysql-5.1/mysql-test/var/log/warnings" for details.

mysql-test-run: *** ERROR: there where failing test cases
openxs@suse:~/work/mysql-5.1/mysql-test> cat var/log/warnings
==5170==    at 0x4012D33: (within /lib/ld-2.3.4.so)
==5170==    at 0x401C4CE: malloc (vg_replace_malloc.c:149)
==5170==    at 0x400AE03: (within /lib/ld-2.3.4.so)
==5170==    at 0x400AE55: (within /lib/ld-2.3.4.so)
==5170==    at 0x401C4CE: malloc (vg_replace_malloc.c:149)
==5170==    at 0x401C4CE: malloc (vg_replace_malloc.c:149)
==5170==    at 0x401C4CE: malloc (vg_replace_malloc.c:149)
==5170==    at 0x401C4CE: malloc (vg_replace_malloc.c:149)
==5170==    at 0x401D910: calloc (vg_replace_malloc.c:279)
==5170==    at 0x401D910: calloc (vg_replace_malloc.c:279)
==5170==    at 0x401D910: calloc (vg_replace_malloc.c:279)