Description:
Running a specially crafted stored procedure that writes a variable to the binary log using NAME_CONST can crash the slave in some cases.  This has been verified to crash MySQL 5.0.75+ and MySQL 5.1.30+ (using SBR) on RHES4 and RHES5.

How to repeat:
Run the following against the replication master:
DROP TABLE IF EXISTS test_tbl;
CREATE TABLE test_tbl ( 
    data VARCHAR(32)
);

INSERT INTO test_tbl VALUES ('a string');

DROP PROCEDURE IF EXISTS crash_it;
DELIMITER //
CREATE PROCEDURE crash_it(arg VARCHAR(32))
SQL SECURITY INVOKER
BEGIN
    UPDATE test_tbl SET data = arg WHERE IFNULL(data, '') <> arg;
END;
//

DELIMITER ;

CALL crash_it('another string');

Sample output from the slave error log:
/home/agarner/src/5.1.31/bin/mysqld(my_print_stacktrace+0x2e)[0x89b4be]
/home/agarner/src/5.1.31/bin/mysqld(handle_segfault+0x322)[0x5d29f2]
/lib64/libpthread.so.0[0x3225a0e4c0]
090226 18:06:23 - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8384512
read_buffer_size=131072
max_used_connections=0
max_threads=151
threads_connected=0
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 338297 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x10aab250
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x457660f8 thread_stack 0x40000
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x10aa52f9 = UPDATE test_tbl SET data =  NAME_CONST('arg',_latin1'another string' COLLATE 'latin1_swedish_ci') WHERE IFNULL(data, '') <>  NAME_CONST('arg',_latin1'another string' COLLATE '
latin1_swedish_ci')
thd->thread_id=1
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
090226 18:06:23 mysqld_safe Number of processes running now: 0
090226 18:06:23 mysqld_safe mysqld restarted

Suggested fix:
The cause hasn't been determined yet.   Downgrading to 5.0.67 was the chosen workaround for 5.0 instances.   Using row based replication seems to avoid this in 5.1 instances.

Notably, this problem is not limited to replication.  Simply running the generated statement against a vulnerable MySQL Server will cause a crash:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.0.77-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SHOW GLOBAL VARIABLES LIKE 'log_bin';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_bin       | OFF   | 
+---------------+-------+
1 row in set (0.00 sec)

mysql> CREATE TABLE IF NOT EXISTS test_tbl (data VARCHAR(32));Query OK, 0 rows affected (0.00 sec)

mysql> UPDATE test_tbl SET data =  NAME_CONST('arg',_latin1'another string' COLLATE 'latin1_swedish_ci') WHERE IFNULL(data, '') <>  NAME_CONST('arg',_latin1'another string' COLLATE 'latin1_swedish_ci');ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>

This is a duplcate of bug #42014.