Description:
see older bug #55077 , whose testcase does not crash.

Version: '5.5.8-rc-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 0x7ffff406e710 (LWP 19328)]
mysqld: ./strings/dtoa.c:219: my_gcvt: Assertion `width > 0 && to != ((void *)0)' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff406e710 (LWP 19328)]
0x00000030e14329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  in abort () at abort.c:92
#2  in __assert_fail at assert.c:81
#3  in my_gcvt at ./strings/dtoa.c:219
#4  in Field_str::store at ./sql/field.cc:6333
#5  in Field_string::store at ./sql/field.h:1569
#6  in Item::save_in_field at ./sql/item.cc:5415
#7  in fill_record at ./sql/sql_base.cc:8490
#8  in fill_record_n_invoke_before_triggers at ./sql/sql_base.cc:8533
#9  in mysql_insert at ./sql/sql_insert.cc:901
#10 in mysql_execute_command at ./sql/sql_parse.cc:2823
#11 in mysql_parse at ./sql/sql_parse.cc:5512
#12 in dispatch_command at ./sql/sql_parse.cc:1029
#13 in do_command at ./sql/sql_parse.cc:769
#14 in do_handle_one_connection at ./sql/sql_connect.cc:745
#15 in handle_one_connection at ./sql/sql_connect.cc:684
#16 in start_thread at pthread_create.c:301
#17 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

5.1.54 did not crash.

How to repeat:
#on debug server:

drop table if exists t1;
create table t1(a char(0))engine=myisam charset=latin1;
create or replace view v1 as select pi();
replace into t1 values ((select * from v1));

Thank you for the bug report.

000000013F96C2C5    mysqld.exe!my_sigabrt_handler()[my_thr_init.c:521]
000000013FA681E2    mysqld.exe!raise()[winsig.c:597]
000000013FA72073    mysqld.exe!abort()[abort.c:78]
000000013FA6A8B5    mysqld.exe!_wassert()[assert.c:346]
000000013F9D634B    mysqld.exe!my_gcvt()[dtoa.c:219]
000000013F5E1A1E    mysqld.exe!Field_str::store()[field.cc:6333]
000000013F554609    mysqld.exe!Field_string::store()[field.h:1529]
000000013F546AC6    mysqld.exe!Item::save_in_field()[item.cc:5416]
000000013F47C878    mysqld.exe!fill_record()[sql_base.cc:8484]
000000013F47C94C    mysqld.exe!fill_record_n_invoke_before_triggers()[sql_base.cc:8527]
000000013F66653A    mysqld.exe!mysql_insert()[sql_insert.cc:905]
000000013F560A14    mysqld.exe!mysql_execute_command()[sql_parse.cc:2933]
000000013F568E85    mysqld.exe!mysql_parse()[sql_parse.cc:5594]
000000013F55C5F1    mysqld.exe!dispatch_command()[sql_parse.cc:1142]
000000013F55BB46    mysqld.exe!do_command()[sql_parse.cc:811]
000000013F4469BD    mysqld.exe!do_handle_one_connection()[sql_connect.cc:1192]
000000013F446767    mysqld.exe!handle_one_connection()[sql_connect.cc:1132]
000000013F96B13B    mysqld.exe!pthread_start()[my_winthread.c:62]
000000013FA7F905    mysqld.exe!_callthreadstartex()[threadex.c:348]
000000013FA7F8D8    mysqld.exe!_threadstartex()[threadex.c:331]
000000007757BE3D    kernel32.dll!BaseThreadInitThunk()
0000000077786A51    ntdll.dll!RtlUserThreadStart()
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 00000000033BA180=replace into t1 values ((select * from v1))
thd->thread_id=1
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

Even simpler:

create table t1(a char(0));
insert into t1 (select pi());

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/124022

3123 Tor Didriksen	2010-11-16
      Bug #58137 char(0) column cause: my_gcvt: Assertion `width > 0 && to != ((void *)0)' failed
     @ mysql-test/r/func_math.result
        Add test for Bug #58137
     @ mysql-test/t/func_math.test
        Add test for Bug #58137
     @ sql/field.cc
        Skip calling my_gcvt() if we are trying to insert a double into a char(0) column.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/124143

3128 Tor Didriksen	2010-11-17
      Bug #58137 char(0) column cause: my_gcvt: Assertion `width > 0 && to != ((void *)0)' failed
     @ mysql-test/r/func_math.result
        Add test for Bug #58137
     @ mysql-test/t/func_math.test
        Add test for Bug #58137
     @ sql/field.cc
        Skip calling my_gcvt() if we are trying to insert a double into a char(0) column.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/124170

3128 Tor Didriksen	2010-11-17
      Bug #58137 char(0) column cause: my_gcvt: Assertion `width > 0 && to != ((void *)0)' failed
     @ mysql-test/r/func_math.result
        Add test for Bug #58137
     @ mysql-test/t/func_math.test
        Add test for Bug #58137
     @ sql/field.cc
        Skip calling my_gcvt() if we are trying to insert a double into a char(0) column.

pushed to
trunk-bugfixing
5.5-bugteam

Pushed into mysql-trunk 5.6.1 (revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (version source revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (merge vers: 5.6.1) (pib:23)

Noted in 5.5.8 changelog.

In debug builds, inserting a FLOAT value into a CHAR(0) column could
crash the server.

Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)