MySQL Bugs: #58939: Invalid free() / delete / delete[] after flush privileges was run

Bug #58939	Invalid free() / delete / delete[] after flush privileges was run
Submitted:	15 Dec 2010 6:50	Modified:	11 Feb 2011 7:05
Reporter:	Shane Bester (Platinum Quality Contributor)	Email Updates:
Status:	Can't repeat	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S1 (Critical)
Version:	5.5.9	OS:	Any
Assigned to:		CPU Architecture:	Any

Description:
5.5.9:

Invalid free() / delete / delete[]
at: free (vg_replace_malloc.c:325)
by: my_free (my_malloc.c:128)
by: delete_dynamic (array.c:308)
by: acl_reload (sql_acl.cc:1183)
by: reload_acl_and_cache (sql_reload.cc:74)
by: mysql_execute_command (sql_parse.cc:3533)
by: mysql_parse (sql_parse.cc:5496)
by: dispatch_command (sql_parse.cc:1032)
by: do_command (sql_parse.cc:772)
by: do_handle_one_connection (sql_connect.cc:745)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)
 Address 0x15c93f20 is 0 bytes inside a block of size 2,800 free'd
at: realloc (vg_replace_malloc.c:476)
by: my_realloc (my_malloc.c:101)
by: freeze_size (array.c:353)
by: acl_load) (sql_acl.cc:1030)
by: acl_reload (sql_acl.cc:1166)
by: reload_acl_and_cache (sql_reload.cc:74)
by: mysql_execute_command (sql_parse.cc:3533)
by: mysql_parse (sql_parse.cc:5496)
by: dispatch_command (sql_parse.cc:1032)
by: do_command (sql_parse.cc:772)
by: do_handle_one_connection (sql_connect.cc:745)
by: handle_one_connection (sql_connect.cc:684)
by: start_thread (pthread_create.c:301)

How to repeat:
not sure yet. happened when running "flush privileges" on a loaded system.