Description:
Version: '5.5.10-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 0x7ffff408b710 (LWP 18297)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff408b710 (LWP 18297)]
in get_internal_charset (cs_number=2048, flags=0) at ./mysys/charset.c:550
550         if (cs->state & MY_CS_READY)  /* if CS is already initialized */
(gdb) bt
#0 in get_internal_charset at ./mysys/charset.c:550
#1 in get_charset at ./mysys/charset.c:596
#2 in check_charset at ./sql/sys_vars.cc:419
#3 in sys_var::check at ./sql/set_var.cc:226
#4 in set_var::check at ./sql/set_var.cc:626
#5 in sql_set_variables at ./sql/set_var.cc:570
#6 in mysql_execute_command at ./sql/sql_parse.cc:3053
#7 in mysql_parse at ./sql/sql_parse.cc:5509
#8 in dispatch_command at ./sql/sql_parse.cc:1035
#9 in do_command at ./sql/sql_parse.cc:772
#10 in do_handle_one_connection at ./sql/sql_connect.cc:748
#11 in handle_one_connection at ./sql/sql_connect.cc:684
#12 in start_thread at pthread_create.c:301
#13 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

looks like a recent regression.

How to repeat:
#all the below crash:
set session character_set_results = 2048;
set session character_set_client=2048;
set session character_set_connection=2048;
set session character_set_server=2048;
set session collation_server=2048;
set session character_set_filesystem=2048;
set session character_set_database=2048;
set session collation_connection=2048;
set session collation_database=2048;

5.5.8 does not crash:

C:\Program Files\MySQL\MySQL Server 5.1\bin>mysql -uroot -proot -P3312 test
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.5.8 MySQL Community Server (GPL)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set session character_set_results = 2048;
ERROR 1115 (42000): Unknown character set: '2048'

Verified on 32-bit Ubuntu 10.04:

openxs@ubuntu:/home2/openxs/dbs/5.5$ bin/mysql --no-defaults -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.10-debug Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set session character_set_results = 2048;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 110202 12:42:24 mysqld_safe Number of processes running now: 0
110202 12:42:24 mysqld_safe mysqld restarted

mysql> exit
Bye
openxs@ubuntu:/home2/openxs/dbs/5.5$ tail -100 data/ubuntu.err 
...
Version: '5.5.10-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
110202 12:42:22 - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=1
max_threads=151
thread_count=1
connection_count=1
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337966 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0xa5656a8
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0xa923c348 thread_stack 0x30000
/home2/openxs/dbs/5.5/bin/mysqld(my_print_stacktrace+0x33)[0x84f5380]
/home2/openxs/dbs/5.5/bin/mysqld(handle_segfault+0x34c)[0x8172e87]
[0xaf0400]
/home2/openxs/dbs/5.5/bin/mysqld(get_charset+0x80)[0x84cfc38]
/home2/openxs/dbs/5.5/bin/mysqld[0x8300828]
/home2/openxs/dbs/5.5/bin/mysqld(_ZN7sys_var5checkEP3THDP7set_var+0xc6)[0x818d482]
/home2/openxs/dbs/5.5/bin/mysqld(_ZN7set_var5checkEP3THD+0x202)[0x818e33e]
/home2/openxs/dbs/5.5/bin/mysqld(_Z17sql_set_variablesP3THDP4ListI12set_var_baseE+0x67)[0x818e05d]
/home2/openxs/dbs/5.5/bin/mysqld(_Z21mysql_execute_commandP3THD+0x392b)[0x8216d66]
/home2/openxs/dbs/5.5/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1ff)[0x821db7d]
/home2/openxs/dbs/5.5/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0xa56)[0x8211736]
/home2/openxs/dbs/5.5/bin/mysqld(_Z10do_commandP3THD+0x292)[0x8210ac7]
/home2/openxs/dbs/5.5/bin/mysqld(_Z24do_handle_one_connectionP3THD+0x3f7)[0x82edcfe]
/home2/openxs/dbs/5.5/bin/mysqld(handle_one_connection+0x35)[0x82ed8fc]
/lib/tls/i686/cmov/libpthread.so.0(+0x596e)[0x70196e]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0x1dda4e]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0xa5b0f50): set session character_set_results = 2048
Connection ID (thread ID): 1
Status: NOT_KILLED

Still crashing with current mysql-trunk (valgrind build) on 32-bit Ubuntu 10.04:

openxs@ubuntu:/home2/openxs/dbs/trunk$ bin/mysql --no-defaults -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.2-m5-valgrind-max-debug Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set session character_set_results = 2048;
ERROR 2013 (HY000): Lost connection to MySQL server during query
...

openxs@ubuntu:/home2/openxs/bzr2/mysql-trunk$ bzr revno
3621

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130846

3322 Georgi Kodinov	2011-02-09
      Bug #59884: setting charset to 2048 crashes
      
      The retrieval of a charset by number was not
      doing bounds checking before accessing the internal 
      character sets array.
      Added checks for valid charset number.
      Added asserts for valid charset number to some of 
      the internal functions.
      Removed one superfluous check for charset_number 0
      (since the all_charsets_array[0] is set to 0 anyway) for 
      uniformity.
      Test suite added.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130944

3322 Georgi Kodinov	2011-02-10
      Bug #59884: setting charset to 2048 crashes
      
      The retrieval of a charset by number was not
      doing bounds checking before accessing the internal 
      character sets array.
      Added checks for valid charset number.
      Added asserts for valid charset number to some of 
      the internal functions.
      Removed one superfluous check for charset_number 0
      (since the all_charsets_array[0] is set to 0 anyway) for 
      uniformity.
      Test suite added.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130945

3318 Georgi Kodinov	2011-02-10
      Bug #59884: setting charset to 2048 crashes
      
      The retrieval of a charset by number was not
      doing bounds checking before accessing the internal 
      character sets array.
      Added checks for valid charset number.
      Added asserts for valid charset number to some of 
      the internal functions.
      Removed one superfluous check for charset_number 0
      (since the all_charsets_array[0] is set to 0 anyway) for 
      uniformity.
      Test suite added.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130960

3319 Georgi Kodinov	2011-02-10
      Bug #59884: setting charset to 2048 crashes
      
      The retrieval of a charset by number was not
      doing bounds checking before accessing the internal 
      character sets array.
      Added checks for valid charset number.
      Added asserts for valid charset number to some of 
      the internal functions.
      Removed one superfluous check for charset_number 0
      (since the all_charsets_array[0] is set to 0 anyway) for 
      uniformity.
      Test suite added.

Pushed into mysql-5.5 5.5.10 (revid:georgi.kodinov@oracle.com-20110210073422-1a1pyvcie7z29s3q) (version source revid:georgi.kodinov@oracle.com-20110210073422-1a1pyvcie7z29s3q) (merge vers: 5.5.10) (pib:24)

Pushed into mysql-trunk 5.6.2 (revid:georgi.kodinov@oracle.com-20110210090639-t9eegwfzzp4tg3mh) (version source revid:georgi.kodinov@oracle.com-20110210085244-vvfzwdwmh5brasej) (merge vers: 5.6.2) (pib:24)

Noted in 5.5.10, 5.6.2 changelogs.

Use of character set numbers 2048 or larger caused a server crash

CHANGESET - http://lists.mysql.com/commits/130960