delimiter $ set names utf8$ drop procedure if exists `p2` $ create procedure `p2`(in `a` text) begin declare `pos` int default 1; declare `str` text; set `str` := `a`; select substr(`str`, `pos`+ 1 )into `str`; end $ delimiter ; call `p2`(' ,as asdas ad a aasd ad,a ,da,das '); show warnings; Version: '5.0.66a-enterprise-gpl-debug-log' socket: '/tmp/mysql.sock' port: 3306 MySQL Enterprise Server - Debug (GPL) --32163-- REDIR: 0x375350 (strnlen) redirected to 0x4006240 (strnlen) ==32163== Thread 10: ==32163== Invalid read of size 1 ==32163== at 0x83F8A76: my_utf8_uni (ctype-utf8.c:1952) ==32163== by 0x8402924: my_well_formed_len_mb (ctype-mb.c:292) ==32163== by 0x818F652: well_formed_copy_nchars(charset_info_st*, char*, unsigned, charset_info_st*, char const*, unsigned, unsigned, char const**, char const**, char const**) (sql_string.cc:939) ==32163== by 0x817A2A6: Field_blob::store(char const*, unsigned, charset_info_st*) (sql_string.h:98) ==32163== by 0x811DB2D: Item::save_in_field(Field*, bool) (sql_string.h:98) ==32163== by 0x82B0741: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:351) ==32163== by 0x82B970B: sp_rcontext::set_variable(THD*, Field*, Item**) (sp_rcontext.cc:441) ==32163== by 0x82B96D4: sp_rcontext::set_variable(THD*, unsigned, Item**) (sp_rcontext.cc:428) ==32163== by 0x818678B: select_dumpvar::send_data(List&) (sql_class.cc:2018) ==32163== by 0x81DC26D: JOIN::exec() (sql_select.cc:1603) ==32163== by 0x81DDC0A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2274) ==32163== by 0x81D91CE: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:245) ==32163== Address 0x7C807B1 is 1 bytes inside a block of size 40 free'd ==32163== at 0x400501A: free (vg_replace_malloc.c:233) ==32163== by 0x83D481E: my_no_flags_free (my_malloc.c:59) ==32163== by 0x818E5DB: String::real_alloc(unsigned) (sql_string.h:189) ==32163== by 0x817A26C: Field_blob::store(char const*, unsigned, charset_info_st*) (sql_string.h:198) ==32163== by 0x811DB2D: Item::save_in_field(Field*, bool) (sql_string.h:98) ==32163== by 0x82B0741: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:351) ==32163== by 0x82B970B: sp_rcontext::set_variable(THD*, Field*, Item**) (sp_rcontext.cc:441) ==32163== by 0x82B96D4: sp_rcontext::set_variable(THD*, unsigned, Item**) (sp_rcontext.cc:428) ==32163== by 0x818678B: select_dumpvar::send_data(List&) (sql_class.cc:2018) ==32163== by 0x81DC26D: JOIN::exec() (sql_select.cc:1603) ==32163== by 0x81DDC0A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2274) ==32163== by 0x81D91CE: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:245) ==32163== ==32163== Invalid read of size 1 ==32163== at 0x40065F5: memmove (mc_replace_strmem.c:503) ==32163== by 0x818F661: well_formed_copy_nchars(charset_info_st*, char*, unsigned, charset_info_st*, char const*, unsigned, unsigned, char const**, char const**, char const**) (sql_string.cc:941) ==32163== by 0x817A2A6: Field_blob::store(char const*, unsigned, charset_info_st*) (sql_string.h:98) ==32163== by 0x811DB2D: Item::save_in_field(Field*, bool) (sql_string.h:98) ==32163== by 0x82B0741: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:351) ==32163== by 0x82B970B: sp_rcontext::set_variable(THD*, Field*, Item**) (sp_rcontext.cc:441) ==32163== by 0x82B96D4: sp_rcontext::set_variable(THD*, unsigned, Item**) (sp_rcontext.cc:428) ==32163== by 0x818678B: select_dumpvar::send_data(List&) (sql_class.cc:2018) ==32163== by 0x81DC26D: JOIN::exec() (sql_select.cc:1603) ==32163== by 0x81DDC0A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2274) ==32163== by 0x81D91CE: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:245) ==32163== by 0x81A89D4: mysql_execute_command(THD*) (sql_parse.cc:2721) ==32163== Address 0x7C807D3 is 35 bytes inside a block of size 40 free'd ==32163== at 0x400501A: free (vg_replace_malloc.c:233) ==32163== by 0x83D481E: my_no_flags_free (my_malloc.c:59) ==32163== by 0x818E5DB: String::real_alloc(unsigned) (sql_string.h:189) ==32163== by 0x817A26C: Field_blob::store(char const*, unsigned, charset_info_st*) (sql_string.h:198) ==32163== by 0x811DB2D: Item::save_in_field(Field*, bool) (sql_string.h:98) ==32163== by 0x82B0741: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:351) ==32163== by 0x82B970B: sp_rcontext::set_variable(THD*, Field*, Item**) (sp_rcontext.cc:441) ==32163== by 0x82B96D4: sp_rcontext::set_variable(THD*, unsigned, Item**) (sp_rcontext.cc:428) ==32163== by 0x818678B: select_dumpvar::send_data(List&) (sql_class.cc:2018) ==32163== by 0x81DC26D: JOIN::exec() (sql_select.cc:1603) ==32163== by 0x81DDC0A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2274) ==32163== by 0x81D91CE: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:245) ==32163== ==32163== Invalid read of size 1 ==32163== at 0x4006602: memmove (mc_replace_strmem.c:503) ==32163== by 0x818F661: well_formed_copy_nchars(charset_info_st*, char*, unsigned, charset_info_st*, char const*, unsigned, unsigned, char const**, char const**, char const**) (sql_string.cc:941) ==32163== by 0x817A2A6: Field_blob::store(char const*, unsigned, charset_info_st*) (sql_string.h:98) ==32163== by 0x811DB2D: Item::save_in_field(Field*, bool) (sql_string.h:98) ==32163== by 0x82B0741: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:351) ==32163== by 0x82B970B: sp_rcontext::set_variable(THD*, Field*, Item**) (sp_rcontext.cc:441) ==32163== by 0x82B96D4: sp_rcontext::set_variable(THD*, unsigned, Item**) (sp_rcontext.cc:428) ==32163== by 0x818678B: select_dumpvar::send_data(List&) (sql_class.cc:2018) ==32163== by 0x81DC26D: JOIN::exec() (sql_select.cc:1603) ==32163== by 0x81DDC0A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2274) ==32163== by 0x81D91CE: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:245) ==32163== by 0x81A89D4: mysql_execute_command(THD*) (sql_parse.cc:2721) ==32163== Address 0x7C807D1 is 33 bytes inside a block of size 40 free'd ==32163== at 0x400501A: free (vg_replace_malloc.c:233) ==32163== by 0x83D481E: my_no_flags_free (my_malloc.c:59) ==32163== by 0x818E5DB: String::real_alloc(unsigned) (sql_string.h:189) ==32163== by 0x817A26C: Field_blob::store(char const*, unsigned, charset_info_st*) (sql_string.h:198) ==32163== by 0x811DB2D: Item::save_in_field(Field*, bool) (sql_string.h:98) ==32163== by 0x82B0741: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:351) ==32163== by 0x82B970B: sp_rcontext::set_variable(THD*, Field*, Item**) (sp_rcontext.cc:441) ==32163== by 0x82B96D4: sp_rcontext::set_variable(THD*, unsigned, Item**) (sp_rcontext.cc:428) ==32163== by 0x818678B: select_dumpvar::send_data(List&) (sql_class.cc:2018) ==32163== by 0x81DC26D: JOIN::exec() (sql_select.cc:1603) ==32163== by 0x81DDC0A: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2274) ==32163== by 0x81D91CE: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:245)