valgrind errors in 5.5.5-debug:

Invalid read of size 1
at: String::append(String const&) (sql_string.cc:349)
by: dump_leaf_key (item_sum.cc:2952)
by: tree_walk_left_root_right (tree.c:541)
by: tree_walk_left_root_right (tree.c:546)
by: tree_walk_left_root_right (tree.c:541)
by: tree_walk (tree.c:529)
by: Item_func_group_concat::val_str (item_sum.cc:3393)
by: Item::save_in_field (item.cc:5417)
by: Item_result_field::save_in_result_field (item.h:2375)
by: copy_sum_funcs (sql_select.cc:15952)
by: end_write_group (sql_select.cc:12892)
by: sub_select (sql_select.cc:11547)
by: do_select (sql_select.cc:11336)
by: JOIN::exec() (sql_select.cc:2107)
by: mysql_select (sql_select.cc:2549)
by: handle_select (sql_select.cc:290)
by: execute_sqlcom_select(sql_parse.cc:4882)
by: mysql_execute_command (sql_parse.cc:2329)
by: mysql_parse (sql_parse.cc:5911)
by: dispatch_command (sql_parse.cc:1135)
by: do_command (sql_parse.cc:807)
by: do_handle_one_connection (sql_connect.cc:1196)
by: handle_one_connection (sql_connect.cc:1135)
by: start_thread (in /lib64/libpthread-2.5.so)
by: clone (in /lib64/libc-2.5.so)


No testcase yet.


full valgrind log:

==12375== Invalid read of size 1
==12375==    at 0xA2757D: my_mb_wc_utf8mb4 (ctype-utf8.c:4416)
==12375==    by 0xA1BBEB: my_uca_scanner_next_any (ctype-uca.c:6981)
==12375==    by 0xA1C08C: my_strnncollsp_uca (ctype-uca.c:7182)
==12375==    by 0xA1DB1E: my_strnncollsp_any_uca (ctype-uca.c:8064)
==12375==    by 0x6E3CF3: Field_blob::cmp(unsigned char const*, unsigned int, unsigned char const*, unsigned int) (field.cc:7560)
==12375==    by 0x6E4D40: Field_blob::cmp_max(unsigned char const*, unsigned char const*, unsigned int) (field.cc:7573)
==12375==    by 0x6FD9C2: Field_blob::cmp(unsigned char const*, unsigned char const*) (field.h:1705)
==12375==    by 0x79AA88: group_concat_key_cmp_with_distinct (item_sum.cc:2854)
==12375==    by 0xA047E3: tree_insert (tree.c:209)
==12375==    by 0x7A6B17: Unique::unique_add(void*) (sql_class.h:3277)
==12375==    by 0x79DF15: Item_func_group_concat::add() (item_sum.cc:3160)
==12375==    by 0x7A5057: Aggregator_simple::add() (item_sum.h:625)
==12375==    by 0x607C55: Item_sum::aggregator_add() (item_sum.h:491)
==12375==    by 0x5DA3B2: update_sum_func(Item_sum**) (sql_select.cc:15980)
==12375==    by 0x5E4CA0: end_write_group(JOIN*, st_join_table*, bool) (sql_select.cc:12928)
==12375==    by 0x5E2461: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11707)
==12375==    by 0x5E26A0: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11588)
==12375==    by 0x5EB0C0: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11334)
==12375==    by 0x606314: JOIN::exec() (sql_select.cc:2107)
==12375==    by 0x601EEC: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2549)
==12375==    by 0x6075CC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:290)
==12375==    by 0x5B0953: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4882)
==12375==    by 0x5B19FF: mysql_execute_command(THD*) (sql_parse.cc:2329)
==12375==    by 0x5B9070: mysql_parse(THD*, char const*, unsigned int, Parser_state*) (sql_parse.cc:5911)
==12375==    by 0x5BA4F2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1135)
==12375==    by 0x5BBA30: do_command(THD*) (sql_parse.cc:807)
==12375==    by 0x689222: do_handle_one_connection(THD*) (sql_connect.cc:1196)
==12375==    by 0x6892E8: handle_one_connection (sql_connect.cc:1135)
==12375==    by 0x4E2E09D: start_thread (in /lib64/libpthread-2.5.so)
==12375==    by 0x5DB74CC: clone (in /lib64/libc-2.5.so)
==12375==  Address 0x10a49178 is 40 bytes inside a block of size 60 free'd
==12375==    at 0x4C22B71: free (vg_replace_malloc.c:325)
==12375==    by 0x9FD81F: _myfree (safemalloc.c:326)
==12375==    by 0x527945: String::free() (sql_string.h:208)
==12375==    by 0x626130: String::real_alloc(unsigned int) (sql_string.cc:40)
==12375==    by 0x5315D5: String::alloc(unsigned int) (sql_string.h:217)
==12375==    by 0x6F4C58: Field_blob::store(char const*, unsigned int, charset_info_st*) (field.cc:7432)
==12375==    by 0x702C89: do_save_blob(Copy_field*) (field_conv.cc:310)
==12375==    by 0x7009D4: do_copy_null(Copy_field*) (field_conv.cc:218)
==12375==    by 0x5DA6C1: copy_fields(TMP_TABLE_PARAM*) (sql_select.cc:15632)
==12375==    by 0x79DDFF: Item_func_group_concat::add() (item_sum.cc:3139)
==12375==    by 0x7A5057: Aggregator_simple::add() (item_sum.h:625)
==12375==    by 0x607C55: Item_sum::aggregator_add() (item_sum.h:491)
==12375==    by 0x5DA3B2: update_sum_func(Item_sum**) (sql_select.cc:15980)
==12375==    by 0x5E4CA0: end_write_group(JOIN*, st_join_table*, bool) (sql_select.cc:12928)
==12375==    by 0x5E2461: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11707)
==12375==    by 0x5E26A0: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11588)
==12375==    by 0x5EB0C0: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11334)
==12375==    by 0x606314: JOIN::exec() (sql_select.cc:2107)
==12375==    by 0x601EEC: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2549)
==12375==    by 0x6075CC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:290)
==12375==    by 0x5B0953: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4882)
==12375==    by 0x5B19FF: mysql_execute_command(THD*) (sql_parse.cc:2329)
==12375==    by 0x5B9070: mysql_parse(THD*, char const*, unsigned int, Parser_state*) (sql_parse.cc:5911)
==12375==    by 0x5BA4F2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1135)
==12375==    by 0x5BBA30: do_command(THD*) (sql_parse.cc:807)
==12375==    by 0x689222: do_handle_one_connection(THD*) (sql_connect.cc:1196)
==12375==    by 0x6892E8: handle_one_connection (sql_connect.cc:1135)
==12375==    by 0x4E2E09D: start_thread (in /lib64/libpthread-2.5.so)
==12375==    by 0x5DB74CC: clone (in /lib64/libc-2.5.so)
==12375== 
==12375== Invalid read of size 1
==12375==    at 0x625FE1: String::append(String const&) (sql_string.cc:349)
==12375==    by 0x79DC7A: dump_leaf_key (item_sum.cc:2952)
==12375==    by 0xA05884: tree_walk_left_root_right (tree.c:541)
==12375==    by 0xA058A6: tree_walk_left_root_right (tree.c:546)
==12375==    by 0xA05822: tree_walk_left_root_right (tree.c:541)
==12375==    by 0xA057B4: tree_walk (tree.c:529)
==12375==    by 0x79C551: Item_func_group_concat::val_str(String*) (item_sum.cc:3393)
==12375==    by 0x72EF8C: Item::save_in_field(Field*, bool) (item.cc:5417)
==12375==    by 0x5BC737: Item_result_field::save_in_result_field(bool) (item.h:2375)
==12375==    by 0x5DA317: copy_sum_funcs(Item_sum**, Item_sum**) (sql_select.cc:15952)
==12375==    by 0x5E4A69: end_write_group(JOIN*, st_join_table*, bool) (sql_select.cc:12892)
==12375==    by 0x5E2585: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11547)
==12375==    by 0x5EB0E4: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11336)
==12375==    by 0x606314: JOIN::exec() (sql_select.cc:2107)
==12375==    by 0x601EEC: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2549)
==12375==    by 0x6075CC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:290)
==12375==    by 0x5B0953: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4882)
==12375==    by 0x5B19FF: mysql_execute_command(THD*) (sql_parse.cc:2329)
==12375==    by 0x5B9070: mysql_parse(THD*, char const*, unsigned int, Parser_state*) (sql_parse.cc:5911)
==12375==    by 0x5BA4F2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1135)
==12375==    by 0x5BBA30: do_command(THD*) (sql_parse.cc:807)
==12375==    by 0x689222: do_handle_one_connection(THD*) (sql_connect.cc:1196)
==12375==    by 0x6892E8: handle_one_connection (sql_connect.cc:1135)
==12375==    by 0x4E2E09D: start_thread (in /lib64/libpthread-2.5.so)
==12375==    by 0x5DB74CC: clone (in /lib64/libc-2.5.so)
==12375==  Address 0x10a49178 is 40 bytes inside a block of size 60 free'd
==12375==    at 0x4C22B71: free (vg_replace_malloc.c:325)
==12375==    by 0x9FD81F: _myfree (safemalloc.c:326)
==12375==    by 0x527945: String::free() (sql_string.h:208)
==12375==    by 0x626130: String::real_alloc(unsigned int) (sql_string.cc:40)
==12375==    by 0x5315D5: String::alloc(unsigned int) (sql_string.h:217)
==12375==    by 0x6F4C58: Field_blob::store(char const*, unsigned int, charset_info_st*) (field.cc:7432)
==12375==    by 0x702C89: do_save_blob(Copy_field*) (field_conv.cc:310)
==12375==    by 0x7009D4: do_copy_null(Copy_field*) (field_conv.cc:218)
==12375==    by 0x5DA6C1: copy_fields(TMP_TABLE_PARAM*) (sql_select.cc:15632)
==12375==    by 0x79DDFF: Item_func_group_concat::add() (item_sum.cc:3139)
==12375==    by 0x7A5057: Aggregator_simple::add() (item_sum.h:625)
==12375==    by 0x607C55: Item_sum::aggregator_add() (item_sum.h:491)
==12375==    by 0x5DA3B2: update_sum_func(Item_sum**) (sql_select.cc:15980)
==12375==    by 0x5E4CA0: end_write_group(JOIN*, st_join_table*, bool) (sql_select.cc:12928)
==12375==    by 0x5E2461: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11707)
==12375==    by 0x5E26A0: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11588)
==12375==    by 0x5EB0C0: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11334)
==12375==    by 0x606314: JOIN::exec() (sql_select.cc:2107)
==12375==    by 0x601EEC: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2549)
==12375==    by 0x6075CC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:290)
==12375==    by 0x5B0953: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4882)
==12375==    by 0x5B19FF: mysql_execute_command(THD*) (sql_parse.cc:2329)
==12375==    by 0x5B9070: mysql_parse(THD*, char const*, unsigned int, Parser_state*) (sql_parse.cc:5911)
==12375==    by 0x5BA4F2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1135)
==12375==    by 0x5BBA30: do_command(THD*) (sql_parse.cc:807)
==12375==    by 0x689222: do_handle_one_connection(THD*) (sql_connect.cc:1196)
==12375==    by 0x6892E8: handle_one_connection (sql_connect.cc:1135)
==12375==    by 0x4E2E09D: start_thread (in /lib64/libpthread-2.5.so)
==12375==    by 0x5DB74CC: clone (in /lib64/libc-2.5.so)
==12375== 
==12375== Invalid read of size 1
==12375==    at 0x625FE1: String::append(String const&) (sql_string.cc:349)
==12375==    by 0x79DC7A: dump_leaf_key (item_sum.cc:2952)
==12375==    by 0xA05884: tree_walk_left_root_right (tree.c:541)
==12375==    by 0xA057B4: tree_walk (tree.c:529)
==12375==    by 0x79C551: Item_func_group_concat::val_str(String*) (item_sum.cc:3393)
==12375==    by 0x72EF8C: Item::save_in_field(Field*, bool) (item.cc:5417)
==12375==    by 0x5BC737: Item_result_field::save_in_result_field(bool) (item.h:2375)
==12375==    by 0x5DA317: copy_sum_funcs(Item_sum**, Item_sum**) (sql_select.cc:15952)
==12375==    by 0x5E4A69: end_write_group(JOIN*, st_join_table*, bool) (sql_select.cc:12892)
==12375==    by 0x5E2585: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11547)
==12375==    by 0x5EB0E4: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11336)
==12375==    by 0x606314: JOIN::exec() (sql_select.cc:2107)
==12375==    by 0x601EEC: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2549)
==12375==    by 0x6075CC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:290)
==12375==    by 0x5B0953: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4882)
==12375==    by 0x5B19FF: mysql_execute_command(THD*) (sql_parse.cc:2329)
==12375==    by 0x5B9070: mysql_parse(THD*, char const*, unsigned int, Parser_state*) (sql_parse.cc:5911)
==12375==    by 0x5BA4F2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1135)
==12375==    by 0x5BBA30: do_command(THD*) (sql_parse.cc:807)
==12375==    by 0x689222: do_handle_one_connection(THD*) (sql_connect.cc:1196)
==12375==    by 0x6892E8: handle_one_connection (sql_connect.cc:1135)
==12375==    by 0x4E2E09D: start_thread (in /lib64/libpthread-2.5.so)
==12375==    by 0x5DB74CC: clone (in /lib64/libc-2.5.so)
==12375==  Address 0x10a49178 is 40 bytes inside a block of size 60 free'd
==12375==    at 0x4C22B71: free (vg_replace_malloc.c:325)
==12375==    by 0x9FD81F: _myfree (safemalloc.c:326)
==12375==    by 0x527945: String::free() (sql_string.h:208)
==12375==    by 0x626130: String::real_alloc(unsigned int) (sql_string.cc:40)
==12375==    by 0x5315D5: String::alloc(unsigned int) (sql_string.h:217)
==12375==    by 0x6F4C58: Field_blob::store(char const*, unsigned int, charset_info_st*) (field.cc:7432)
==12375==    by 0x702C89: do_save_blob(Copy_field*) (field_conv.cc:310)
==12375==    by 0x7009D4: do_copy_null(Copy_field*) (field_conv.cc:218)
==12375==    by 0x5DA6C1: copy_fields(TMP_TABLE_PARAM*) (sql_select.cc:15632)
==12375==    by 0x79DDFF: Item_func_group_concat::add() (item_sum.cc:3139)
==12375==    by 0x7A5057: Aggregator_simple::add() (item_sum.h:625)
==12375==    by 0x607C55: Item_sum::aggregator_add() (item_sum.h:491)
==12375==    by 0x5DA3B2: update_sum_func(Item_sum**) (sql_select.cc:15980)
==12375==    by 0x5E4CA0: end_write_group(JOIN*, st_join_table*, bool) (sql_select.cc:12928)
==12375==    by 0x5E2461: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11707)
==12375==    by 0x5E26A0: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11588)
==12375==    by 0x5EB0C0: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11334)
==12375==    by 0x606314: JOIN::exec() (sql_select.cc:2107)
==12375==    by 0x601EEC: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2549)
==12375==    by 0x6075CC: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:290)
==12375==    by 0x5B0953: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4882)
==12375==    by 0x5B19FF: mysql_execute_command(THD*) (sql_parse.cc:2329)
==12375==    by 0x5B9070: mysql_parse(THD*, char const*, unsigned int, Parser_state*) (sql_parse.cc:5911)
==12375==    by 0x5BA4F2: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1135)
==12375==    by 0x5BBA30: do_command(THD*) (sql_parse.cc:807)
==12375==    by 0x689222: do_handle_one_connection(THD*) (sql_connect.cc:1196)
==12375==    by 0x6892E8: handle_one_connection (sql_connect.cc:1135)
==12375==    by 0x4E2E09D: start_thread (in /lib64/libpthread-2.5.so)
==12375==    by 0x5DB74CC: clone (in /lib64/libc-2.5.so)
==12375== 
100901  1:28:25 [Warning] Aborted connection 10 to db: 'test' user: 'root' host: '' (Got an error reading communication packets)