Crash in hp_allocate_variable_chunkset() in mysql-55-eb

When executing a RQG workload, mysqld under valgrind crashed as follows:

#4 0x0000000000967062 in hp_allocate_variable_chunkset (info=0x15dc0ca0, chunk_count=7, existing_set=0x1ae051e0 "")
    at /home/philips/bzr/mysql-55-eb/storage/heap/hp_dspace.c:213
#5 0x0000000000967342 in hp_reallocate_chunkset (info=0x15dc0ca0, chunk_count=7, pos=0x1ae051e0 "")
    at /home/philips/bzr/mysql-55-eb/storage/heap/hp_dspace.c:353
#6 0x00000000009682af in heap_update (info=0xf77f390, old_record=0x15ce2bc0 "", new_record=0x15ce1690 "")
    at /home/philips/bzr/mysql-55-eb/storage/heap/hp_update.c:43
#7 0x00000000009605c5 in ha_heap::update_row (this=0x1559dfd0, old_data=0x15ce2bc0 "", new_data=0x15ce1690 "")
    at /home/philips/bzr/mysql-55-eb/storage/heap/ha_heap.cc:259
#8 0x000000000076915d in handler::ha_update_row (this=0x1559dfd0, old_data=0x15ce2bc0 "", new_data=0x15ce1690 "")
    at /home/philips/bzr/mysql-55-eb/sql/handler.cc:4806
#9 0x0000000000695009 in mysql_update (thd=0x15b4b120, table_list=0x154e5970, fields=..., values=..., conds=0x1582cd98, order_num=0, order=0x0,
    limit=18446744073709551554, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x1a4b9cd0, updated_return=0x1a4b9cc8)
    at /home/philips/bzr/mysql-55-eb/sql/sql_update.cc:713
#10 0x00000000005f6f18 in mysql_execute_command (thd=0x15b4b120) at /home/philips/bzr/mysql-55-eb/sql/sql_parse.cc:2662
#11 0x00000000005fed7b in mysql_parse (thd=0x15b4b120,
    rawbuf=0x154e4cc0 "UPDATE local_19_1 SET f2 = LOAD_FILE('/home/philips/bzr/randgen-heap/data/earth1886kb.jpg') WHERE f5 NOT IN ( 7 , 'xwvtwpqaraydbiwianaurdtfafubwwiiykiezvuwdjotlreatijapnzwiznrcdsiygtjbezycfxkoucplapxd"..., length=1530, parser_state=0x1a4ba630)
    at /home/philips/bzr/mysql-55-eb/sql/sql_parse.cc:5503
#12 0x00000000005f2cf5 in dispatch_command (command=COM_QUERY, thd=0x15b4b120,
    packet=0x1557f5a1 "UPDATE local_19_1 SET f2 = LOAD_FILE('/home/philips/bzr/randgen-heap/data/earth1886kb.jpg') WHERE f5 NOT IN ( 7 , 'xwvtwpqaraydbiwianaurdtfafubwwiiykiezvuwdjotlreatijapnzwiznrcdsiygtjbezycfxkoucplapxd"..., packet_length=1530) at /home/philips/bzr/mysql-55-eb/sql/sql_parse.cc:1034
#13 0x00000000005f1f52 in do_command (thd=0x15b4b120) at /home/philips/bzr/mysql-55-eb/sql/sql_parse.cc:771
#14 0x00000000006d7beb in do_handle_one_connection (thd_arg=0x15b4b120) at /home/philips/bzr/mysql-55-eb/sql/sql_connect.cc:776
#15 0x00000000006d7832 in handle_one_connection (arg=0x15b4b120) at /home/philips/bzr/mysql-55-eb/sql/sql_connect.cc:724
#16 0x00000035a7207761 in start_thread () from /lib64/libpthread.so.0
#17 0x00000035a6ee098d in clone () from /lib64/libc.so.6

valgrind report:

==13299== Thread 36:
==13299== Invalid read of size 8
==13299== at 0x967062: hp_allocate_variable_chunkset (hp_dspace.c:213)
==13299== by 0x967341: hp_reallocate_chunkset (hp_dspace.c:353)
==13299== by 0x9682AE: heap_update (hp_update.c:43)
==13299== by 0x9605C4: ha_heap::update_row(unsigned char const*, unsigned char*) (ha_heap.cc:259)
==13299== by 0x76915C: handler::ha_update_row(unsigned char const*, unsigned char*) (handler.cc:4806)
==13299== by 0x695008: mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool,
 unsigned long long*, unsigned long long*) (sql_update.cc:713)
==13299== by 0x5F6F17: mysql_execute_command(THD*) (sql_parse.cc:2662)
==13299== by 0x5FED7A: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==13299== by 0x5F2CF4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==13299== by 0x5F1F51: do_command(THD*) (sql_parse.cc:771)
==13299== by 0x6D7BEA: do_handle_one_connection(THD*) (sql_connect.cc:776)
==13299== by 0x6D7831: handle_one_connection (sql_connect.cc:724)
==13299== by 0x35A7207760: start_thread (in /lib64/libpthread-2.12.2.so)
==13299== by 0x1A4BB6FF: ???
==13299== Address 0x101010101010301 is not stack'd, malloc'd or (recently) free'd