Crash in Expression_cache_tmptable::init with subquery_cache=on,in_to_exists=on

backtrace:

#4 0x00000000008f8131 in Expression_cache_tmptable::init (this=0x1e3a260) at sql_expression_cache.cc:77
#5 0x00000000008f8673 in Expression_cache_tmptable::check_value (this=0x1e3a260, value=0x41a301c0) at sql_expression_cache.cc:200
#6 0x000000000059556d in Item_cache_wrapper::check_cache (this=0x1e3a110) at item.cc:7036
#7 0x0000000000595938 in Item_cache_wrapper::val_bool (this=0x1e3a110) at item.cc:7209
#8 0x00000000005e60fc in Item_cond_or::val_int (this=0x1e38cd0) at item_cmpfunc.cc:4410
#9 0x0000000000729dd5 in evaluate_join_record (join=0x1e81eb0, join_tab=0x1e38638, error=0) at sql_select.cc:14969
#10 0x00000000007332c6 in sub_select (join=0x1e81eb0, join_tab=0x1e38638, end_of_records=false) at sql_select.cc:14874
#11 0x00000000007345fa in do_select (join=0x1e81eb0, fields=0x1db7910, table=0x0, procedure=0x0) at sql_select.cc:14539
#12 0x0000000000753d52 in JOIN::exec (this=0x1e81eb0) at sql_select.cc:2664
#13 0x000000000074dcaa in mysql_select (thd=0x1db4ed8, rref_pointer_array=0x1db7a28, tables=0x1dfbc00, wild_num=1, fields=..., conds=0x1dfd8a0, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x1e36da8, unit=0x1db7320, select_lex=0x1db7808)
    at sql_select.cc:2885
#14 0x0000000000754084 in handle_select (thd=0x1db4ed8, lex=0x1db7280, result=0x1e36da8, setup_tables_done_option=0) at sql_select.cc:283
#15 0x00000000006a1554 in execute_sqlcom_select (thd=0x1db4ed8, all_tables=0x1dfbc00) at sql_parse.cc:5082
#16 0x00000000006a3207 in mysql_execute_command (thd=0x1db4ed8) at sql_parse.cc:2227
#17 0x00000000006abf9f in mysql_parse (thd=0x1db4ed8,
    rawbuf=0x1dfb990 "SELECT *\nFROM t2, t3\nWHERE t2.f2 OR t3.f3 IN\n(\nSELECT t2.f2\nFROM t1\nWHERE t2.f1 OR t2.f3 )", length=90,
    found_semicolon=0x41a31f08) at sql_parse.cc:6083
#18 0x00000000006ace37 in dispatch_command (command=COM_QUERY, thd=0x1db4ed8, packet=0x1df2619 "", packet_length=90) at sql_parse.cc:1206
#19 0x00000000006ae449 in do_command (thd=0x1db4ed8) at sql_parse.cc:904
#20 0x0000000000698efb in handle_one_connection (arg=0x1db4ed8) at sql_connect.cc:1177
#21 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
#22 0x00000033b58d40cd in clone () from /lib64/libc.so.6

explain:

id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY t2 system NULL NULL NULL NULL 1
1 PRIMARY t3 ALL NULL NULL NULL NULL 2 Using where
2 DEPENDENT SUBQUERY t1 ALL NULL NULL NULL NULL 2 Using where

minimal optimizer_switch required to reproduce: subquery_cache=on,in_to_exists=on

full optimizer switch in effect: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=off,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=on,mrr_cost_based=off,mrr_sort_keys=on,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on

test case:

CREATE TABLE t1 ( f3 int) ;
INSERT INTO t1 VALUES (0),(0);

CREATE TABLE t3 ( f3 int) ;
INSERT INTO t3 VALUES (0),(0);

CREATE TABLE t2 ( f1 int, f2 int, f3 int) ;
INSERT INTO t2 VALUES (7,0,0);

SELECT *
FROM t2, t3
WHERE t2.f2 OR t3.f3 IN
(
SELECT t2.f2
FROM t1
WHERE t2.f1 OR t2.f3 );

bzr version-info:

revision-id: <email address hidden>
date: 2011-06-21 18:17:28 -0700
build-date: 2011-06-22 16:39:53 +0300
revno: 3054
branch-nick: maria-5.3