Crash in wkb_get_double with ST_INTERSECTION in maria-5.3-gis

backtrace:

# 2011-07-01T15:31:52 #4 <signal handler called>
# 2011-07-01T15:31:52 #5 0x0848199f in wkb_get_double (ptr=0xb6ce9000 <Address 0xb6ce9000 out of bounds>, bo=Geometry::wkb_ndr) at spatial.cc:211
# 2011-07-01T15:31:52 #6 0x084820dc in Gis_point::init_from_wkb (this=0x91488b14, wkb=0xb6ce9000 <Address 0xb6ce9000 out of bounds>, len=16, bo=Geometry::wkb_ndr, res=0x91488c60)
# 2011-07-01T15:31:52 at spatial.cc:458
# 2011-07-01T15:31:52 #7 0x08482e65 in Gis_polygon::init_from_opresult (this=0x91488b64, bin=0x91488c60, opres=0xb6ce9000 <Address 0xb6ce9000 out of bounds>, res_len=56)
# 2011-07-01T15:31:52 at spatial.cc:825
# 2011-07-01T15:31:52 #8 0x08485306 in Gis_multi_polygon::init_from_opresult (this=0x91488bfc, bin=0x91488c60, opres=0xb6c112d8 "", res_len=56) at spatial.cc:1768
# 2011-07-01T15:31:52 #9 0x08481c35 in Geometry::create_from_opresult (g_buf=0x91488bfc, res=0x91488c60, rr=...) at spatial.cc:278
# 2011-07-01T15:31:52 #10 0x0825bf68 in Item_func_spatial_operation::val_str (this=0xb6c0bf00, str_value=0x91488c60) at item_geofunc.cc:1038
# 2011-07-01T15:31:52 #11 0x082593e3 in Item_func_as_wkt::val_str (this=0xb6c0c240, str=0x91489060) at item_geofunc.cc:123
# 2011-07-01T15:31:52 #12 0x081db7d1 in Item::send (this=0xb6c0c240, protocol=0xb99a984, buffer=0x91489060) at item.cc:5905
# 2011-07-01T15:31:52 #13 0x08288eb8 in select_send::send_data (this=0xb6c0c438, items=...) at sql_class.cc:1919
# 2011-07-01T15:31:52 #14 0x08325d08 in JOIN::exec (this=0xb6c18348) at sql_select.cc:2069
# 2011-07-01T15:31:52 #15 0x08328724 in mysql_select (thd=0xb99a658, rref_pointer_array=0xb99c170, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0,
# 2011-07-01T15:31:52 having=0x0, proc_param=0x0, select_options=2147764736, result=0xb6c0c438, unit=0xb99bd74, select_lex=0xb99c050) at sql_select.cc:2885
# 2011-07-01T15:31:52 #16 0x083205ef in handle_select (thd=0xb99a658, lex=0xb99bd18, result=0xb6c0c438, setup_tables_done_option=0) at sql_select.cc:283
# 2011-07-01T15:31:52 #17 0x082bbd1f in execute_sqlcom_select (thd=0xb99a658, all_tables=0x0) at sql_parse.cc:5082
# 2011-07-01T15:31:52 #18 0x082b2b23 in mysql_execute_command (thd=0xb99a658) at sql_parse.cc:2227
# 2011-07-01T15:31:52 #19 0x082be35b in mysql_parse (thd=0xb99a658,
# 2011-07-01T15:31:52 rawbuf=0xb6c0b0e0 "SELECT ASTEXT( ST_INTERSECTION( MULTIPOLYGONFROMTEXT(' MULTIPOLYGON( ( ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) , ( (0 5, 3 5, 3 0, 0 0, 0 1, 2 1, 2 2, 0 2, 0 5), ( 1 3 , 2 3 , 2 4 , 1 4, 1 3) ) , ( ( 2 2 , 5 2 , 4 4 , 2 8 , 2 2 ) ) ) ') , MULTIPOLYGONFROMTEXT(' MULTIPOLYGON( ( (3 5, 2 4, 2 5, 3 5) ) , ( ( 2 2 , 9 2 , 0 2 , 2 6 , 2 2 ) ) , ( ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) , ( ( 9 9 , 6 8 , 7 0 , 9 9 ) ) ) ') ) )", length=482, found_semicolon=0x9148a228) at sql_parse.cc:6083
# 2011-07-01T15:31:52 #20 0x082b07bf in dispatch_command (command=COM_QUERY, thd=0xb99a658, packet=0xb99cb99 "", packet_length=482) at sql_parse.cc:1206
# 2011-07-01T15:31:52 #21 0x082afc45 in do_command (thd=0xb99a658) at sql_parse.cc:904
# 2011-07-01T15:31:52 #22 0x082accc0 in handle_one_connection (arg=0xb99a658) at sql_connect.cc:1177
# 2011-07-01T15:31:52 #23 0x00821919 in start_thread () from /lib/libpthread.so.0
# 2011-07-01T15:31:52 #24 0x0076acce in clone () from /lib/libc.so.6

test case:

SELECT ASTEXT( ST_INTERSECTION( MULTIPOLYGONFROMTEXT(' MULTIPOLYGON( ( ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) , ( (0 5, 3 5, 3 0, 0 0, 0 1, 2 1, 2 2, 0 2, 0 5), ( 1 3 , 2 3 , 2 4 , 1 4, 1 3) ) , ( ( 2 2 , 5 2 , 4 4 , 2 8 , 2 2 ) ) ) ') , MULTIPOLYGONFROMTEXT(' MULTIPOLYGON( ( (3 5, 2 4, 2 5, 3 5) ) , ( ( 2 2 , 9 2 , 0 2 , 2 6 , 2 2 ) ) , ( ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) , ( ( 9 9 , 6 8 , 7 0 , 9 9 ) ) ) ') ) )