From:Georgi Kodinov Date:February 4 2010
Bug#45989
#At file:///home/kgeorge/mysql/work/B45989-take2-5.1-bugteam/ based on revid:joro@stripped

 3359 Georgi Kodinov	2010-02-04
      Addendum to the fix for bug #45989
      Need to make sure the tmp join doesn't point to the structure already 
      freed by the cleanup() for the "base" join, as this can lead to 
      double free, because sometimes both tmp_join and join point to the 
      same tmp_table_params.copy_field array.

=== modified file 'sql/'
--- a/sql/	2010-02-02 16:30:23 +0000
+++ b/sql/	2010-02-04 16:51:55 +0000
@@ -2319,7 +2319,7 @@ JOIN::destroy()
       anywhere else (as we need to keep the join is reusable).
-    tmp_table_param.copy_field= 0;
+    tmp_table_param.copy_field= tmp_join->tmp_table_param.copy_field= 0;
   cond_equal= 0;

