Merge moonlight.home:/home/tomash/src/mysql_ab/mysql-4.0

into  moonlight.home:/home/tomash/src/mysql_ab/mysql-4.0-bug23443

heap/hp_block.c

@@ -47,7 +47,7 @@ int _hp_get_new_block(HP_BLOCK *block, ulong *alloc_length)
       break;
 
   *alloc_length=sizeof(HP_PTRS)*i+block->records_in_block* block->recbuffer;
-  if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(0))))
+  if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(MY_WME))))
     return 1;
 
   if (i == 0)

heap/hp_write.c

@@ -66,13 +66,22 @@ int heap_write(HP_INFO *info, const byte *record)
   DBUG_RETURN(0);
 
 err:
-  DBUG_PRINT("info",("Duplicate key: %d",key));
+  if (my_errno == HA_ERR_FOUND_DUPP_KEY)
+    DBUG_PRINT("info",("Duplicate key: %d",key));
   info->errkey= key;
-  do
+  /*
+    Because 'key' is unsigned, we increase it before the loop, unless
+    we have to skip the key that wasn't inserted yet due to OOM.  In
+    the loop we test 'key' before decreasing it as the protection
+    against value wraparound.
+  */
+  if (my_errno != ENOMEM)
+    key++;
+  while (key-- > 0)
   {
     if (_hp_delete_key(info,share->keydef+key,record,pos,0))
       break;
-  } while (key-- > 0);
+  }
 
   share->deleted++;
   *((byte**) pos)=share->del_link;

sql/item_func.cc

@@ -1892,8 +1892,9 @@ bool Item_func_set_user_var::update_hash(const void *ptr, uint length,
 	char *pos= (char*) entry+ ALIGN_SIZE(sizeof(user_var_entry));
 	if (entry->value == pos)
 	  entry->value=0;
-	if (!(entry->value=(char*) my_realloc(entry->value, length,
-					      MYF(MY_ALLOW_ZERO_PTR))))
+        entry->value= (char*) my_realloc(entry->value, length,
+                                         MYF(MY_ALLOW_ZERO_PTR | MY_WME));
+        if (!entry->value)
 	  goto err;
       }
     }