BUG#12558519: RPL_TYPECONV PRODUCES VALGRIND STACK

In RBR and in case of converting blob fields, the space allocated
while unpacking into the conversion field was not freed after
copying from it into the real field.

We fix this by freeing the conversion field when the conversion
table is not needed anymore (on close_tables_to_lock).

sql/log_event.cc

@@ -8441,6 +8441,7 @@ int Table_map_log_event::do_apply_event(Relay_log_info const *rli)
                 m_field_metadata, m_field_metadata_size,
                 m_null_bits, m_flags);
     table_list->m_tabledef_valid= TRUE;
+    table_list->m_conv_table= NULL;
     table_list->open_type= OT_BASE_ONLY;
 
     /*

sql/rpl_rli.cc

@@ -1254,6 +1254,16 @@ void Relay_log_info::clear_tables_to_lock()
       tables_to_lock->m_tabledef.table_def::~table_def();
       tables_to_lock->m_tabledef_valid= FALSE;
     }
+
+    /*
+      If blob fields were used during conversion of field values 
+      from the master table into the slave table, then we need to 
+      free the memory used temporarily to store their values before
+      copying into the slave's table.
+    */
+    if (tables_to_lock->m_conv_table)
+      free_blobs(tables_to_lock->m_conv_table);
+
     tables_to_lock=
       static_cast<RPL_TABLE_LIST*>(tables_to_lock->next_global);
     tables_to_lock_count--;

sql/table.cc

@@ -2188,7 +2188,15 @@ void free_blobs(register TABLE *table)
   for (ptr= table->s->blob_field, end=ptr + table->s->blob_fields ;
        ptr != end ;
        ptr++)
-    ((Field_blob*) table->field[*ptr])->free();
+  {
+    /*
+      Reduced TABLE objects which are used by row-based replication for
+      type conversion might have some fields missing. Skip freeing BLOB
+      buffers for such missing fields.
+    */
+    if (table->field[*ptr])
+      ((Field_blob*) table->field[*ptr])->free();
+  }
 }