Created attachment 438934 [details, diff] fix use after free DBD-mysql 4.33.0 has been out for a while. I also will attach a patch to this bug fixing a use after free bug. This has been applied upstream, but they've been slow rolling out a new release, therefore maybe we should backport this.
Upstream released 4.035 (4.35.0 in gentoo's versioning scheme), this makes the patch obsolete. Please bump to that version.
commit e3e3fa8bf0a23417959541cb54c1b098f4067e26 Author: Kent Fredric <kentnl@gentoo.org> Date: Mon Oct 3 03:49:32 2016 +1300 dev-perl/DBD-mysql: Bump to version 4.36.0 re bug #589818 & bug #587206 - EAPI6 - Bad tests pruned - USE="ssl" added - DESCRIPTION updated. Note: - USE="ssl" is only partial because there's no straight-forward way to ensure that the client library ( which is hidden behind virtual/mysql ) itself has ssl support. If the backend does not have ssl support, it will be silently disabled! Upstream: - Compatibility fixes for older MySQL versions - use-after-free fixes - Fixed memory leak in sth->{ParamValues} - SSL support turned on by default (implemented via libmysqlclient) - Check errors after calling mysql_affected_rows - Tests fixed on bigendian systems