Server crashes in handle_select / val_uint in ORACLE mode

--source include/have_innodb.inc

DROP TABLE IF EXISTS t;

DROP FUNCTION IF EXISTS f;

SET sql_mode='ORACLE';

CREATE TABLE t (id INT) ENGINE=InnoDB;

--delimiter $$

CREATE FUNCTION f() RETURN INT

is

  v1 INT;

  v2 INT;

BEGIN

  FOR v1 in (select id from t)

  loop

    select 1 into v2;

  end loop;

  RETURN 1;

END $$

--delimiter ;

select f();

#3  <signal handler called>

#4  0x0000556acb95a9d0 in Item::val_uint (this=0x0) at /data/src/10.3/sql/item.h:947

#5  0x0000556acb9a9a52 in handle_select (thd=0x7fd130000b00, lex=0x7fd130004730, result=0x7fd1300168e0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:395

#6  0x0000556acb974e05 in execute_sqlcom_select (thd=0x7fd130000b00, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6468

#7  0x0000556acb96b6ac in mysql_execute_command (thd=0x7fd130000b00) at /data/src/10.3/sql/sql_parse.cc:3740

#8  0x0000556acb97871e in mysql_parse (thd=0x7fd130000b00, rawbuf=0x7fd130014a68 "select f()", length=10, parser_state=0x7fd17c34b610, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7922

#9  0x0000556acb9661f4 in dispatch_command (command=COM_QUERY, thd=0x7fd130000b00, packet=0x7fd13008f8b1 "", packet_length=10, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1828

#10 0x0000556acb964c15 in do_command (thd=0x7fd130000b00) at /data/src/10.3/sql/sql_parse.cc:1370

#11 0x0000556acbabc0ca in do_handle_one_connection (connect=0x556acef16290) at /data/src/10.3/sql/sql_connect.cc:1418

#12 0x0000556acbabbe57 in handle_one_connection (arg=0x556acef16290) at /data/src/10.3/sql/sql_connect.cc:1324

#13 0x0000556acbf3cbdc in pfs_spawn_thread (arg=0x556acef1e950) at /data/src/10.3/storage/perfschema/pfs.cc:1863

#14 0x00007fd184bf9494 in start_thread (arg=0x7fd17c34c700) at pthread_create.c:333

#15 0x00007fd182fdf93f in clone () from /lib/x86_64-linux-gnu/libc.so.6