SIGSEGV in my_decimal::operator= and Assertion `0' failed in Item_type_holder::val_decimal on SELECT

CREATE TABLE c(c INT UNIQUE) ENGINE=InnoDB;

INSERT INTO c(c)VALUES (1);

UPDATE c SET c=0 WHERE(SELECT c,c WHERE c<0 INTERSECT SELECT + 1 / + 1,c FROM c WHERE c>-0  + 1)IN (SELECT c,c);

Core was generated by `/test/MD310522-mariadb-10.9.2-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  my_decimal::operator= (rhs=..., this=0x155110048a38)

    at /test/10.9_opt/sql/my_decimal.h:353

[Current thread is 1 (Thread 0x15513c0c3700 (LWP 2572129))]

(gdb) bt

#0  my_decimal::operator= (rhs=<error reading variable>, this=0x155110048a38) at /test/10.9_opt/sql/my_decimal.h:353

#1  my_decimal2decimal (to=0x155110048a38, from=0x0) at /test/10.9_opt/sql/my_decimal.h:353

#2  Item_cache_decimal::cache_value (this=0x1551100489a0) at /test/10.9_opt/sql/item.cc:10404

#3  Item_cache::has_value (this=0x1551100489a0) at /test/10.9_opt/sql/item.h:7080

#4  Item_cache_decimal::val_decimal (this=0x1551100489a0, val=<optimized out>) at /test/10.9_opt/sql/item.cc:10426

#5  0x000056051692281f in VDec::VDec (this=0x15513c0c1750, item=<optimized out>) at /test/10.9_opt/sql/sql_type.cc:301

#6  0x00005605169f1dd3 in Item::save_decimal_in_field (this=<optimized out>, field=0x155110057158, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6816

#7  0x00005605169e1c57 in Item::save_in_field (this=0x1551100489a0, field=0x155110057158, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6836

#8  0x0000560516802f16 in store_key_item::copy_inner (this=0x155110057120) at /test/10.9_opt/sql/sql_select.h:1969

#9  0x00005605167e9ac4 in store_key::copy (thd=0x155110000c58, this=<optimized out>) at /test/10.9_opt/sql/sql_select.h:1863

#10 cp_buffer_from_ref (thd=thd@entry=0x155110000c58, table=table@entry=0x155110058460, ref=ref@entry=0x155110056760) at /test/10.9_opt/sql/sql_select.cc:24921

#11 0x00005605167ea482 in cmp_buffer_with_ref (tab_ref=0x155110056760, table=0x155110058460, thd=0x155110000c58) at /test/10.9_opt/sql/sql_select.cc:24903

#12 join_read_key2 (thd=0x155110000c58, tab=0x0, table=0x155110058460, table_ref=0x155110056760) at /test/10.9_opt/sql/sql_select.cc:21855

#13 0x00005605168eca76 in Expression_cache_tmptable::check_value (this=0x1551100566a0, value=0x15513c0c18c8) at /test/10.9_opt/sql/sql_expression_cache.cc:223

#14 0x00005605169f617c in Item_cache_wrapper::check_cache (this=this@entry=0x155110056560) at /test/10.9_opt/sql/item.cc:8850

#15 0x00005605169f62fe in Item_cache_wrapper::val_int (this=0x155110056560) at /test/10.9_opt/sql/item.cc:8913

#16 0x00005605167c2dc1 in evaluate_join_record (join=join@entry=0x1551100468c0, join_tab=join_tab@entry=0x15511004f910, error=<optimized out>) at /test/10.9_opt/sql/sql_select.cc:21289

#17 0x00005605167d5cdb in sub_select (end_of_records=false, join_tab=0x15511004f910, join=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:21191

#18 sub_select (join=0x1551100468c0, join_tab=0x15511004f910, end_of_records=false) at /test/10.9_opt/sql/sql_select.cc:21120

#19 0x00005605168024a1 in do_select (procedure=<optimized out>, join=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:20736

#20 JOIN::exec_inner (this=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:4786

#21 0x0000560516802868 in JOIN::exec (this=this@entry=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:4564

#22 0x0000560516800a71 in mysql_select (thd=thd@entry=0x155110000c58, tables=tables@entry=0x155110010880, fields=@0x15513c0c1e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x56051780e5d0 <end_of_list>, last = 0x15513c0c1e80, elements = 0}, <No data fields>}, conds=conds@entry=0x1551100144c0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1551100467b0, unit=0x155110004cb8, select_lex=0x1551100054b8) at /test/10.9_opt/sql/sql_select.cc:5044

#23 0x0000560516861265 in mysql_multi_update (thd=thd@entry=0x155110000c58, table_list=0x155110010880, fields=fields@entry=0x155110005758, values=values@entry=0x155110005b88, conds=0x1551100144c0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x155110004cb8, select_lex=0x1551100054b8, result=0x15513c0c2070) at /test/10.9_opt/sql/sql_update.cc:1976

#24 0x0000560516790d1b in mysql_execute_command (thd=0x155110000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:4486

#25 0x000056051677f9e5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x155110000c58) at /test/10.9_opt/sql/sql_parse.cc:8036

#26 mysql_parse (thd=0x155110000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7958

#27 0x000056051678b4fa in dispatch_command (command=COM_QUERY, thd=0x155110000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364

#28 0x000056051678d422 in do_command (thd=0x155110000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1407

#29 0x00005605168a369f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x560519ccbcb8, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418

#30 0x00005605168a397d in handle_one_connection (arg=0x560519ccbcb8) at /test/10.9_opt/sql/sql_connect.cc:1312

#31 0x0000155168b79609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#32 0x0000155168765133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

mysqld: /test/10.10_dbg/sql/item.cc:10687: virtual my_decimal* Item_type_holder::val_decimal(my_decimal*): Assertion `0' failed.

Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.

Program terminated with signal SIGABRT, Aborted.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

[Current thread is 1 (Thread 0x14f82c0c4700 (LWP 857303))]

(gdb) bt

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

#1  0x000014f844a38859 in __GI_abort () at abort.c:79

#2  0x000014f844a38729 in __assert_fail_base (fmt=0x14f844bce588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5590e6862b3e "0", file=0x5590e6848120 "/test/10.10_dbg/sql/item.cc", line=10687, function=<optimized out>) at assert.c:92

#3  0x000014f844a49fd6 in __GI___assert_fail (assertion=assertion@entry=0x5590e6862b3e "0", file=file@entry=0x5590e6848120 "/test/10.10_dbg/sql/item.cc", line=line@entry=10687, function=function@entry=0x5590e68487f0 "virtual my_decimal* Item_type_holder::val_decimal(my_decimal*)") at assert.c:101

#4  0x00005590e5dc359b in Item_type_holder::val_decimal (this=<optimized out>) at /test/10.10_dbg/sql/item.cc:10687

#5  0x00005590e5997eed in Item::val_decimal_result (this=<optimized out>, val=<optimized out>) at /test/10.10_dbg/sql/item.h:1782

#6  0x00005590e5dc2939 in Item_cache_decimal::cache_value (this=0x14f7f8070008) at /test/10.10_dbg/sql/item.cc:10401

#7  0x00005590e5dc29d0 in Item_cache::has_value (this=0x14f7f8070008) at /test/10.10_dbg/sql/item.h:7080

#8  Item_cache_decimal::val_decimal (this=0x14f7f8070008, val=<optimized out>) at /test/10.10_dbg/sql/item.cc:10426

#9  0x00005590e5cc8cce in VDec::VDec (this=0x14f82c0c26d0, item=0x14f7f8070008) at /test/10.10_dbg/sql/sql_type.cc:301

#10 0x00005590e5ddb066 in Item::save_decimal_in_field (this=<optimized out>, field=0x14f7f807e768, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6816

#11 0x00005590e5cba628 in Type_handler_decimal_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:4352

#12 0x00005590e5dc18d3 in Item::save_in_field (this=0x14f7f8070008, field=0x14f7f807e768, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6836

#13 0x00005590e5997c83 in Item::save_org_in_field (this=<optimized out>, field=<optimized out>, data=<optimized out>) at /test/10.10_dbg/sql/item.h:1220

#14 0x00005590e5997e50 in Item::save_val (this=<optimized out>, to=<optimized out>) at /test/10.10_dbg/sql/item.h:1705

#15 0x00005590e5b51cce in store_key_item::copy_inner (this=0x14f7f807e730) at /test/10.10_dbg/sql/sql_select.h:1969

#16 0x00005590e5b33640 in store_key::copy (thd=0x14f7f8000db8, this=<optimized out>) at /test/10.10_dbg/sql/sql_select.h:1863

#17 cp_buffer_from_ref (thd=thd@entry=0x14f7f8000db8, table=table@entry=0x14f7f807f830, ref=ref@entry=0x14f7f807dd68) at /test/10.10_dbg/sql/sql_select.cc:24921

#18 0x00005590e5b3412c in cmp_buffer_with_ref (tab_ref=0x14f7f807dd68, table=0x14f7f807f830, thd=0x14f7f8000db8) at /test/10.10_dbg/sql/sql_select.cc:24903

#19 join_read_key2 (thd=0x14f7f8000db8, tab=tab@entry=0x0, table=0x14f7f807f830, table_ref=table_ref@entry=0x14f7f807dd68) at /test/10.10_dbg/sql/sql_select.cc:21855

#20 0x00005590e5c88e2a in Expression_cache_tmptable::check_value (this=0x14f7f807dca8, value=0x14f82c0c2898) at /test/10.10_dbg/sql/sql_expression_cache.cc:223

#21 0x00005590e5ddfbf4 in Item_cache_wrapper::check_cache (this=this@entry=0x14f7f807db68) at /test/10.10_dbg/sql/item.cc:8850

#22 0x00005590e5ddfcde in Item_cache_wrapper::val_int (this=0x14f7f807db68) at /test/10.10_dbg/sql/item.cc:8913

#23 0x00005590e5b07d76 in evaluate_join_record (join=join@entry=0x14f7f806df28, join_tab=join_tab@entry=0x14f7f8076af0, error=error@entry=0) at /test/10.10_dbg/sql/sql_select.cc:21289

#24 0x00005590e5b1d999 in sub_select (join=0x14f7f806df28, join_tab=0x14f7f8076af0, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21191

#25 0x00005590e5b5127b in do_select (procedure=<optimized out>, join=0x14f7f806df28) at /test/10.10_dbg/sql/sql_select.cc:20736

#26 JOIN::exec_inner (this=this@entry=0x14f7f806df28) at /test/10.10_dbg/sql/sql_select.cc:4786

#27 0x00005590e5b51814 in JOIN::exec (this=this@entry=0x14f7f806df28) at /test/10.10_dbg/sql/sql_select.cc:4564

#28 0x00005590e5b4f598 in mysql_select (thd=thd@entry=0x14f7f8000db8, tables=tables@entry=0x14f7f8013db0, fields=@0x14f82c0c2e50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5590e6f9ea00 <end_of_list>, last = 0x14f82c0c2e50, elements = 0}, <No data fields>}, conds=conds@entry=0x14f7f80179f0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14f7f806de18, unit=0x14f7f8004fd8, select_lex=0x14f7f80057d8) at /test/10.10_dbg/sql/sql_select.cc:5044

#29 0x00005590e5bc8e7f in mysql_multi_update (thd=thd@entry=0x14f7f8000db8, table_list=0x14f7f8013db0, fields=fields@entry=0x14f7f8005a78, values=values@entry=0x14f7f8005ea8, conds=0x14f7f80179f0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14f7f8004fd8, select_lex=0x14f7f80057d8, result=0x14f82c0c3030) at /test/10.10_dbg/sql/sql_update.cc:1976

#30 0x00005590e5ac94f5 in mysql_execute_command (thd=thd@entry=0x14f7f8000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4486

#31 0x00005590e5ab5e3a in mysql_parse (thd=thd@entry=0x14f7f8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14f82c0c3470) at /test/10.10_dbg/sql/sql_parse.cc:8036

#32 0x00005590e5ac3422 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14f7f8000db8, packet=packet@entry=0x14f7f800b6d9 "UPDATE c SET c=0 WHERE(SELECT c,c WHERE c<0 INTERSECT SELECT + 1 / + 1,c FROM c WHERE c>-0  + 1)IN (SELECT c,c)", packet_length=packet_length@entry=111, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364

#33 0x00005590e5ac5b2c in do_command (thd=0x14f7f8000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407

#34 0x00005590e5c253c0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5590e85f4b28, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418

#35 0x00005590e5c258c9 in handle_one_connection (arg=0x5590e85f4b28) at /test/10.10_dbg/sql/sql_connect.cc:1312

#36 0x000014f844f49609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#37 0x000014f844b35133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95