Query with window function crashes with --ps-protocol

create table t1(a int, b int, x char(32));

insert into t1 values (2, 10, 'xx');

insert into t1 values (2, 10, 'zz');

insert into t1 values (2, 20, 'yy');

insert into t1 values (3, 10, 'xxx');

insert into t1 values (3, 20, 'vvv');

prepare s from 'select a, row_number() over (partition by a order by b) from t1';

execute s;

  Program received signal SIGSEGV, Segmentation fault.

  [Switching to Thread 0x7ffff4302700 (LWP 20042)]

  0x0000555555c1f752 in setup_windows (thd=0x55555aafeaf0, ref_pointer_array=..., tables=0x7fff5400e3a0, fields=..., all_fields=..., win_specs=...) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_window.cc:97

(gdb) wher

  #0  0x0000555555c1f752 in setup_windows (thd=0x55555aafeaf0, ref_pointer_array=..., tables=0x7fff5400e3a0, fields=..., all_fields=..., win_specs=...) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_window.cc:97

  #1  0x0000555555ab5311 in setup_without_group (thd=0x55555aafeaf0, ref_pointer_array=..., tables=0x7fff5400e3a0, leaves=..., fields=..., all_fields=..., conds=0x7fff54005848, order=0x0, group=0x0, win_specs=..., hidden_group_fields=0x7fff54005727, reserved=0x7fff5400d1f4) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_select.cc:659

  #2  0x0000555555ab5a3d in JOIN::prepare (this=0x7fff54005448, tables_init=0x7fff5400e3a0, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff5400cf58, unit_arg=0x7fff5400c868) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_select.cc:802

  #3  0x0000555555abe280 in mysql_select (thd=0x55555aafeaf0, tables=0x7fff5400e3a0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7fff5400e998, unit=0x7fff5400c868, select_lex=0x7fff5400cf58) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_select.cc:3415

  #4  0x0000555555ab4827 in handle_select (thd=0x55555aafeaf0, lex=0x7fff5400c7a0, result=0x7fff5400e998, setup_tables_done_option=0) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_select.cc:376

  #5  0x0000555555a850ba in execute_sqlcom_select (thd=0x55555aafeaf0, all_tables=0x7fff5400e3a0) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_parse.cc:5902

  #6  0x0000555555a7af80 in mysql_execute_command (thd=0x55555aafeaf0) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_parse.cc:2961

  #7  0x0000555555aa270a in Prepared_statement::execute (this=0x7fff5400c380, expanded_query=0x7ffff4300560, open_cursor=false) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_prepare.cc:4009

  #8  0x0000555555aa15ee in Prepared_statement::execute_loop (this=0x7fff5400c380, expanded_query=0x7ffff4300560, open_cursor=false, packet=0x0, packet_end=0x0) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_prepare.cc:3641

  #9  0x0000555555a9f721 in mysql_sql_stmt_execute (thd=0x55555aafeaf0) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_prepare.cc:2773

  #10 0x0000555555a7afb1 in mysql_execute_command (thd=0x55555aafeaf0) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_parse.cc:2972

  #11 0x0000555555a88722 in mysql_parse (thd=0x55555aafeaf0, rawbuf=0x7fff54005258 "execute s", length=9, parser_state=0x7ffff4301100) at /home/psergey/dev-git/10.2-window-funcs-r10/sql/sql_parse.cc:7302

(gdb) print win_spec

  $83 = (Window_spec *) 0x8f8f8f8f8f8f8f8f