Fixed bug#33764: Wrong result with IN(), CONCAT() and implicit

                 type conversion.

Instead of copying of whole character string from a temporary
buffer, the server copied a short-living pointer to that string
into a long-living structure. That has been fixed.

mysql-test/r/select.result

@@ -4328,4 +4328,10 @@ SELECT * FROM t1 WHERE c1 > NULL + 1;
 c1
 DROP TABLE t1;
 
+CREATE TABLE t1 (a VARCHAR(10) NOT NULL PRIMARY KEY);
+INSERT INTO t1 (a) VALUES ('foo0'), ('bar0'), ('baz0');
+SELECT * FROM t1 WHERE a IN (CONCAT('foo', 0), 'bar');
+a
+foo0
+DROP TABLE t1;
 End of 5.0 tests

mysql-test/t/select.test

@@ -3672,4 +3672,15 @@ DROP TABLE t1;
 
 --echo
 
+###########################################################################
+
+#
+# Bug #33764: Wrong result with IN(), CONCAT() and implicit type conversion
+#
+
+CREATE TABLE t1 (a VARCHAR(10) NOT NULL PRIMARY KEY);
+INSERT INTO t1 (a) VALUES ('foo0'), ('bar0'), ('baz0');
+SELECT * FROM t1 WHERE a IN (CONCAT('foo', 0), 'bar');
+DROP TABLE t1;
+
 --echo End of 5.0 tests

sql/item_cmpfunc.cc

@@ -2995,7 +2995,10 @@ void in_string::set(uint pos,Item *item)
   {
     if (res->uses_buffer_owned_by(str))
       res->copy();
-    *str= *res;
+    if (item->type() == Item::FUNC_ITEM)
+      str->copy(*res);
+    else
+      *str= *res;
   }
   if (!str->charset())
   {