MDEV-4272 fix.

Incorrect NULL value handling in Item_func_conv_charset fixed.

mysql-test/r/func_str.result

@@ -2864,9 +2864,6 @@ sha1('P'),
 Warnings:
 Warning	1292	Truncated incorrect DECIMAL value: '[.DC2.]'
 SET @@global.max_allowed_packet:= @tmp_max;
-#
-# End of 5.5 tests
-#
 SELECT @tmp_max:= @@global.max_allowed_packet;
 @tmp_max:= @@global.max_allowed_packet
 1048576
@@ -2880,3 +2877,15 @@ NULL
 Warnings:
 Warning	1301	Result of repeat() was larger than max_allowed_packet (1048576) - truncated
 SET @@global.max_allowed_packet:= @tmp_max;
+#
+# MDEV-4272: DIV operator crashes in Item_func_int_div::val_int
+# (incorrect NULL value handling by convert)
+#
+create table t1(a int) select null;
+select 1 div convert(a using utf8) from t1;
+1 div convert(a using utf8)
+NULL
+drop table t1;
+#
+# End of 5.5 tests
+#

mysql-test/t/func_str.test

@@ -1502,11 +1502,6 @@ round(
 --connection default
 SET @@global.max_allowed_packet:= @tmp_max;
 --disconnect newconn
-
---echo #
---echo # End of 5.5 tests
---echo #
-
 #
 # Bug#11765562 58545:
 # EXPORT_SET() CAN BE USED TO MAKE ENTIRE SERVER COMPLETELY UNRESPONSIVE
@@ -1517,3 +1512,16 @@ SELECT @@global.max_allowed_packet;
 SELECT CHAR_LENGTH(EXPORT_SET(1,1,1,REPEAT(1,100000000)));
 SET @@global.max_allowed_packet:= @tmp_max;
 
+--echo #
+--echo # MDEV-4272: DIV operator crashes in Item_func_int_div::val_int
+--echo # (incorrect NULL value handling by convert)
+--echo #
+create table t1(a int) select null;
+select 1 div convert(a using utf8) from t1;
+drop table t1;
+
+
+--echo #
+--echo # End of 5.5 tests
+--echo #
+

sql/item_strfunc.cc

@@ -2987,7 +2987,7 @@ String *Item_func_conv_charset::val_str(String *str)
     return null_value ? 0 : &str_value;
   String *arg= args[0]->val_str(str);
   uint dummy_errors;
-  if (!arg)
+  if (args[0]->null_value)
   {
     null_value=1;
     return 0;

sql/item_strfunc.h

@@ -859,25 +859,37 @@ public:
   {
     if (args[0]->result_type() == STRING_RESULT)
       return Item_str_func::val_int();
-    return args[0]->val_int();
+    longlong res= args[0]->val_int();
+    if ((null_value= args[0]->null_value))
+      return 0;
+    return res;
   }
   double val_real()
   {
     if (args[0]->result_type() == STRING_RESULT)
       return Item_str_func::val_real();
-    return args[0]->val_real();
+    double res= args[0]->val_real();
+    if ((null_value= args[0]->null_value))
+      return 0;
+    return res;
   }
   my_decimal *val_decimal(my_decimal *d)
   {
     if (args[0]->result_type() == STRING_RESULT)
       return Item_str_func::val_decimal(d);
-    return args[0]->val_decimal(d);
+    my_decimal *res= args[0]->val_decimal(d);
+    if ((null_value= args[0]->null_value))
+      return NULL;
+    return res;
   }
   bool get_date(MYSQL_TIME *ltime, ulonglong fuzzydate)
   {
     if (args[0]->result_type() == STRING_RESULT)
       return Item_str_func::get_date(ltime, fuzzydate);
-    return args[0]->get_date(ltime, fuzzydate);
+    bool res= args[0]->get_date(ltime, fuzzydate);
+    if ((null_value= args[0]->null_value))
+      return 1;
+    return res;
   }
   void fix_length_and_dec();
   const char *func_name() const { return "convert"; }