diff --git a/mysql-test/r/func_str.result b/mysql-test/r/func_str.result
index 81fe2413725..5a582f08829 100644
--- a/mysql-test/r/func_str.result
+++ b/mysql-test/r/func_str.result
@@ -2784,6 +2784,12 @@ SELECT * FROM t1;
 format(123,2,'no_NO')
 123,00
 DROP TABLE t1;
+#
+# Bug#11764310 conv function crashes, negative argument to memcpy
+#
+SELECT CONV(1,-2147483648,-2147483648);
+CONV(1,-2147483648,-2147483648)
+
 #
 # End of 5.5 tests
 #
diff --git a/mysql-test/t/func_str.test b/mysql-test/t/func_str.test
index 9a9a8110a74..076c64e3ee1 100644
--- a/mysql-test/t/func_str.test
+++ b/mysql-test/t/func_str.test
@@ -1436,6 +1436,11 @@ SHOW CREATE TABLE t1;
 SELECT * FROM t1;
 DROP TABLE t1;
 
+--echo #
+--echo # Bug#11764310 conv function crashes, negative argument to memcpy
+--echo #
+SELECT CONV(1,-2147483648,-2147483648);
+
 --echo #
 --echo # End of 5.5 tests
 --echo #
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index 55087879b98..c6e9384bc5e 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -2952,8 +2952,8 @@ String *Item_func_conv::val_str(String *str)
                                    from_base, &endptr, &err);
   }
 
-  ptr= longlong2str(dec, ans, to_base);
-  if (str->copy(ans, (uint32) (ptr-ans), default_charset()))
+  if (!(ptr= longlong2str(dec, ans, to_base)) ||
+      str->copy(ans, (uint32) (ptr - ans), default_charset()))
     return make_empty_result();
   return str;
 }
@@ -3113,8 +3113,10 @@ String *Item_func_hex::val_str_ascii(String *str)
 
     if ((null_value= args[0]->null_value))
       return 0;
-    ptr= longlong2str(dec,ans,16);
-    if (str->copy(ans,(uint32) (ptr-ans), &my_charset_numeric))
+    
+    if (!(ptr= longlong2str(dec, ans, 16)) ||
+        str->copy(ans,(uint32) (ptr - ans),
+        &my_charset_numeric))
       return make_empty_result();		// End of memory
     return str;
   }