From 29f77d41f531a94d1a71d6e5d33f2be104e99026 Mon Sep 17 00:00:00 2001
From: Alexander Barkov <bar@mariadb.com>
Date: Mon, 14 Jan 2019 20:51:05 +0400
Subject: [PATCH] MDEV-18205 Assertion `str_length < len' failed in
 Binary_string::realloc_raw

Bug was introduced in this commit:

  commit: a9ca819897f5c82582bfd3fedb09c78131cf8e00
      Call alloc() instead of realloc()
      Use alloc() if we don't need original string (avoid copy)
      Removed not needed test of str_length in sql_string.cc

copy_if_not_alloced() was forgotten when changing realloc()'s to alloc()'s.
Changing it now.
---
 mysql-test/main/func_str.result | 12 ++++++++++++
 mysql-test/main/func_str.test   | 16 ++++++++++++++++
 sql/sql_string.cc               |  2 +-
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/mysql-test/main/func_str.result b/mysql-test/main/func_str.result
index 07dca08c819..90206a0ce5d 100644
--- a/mysql-test/main/func_str.result
+++ b/mysql-test/main/func_str.result
@@ -4961,3 +4961,15 @@ DROP TABLE t1;
 #
 # End of 10.3 tests
 #
+#
+# Start of 10.4 tests
+#
+#
+# MDEV-18205 Assertion `str_length < len' failed in Binary_string::realloc_raw
+#
+SELECT GROUP_CONCAT( UpdateXML( '<a>new year</a>', '/a', '2019-01-01 00:00:00' ), ENCODE('text','pass') ) AS f;
+f
+2019-01-01 00:00:00F}^i
+#
+# End of 10.4 tests
+#
diff --git a/mysql-test/main/func_str.test b/mysql-test/main/func_str.test
index 4165e147768..4809b0e872b 100644
--- a/mysql-test/main/func_str.test
+++ b/mysql-test/main/func_str.test
@@ -1951,3 +1951,19 @@ DROP TABLE t1;
 --echo #
 --echo # End of 10.3 tests
 --echo #
+
+
+--echo #
+--echo # Start of 10.4 tests
+--echo #
+
+--echo #
+--echo # MDEV-18205 Assertion `str_length < len' failed in Binary_string::realloc_raw
+--echo #
+
+SELECT GROUP_CONCAT( UpdateXML( '<a>new year</a>', '/a', '2019-01-01 00:00:00' ), ENCODE('text','pass') ) AS f;
+
+
+--echo #
+--echo # End of 10.4 tests
+--echo #
diff --git a/sql/sql_string.cc b/sql/sql_string.cc
index b84585114b7..45af08f8966 100644
--- a/sql/sql_string.cc
+++ b/sql/sql_string.cc
@@ -941,7 +941,7 @@ String *copy_if_not_alloced(String *to,String *from,uint32 from_length)
     (void) from->realloc(from_length);
     return from;
   }
-  if (to->realloc(from_length))
+  if (to->alloc(from_length))
     return from;				// Actually an error
   if ((to->str_length=MY_MIN(from->str_length,from_length)))
     memcpy(to->Ptr,from->Ptr,to->str_length);