Bug#28960901: ASSERTION FAILED: (TLEN % 2) == 0

At preparing phase, Arg_comparator::set_cmp_func() and
Arg_comparator::set_compare_func() set the character set which is used to
do string comparison. But user variable's character set at execution
phase might have changed since it was estimated at preparing phase. This
may cause assert failure if the comparing character set is
ucs2/utf16/utf32 and the string's character can be single byte character.

Fix:
Convert the string to the charset which is determined at preparing phase.

Change-Id: Ic2b67c6027ee1c5fcfd0502ca90ecb90ef326445

Author: Xing Zhang

mysql-test/r/user_var.result

@@ -835,3 +835,26 @@ ERROR 42000: Result consisted of more than one row
 SET @x= 2;
 SELECT a FROM t1 WHERE a = @x INTO @x;
 DROP TABLE t1;
+#
+# Bug#28960901: ASSERTION FAILED: (TLEN % 2) == 0
+#
+CREATE TABLE t1(a VARCHAR(10) CHARSET latin1, b VARCHAR(20) CHARSET utf16);
+INSERT INTO t1 VALUES ('a', 'abcd');
+SELECT (@x:=b) FROM t1;
+(@x:=b)
+abcd
+Warnings:
+Warning	1287	Setting user variables within expressions is deprecated and will be removed in a future release. Consider alternatives: 'SET variable=expression, ...', or 'SELECT expression(s) INTO variables(s)'.
+SELECT * FROM t1 WHERE b = (SELECT (@x:=1) FROM t1) OR a = @x;
+a	b
+Warnings:
+Warning	1287	Setting user variables within expressions is deprecated and will be removed in a future release. Consider alternatives: 'SET variable=expression, ...', or 'SELECT expression(s) INTO variables(s)'.
+Warning	1292	Truncated incorrect DOUBLE value: ''
+SELECT (@x:=a) FROM t1;
+(@x:=a)
+a
+Warnings:
+Warning	1287	Setting user variables within expressions is deprecated and will be removed in a future release. Consider alternatives: 'SET variable=expression, ...', or 'SELECT expression(s) INTO variables(s)'.
+SELECT * FROM t1 WHERE a = (SELECT (@x:=_utf16 0x1023) FROM t1) OR b = @x;
+ERROR HY000: Invalid latin1 character string: '\x10\x23'
+DROP TABLE t1;

mysql-test/t/user_var.test

@@ -549,3 +549,15 @@ SET @x= 2;
 eval $query3;
 
 DROP TABLE t1;
+
+--echo #
+--echo # Bug#28960901: ASSERTION FAILED: (TLEN % 2) == 0
+--echo #
+CREATE TABLE t1(a VARCHAR(10) CHARSET latin1, b VARCHAR(20) CHARSET utf16);
+INSERT INTO t1 VALUES ('a', 'abcd');
+SELECT (@x:=b) FROM t1;
+SELECT * FROM t1 WHERE b = (SELECT (@x:=1) FROM t1) OR a = @x;
+SELECT (@x:=a) FROM t1;
+--error ER_INVALID_CHARACTER_STRING
+SELECT * FROM t1 WHERE a = (SELECT (@x:=_utf16 0x1023) FROM t1) OR b = @x;
+DROP TABLE t1;

sql/item_func.cc

@@ -5794,6 +5794,22 @@ String *Item_func_get_user_var::val_str(String *str) {
   DBUG_ENTER("Item_func_get_user_var::val_str");
   if (!var_entry) DBUG_RETURN((String *)0);  // No such variable
   String *res = var_entry->val_str(&null_value, str, decimals);
+  if (res && !my_charset_same(res->charset(), collation.collation)) {
+    uint error;
+    if (str->copy(var_entry->ptr(), var_entry->length(),
+                  var_entry->collation.collation, collation.collation,
+                  &error) ||
+        error > 0) {
+      char tmp[32];
+      convert_to_printable(tmp, sizeof(tmp), var_entry->ptr(),
+                           var_entry->length(), var_entry->collation.collation,
+                           6);
+      my_error(ER_INVALID_CHARACTER_STRING, MYF(0), collation.collation->csname,
+               tmp);
+      DBUG_RETURN(nullptr);
+    }
+    DBUG_RETURN(str);
+  }
   DBUG_RETURN(res);
 }