Bug #49445: Assertion failed: 0, file .\item_row.cc, line 55 with

  fulltext search and row op.

The search for fulltext indexes is searching for some special 
predicate layouts. While doing so it's not checking for the number
of columns of the expressions it tries to calculate.
And since row expressions can't return a single scalar value there
was a crash.
Fixed by checking if the expressions are scalar (in addition to 
being constant) before calling Item::val_xxx() methods.

Author: gkodinov

mysql-test/r/fulltext.result

@@ -603,4 +603,12 @@ WHERE t3.a=t1.a AND MATCH(b2) AGAINST('scargill' IN BOOLEAN MODE)
 count(*)
 0
 DROP TABLE t1,t2,t3;
+#
+# Bug #49445: Assertion failed: 0, file .\item_row.cc, line 55 with 
+#   fulltext search and row op
+#
+CREATE TABLE t1(a CHAR(1),FULLTEXT(a));
+SELECT 1 FROM t1 WHERE MATCH(a) AGAINST ('') AND ROW(a,a) > ROW(1,1);
+1
+DROP TABLE t1;
 End of 5.1 tests

mysql-test/t/fulltext.test

@@ -545,4 +545,14 @@ SELECT count(*) FROM t1 WHERE
 DROP TABLE t1,t2,t3;
 
 
+--echo #
+--echo # Bug #49445: Assertion failed: 0, file .\item_row.cc, line 55 with 
+--echo #   fulltext search and row op
+--echo #
+
+CREATE TABLE t1(a CHAR(1),FULLTEXT(a));
+SELECT 1 FROM t1 WHERE MATCH(a) AGAINST ('') AND ROW(a,a) > ROW(1,1);
+DROP TABLE t1;
+
+
 --echo End of 5.1 tests

sql/sql_select.cc

@@ -3650,20 +3650,20 @@ add_ft_keys(DYNAMIC_ARRAY *keyuse_array,
       cond_func=(Item_func_match *)cond;
     else if (func->arg_count == 2)
     {
-      Item_func *arg0=(Item_func *)(func->arguments()[0]),
-                *arg1=(Item_func *)(func->arguments()[1]);
-      if (arg1->const_item()  &&
+      Item *arg0= func->arguments()[0],
+           *arg1= func->arguments()[1];
+      if (arg1->const_item() && arg1->cols() == 1 &&
           ((functype == Item_func::GE_FUNC && arg1->val_real() > 0) ||
-           (functype == Item_func::GT_FUNC && arg1->val_real() >=0))  &&
-           arg0->type() == Item::FUNC_ITEM            &&
-           arg0->functype() == Item_func::FT_FUNC)
-        cond_func=(Item_func_match *) arg0;
-      else if (arg0->const_item() &&
+           (functype == Item_func::GT_FUNC && arg1->val_real() >= 0)) &&
+           arg0->type() == Item::FUNC_ITEM &&
+           ((Item_func *) arg0)->functype() == Item_func::FT_FUNC)
+        cond_func= (Item_func_match *) arg0;
+      else if (arg0->const_item() && arg0->cols() == 1 &&
                ((functype == Item_func::LE_FUNC && arg0->val_real() > 0) ||
-                (functype == Item_func::LT_FUNC && arg0->val_real() >=0)) &&
-                arg1->type() == Item::FUNC_ITEM          &&
-                arg1->functype() == Item_func::FT_FUNC)
-        cond_func=(Item_func_match *) arg1;
+                (functype == Item_func::LT_FUNC && arg0->val_real() >= 0)) &&
+                arg1->type() == Item::FUNC_ITEM &&
+                ((Item_func *) arg1)->functype() == Item_func::FT_FUNC)
+        cond_func= (Item_func_match *) arg1;
     }
   }
   else if (cond->type() == Item::COND_ITEM)