Fix bug #15268 Unchecked null value caused server crash

cmp_item_sort_string::cmp() wasn't checking values_res variable for null.
Later called function was dereferenced it and crashed server.

Added null check to cmp_item_sort_string::cmp().

mysql-test/r/select.result

@@ -3337,3 +3337,11 @@ id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
 1	SIMPLE	t2	const	PRIMARY	PRIMARY	4	const	1	Using index
 1	SIMPLE	t3	const	PRIMARY	PRIMARY	8	const,const	1	
 DROP TABLE t1,t2,t3;
+create table t1(f1 char, f2 char not null);
+insert into t1 values(null,'a');
+create table t2 (f2 char not null);
+insert into t2 values('b');
+select * from t1 left join t2 on f1=t2.f2 where t1.f2='a';
+f1	f2	f2
+NULL	a	NULL
+drop table t1,t2;

mysql-test/t/select.test

@@ -2805,3 +2805,13 @@ EXPLAIN SELECT t2.key_a,foo
     WHERE t2.key_a=2 and key_b=5;
 
 DROP TABLE t1,t2,t3;
+
+#
+# Bug#15268 Unchecked null value caused server crash
+#
+create table t1(f1 char, f2 char not null);
+insert into t1 values(null,'a');
+create table t2 (f2 char not null);
+insert into t2 values('b');
+select * from t1 left join t2 on f1=t2.f2 where t1.f2='a';
+drop table t1,t2;

sql/item_cmpfunc.h

@@ -723,9 +723,9 @@ public:
   {
     char buff[STRING_BUFFER_USUAL_SIZE];
     String tmp(buff, sizeof(buff), cmp_charset), *res;
-    if (!(res= arg->val_str(&tmp)))
-      return 1;				/* Can't be right */
-    return sortcmp(value_res, res, cmp_charset);
+    res= arg->val_str(&tmp);
+    return (value_res ? (res ? sortcmp(value_res, res, cmp_charset) : 1) :
+            (res ? -1 : 0));
   }
   int compare(cmp_item *c)
   {