Index: src/whereexpr.c
==================================================================
--- src/whereexpr.c
+++ src/whereexpr.c
@@ -1289,11 +1289,11 @@
       transferJoinMarkings(pNew, pExpr);
       idxNew = whereClauseInsert(pWC, pNew, TERM_DYNAMIC);
       exprAnalyze(pSrc, pWC, idxNew);
     }
     pTerm = &pWC->a[idxTerm];
-    pTerm->wtFlags = TERM_CODED|TERM_VIRTUAL;  /* Disable the original */
+    pTerm->wtFlags |= TERM_CODED|TERM_VIRTUAL;  /* Disable the original */
     pTerm->eOperator = 0;
   }
 
   /* If there is a vector IN term - e.g. "(a, b) IN (SELECT ...)" - create
   ** a virtual term for each vector component. The expression object

Index: test/rowvalue.test
==================================================================
--- test/rowvalue.test
+++ test/rowvalue.test
@@ -537,7 +537,13 @@
   SELECT * FROM t1 WHERE (3,33)>=(a,b) ORDER BY a DESC;
 } {3 33 2 22 1 11}
 do_execsql_test 19.36 {
   SELECT * FROM t1 WHERE (3,32)>=(a,b) ORDER BY a DESC;
 } {2 22 1 11}
+
+# 2018-02-18: Memory leak nexted row-value.  Detected by OSSFuzz.
+#
+do_catchsql_test 20.1 {
+  SELECT 1 WHERE (2,(2,0)) IS (2,(2,0));
+} {0 1}
 
 finish_test