MDEV-35723: applying non-zero offset to null pointer in INSERT

row_mysql_read_blob_ref(): Correctly handle what Field_blob::store() generates for length=0.
2025-01-27 09:14:17 +01:00 · 2025-01-17 12:34:03 +02:00 · 2025-01-17 12:34:03 +02:00 · f521b8ac21
commit f521b8ac21
parent df602ff7fa
3 changed files with 21 additions and 0 deletions
--- a/mysql-test/suite/innodb/r/innodb.result
+++ b/mysql-test/suite/innodb/r/innodb.result
@ -3337,3 +3337,9 @@ Table	Op	Msg_type	Msg_text
 test.t1	check	status	OK
 ALTER TABLE t1 FORCE;
 DROP TABLE t1;
+#
+# MDEV-35723: applying zero offset to null pointer on INSERT
+#
+CREATE TABLE t1(c TEXT(1) NOT NULL, INDEX (c)) ENGINE=InnoDB;
+INSERT INTO t1 SET c='';
+DROP TABLE t1;
--- a/mysql-test/suite/innodb/t/innodb.test
+++ b/mysql-test/suite/innodb/t/innodb.test
@ -2605,3 +2605,10 @@ CHECK TABLE t1;
 ALTER TABLE t1 FORCE;
 # Cleanup
 DROP TABLE t1;
+
+--echo #
+--echo # MDEV-35723: applying zero offset to null pointer on INSERT
+--echo #
+CREATE TABLE t1(c TEXT(1) NOT NULL, INDEX (c)) ENGINE=InnoDB;
+INSERT INTO t1 SET c='';
+DROP TABLE t1;
--- a/storage/innobase/row/row0mysql.cc
+++ b/storage/innobase/row/row0mysql.cc
@ -244,6 +244,14 @@ row_mysql_read_blob_ref(

 	*len = mach_read_from_n_little_endian(ref, col_len - 8);

+	if (!*len) {
+		/* Field_blob::store() if (!length) would encode both
+		the length and the pointer in the same area. An empty
+		string must be a valid (nonnull) pointer in the
+		collation functions that cmp_data() may invoke. */
+		return ref;
+	}
+
 	memcpy(&data, ref + col_len - 8, sizeof data);

 	return(data);