From 7b3e02e1aaeba150b096b3516a44066bf65c1495 Mon Sep 17 00:00:00 2001
From: Alexander Barkov <bar@mariadb.com>
Date: Tue, 15 Apr 2025 19:30:44 +0400
Subject: [PATCH] MDEV-36565 Assertion `src != ((void *)0)' failed in
 my_casedn_8bit

The crash happened when ExtractValue() returning an empty string
as a result was passed to LCASE() or UCASE().

Item_func_xml_extractvalue::val_str() could return a String
{Ptr=0,str_value=0} in some cases, to mean an empty retult.
But virtual my_charset_handler_st functions caseup() and casedn()
do not expect {src=nullptr,srclen=0} as input and:
- raise a DBUG_ASSERT() in debug builds, or
- raise a "applying zero offset to null pointer" warning in UBSAN builds

Fixing Item_func_xml_extractvalue::val_str() to return
a String {Ptr="",str_length=0} instead of {Ptr=0,str_value=0}.

A similar fix was done earlier in Field_set::val_str(). See c69fb1a6273.
---
 mysql-test/main/xml.result | 14 +++++++++++++-
 mysql-test/main/xml.test   | 14 +++++++++++++-
 sql/item_xmlfunc.cc        |  4 ++--
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/mysql-test/main/xml.result b/mysql-test/main/xml.result
index d0b1d1782a1..a960d8cc316 100644
--- a/mysql-test/main/xml.result
+++ b/mysql-test/main/xml.result
@@ -1320,5 +1320,17 @@ f
 foo
 <b></b>
 #
-# Start of 10.5 tests
+# End of 10.5 tests
 #
+# Start of 11.4 tests
+#
+# MDEV-36565 Assertion `src != ((void *)0)' failed in my_casedn_8bit
+#
+SET NAMES latin1;
+SELECT  lcase((extractvalue('a', 'a'))) a FROM (select 1) dt;
+a
+
+SELECT  ucase((extractvalue('a', 'a'))) a FROM (select 1) dt;
+a
+
+# End of 11.4 tests
diff --git a/mysql-test/main/xml.test b/mysql-test/main/xml.test
index 2d0dd9907bb..e0954c5f6bb 100644
--- a/mysql-test/main/xml.test
+++ b/mysql-test/main/xml.test
@@ -822,5 +822,17 @@ DROP TABLE t1;
 SELECT 'foo' AS f UNION SELECT BINARY( UpdateXML('<a></a>', '/a', '<b></b>')) AS f;
 
 --echo #
---echo # Start of 10.5 tests
+--echo # End of 10.5 tests
 --echo #
+
+--echo # Start of 11.4 tests
+
+--echo #
+--echo # MDEV-36565 Assertion `src != ((void *)0)' failed in my_casedn_8bit
+--echo #
+
+SET NAMES latin1;
+SELECT  lcase((extractvalue('a', 'a'))) a FROM (select 1) dt;
+SELECT  ucase((extractvalue('a', 'a'))) a FROM (select 1) dt;
+
+--echo # End of 11.4 tests
diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc
index 02c37b45d8f..86c4e423947 100644
--- a/sql/item_xmlfunc.cc
+++ b/sql/item_xmlfunc.cc
@@ -176,8 +176,8 @@ public:
       }
     }
 
-    str->length(0);
-    str->set_charset(collation.collation);
+    // Make sure we never return {Ptr=nullptr, str_length=0}
+    str->copy("", 0, collation.collation);
     for (uint i=0 ; i < numnodes; i++)
     {
       if(active[i])