MDEV-35723: applying non-zero offset to null pointer in INSERT

row_mysql_read_blob_ref(): Correctly handle what Field_blob::store()
generates for length=0.

mysql-test/suite/innodb/r/innodb.result

@@ -3337,3 +3337,9 @@ Table	Op	Msg_type	Msg_text
 test.t1	check	status	OK
 ALTER TABLE t1 FORCE;
 DROP TABLE t1;
+#
+# MDEV-35723: applying zero offset to null pointer on INSERT
+#
+CREATE TABLE t1(c TEXT(1) NOT NULL, INDEX (c)) ENGINE=InnoDB;
+INSERT INTO t1 SET c='';
+DROP TABLE t1;

mysql-test/suite/innodb/t/innodb.test

@@ -2605,3 +2605,10 @@ CHECK TABLE t1;
 ALTER TABLE t1 FORCE;
 # Cleanup
 DROP TABLE t1;
+
+--echo #
+--echo # MDEV-35723: applying zero offset to null pointer on INSERT
+--echo #
+CREATE TABLE t1(c TEXT(1) NOT NULL, INDEX (c)) ENGINE=InnoDB;
+INSERT INTO t1 SET c='';
+DROP TABLE t1;

storage/innobase/row/row0mysql.cc

@@ -244,6 +244,14 @@ row_mysql_read_blob_ref(
 
 	*len = mach_read_from_n_little_endian(ref, col_len - 8);
 
+	if (!*len) {
+		/* Field_blob::store() if (!length) would encode both
+		the length and the pointer in the same area. An empty
+		string must be a valid (nonnull) pointer in the
+		collation functions that cmp_data() may invoke. */
+		return ref;
+	}
+
 	memcpy(&data, ref + col_len - 8, sizeof data);
 
 	return(data);