From b3877176ac3627fac87737126b8709c20bc9a86a Mon Sep 17 00:00:00 2001
From: Daniel Black <daniel@mariadb.org>
Date: Tue, 30 Jun 2026 12:39:56 +1000
Subject: [PATCH] MDEV-40176: field_charset()->charpos(blob..) called with NULL

Problem:
  When `my_charpos_mb()` is called by `Field_blob::get_key_image_itRAW`
  with a start/end both being NULL. Because of this the blob_length
  must have been 0.

Fix:
  Rather than relying on character set functions to calculate the
  storage of nothing, bypass the calculation as the charpos() isn't
  going to return a value less than 0 (the blob_length).
---
 sql/field.cc | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/sql/field.cc b/sql/field.cc
index 4f2f004d661aa..0a208edb0fdfd 100644
--- a/sql/field.cc
+++ b/sql/field.cc
@@ -9035,10 +9035,13 @@ uint Field_blob::get_key_image_itRAW(const uchar *ptr_arg, uchar *buff,
 {
   size_t blob_length= get_length(ptr_arg);
   const uchar *blob= get_ptr(ptr_arg);
-  size_t local_char_length= length / mbmaxlen();
-  local_char_length= field_charset()->charpos(blob, blob + blob_length,
-                                              local_char_length);
-  set_if_smaller(blob_length, local_char_length);
+  if (blob)
+  {
+    size_t local_char_length= length / mbmaxlen();
+    local_char_length= field_charset()->charpos(blob, blob + blob_length,
+                                                local_char_length);
+    set_if_smaller(blob_length, local_char_length);
+  }
 
   if (length > blob_length)
   {