Bug #59632 Assertion failed: arg_length > length

The problem was overflow in max_length when we tried to des_decrypt()
something which is not the output of des_encrypt()


mysql-test/r/ssl_and_innodb.result:
  New test case.
mysql-test/t/ssl_and_innodb.test:
  New test case.
sql/item_strfunc.h:
  Do not subtract the encrypt overhead (9U) if args[0] has length < 9
  (In unsigned arithmetic, (1-9) becomes a very large number)

mysql-test/r/ssl_and_innodb.result

+CREATE TABLE t1(a int) engine=innodb;
+INSERT INTO t1 VALUES (1);
+SELECT DISTINCT
+convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d
+FROM t1 ;
+d
+2
+DROP TABLE t1;

mysql-test/t/ssl_and_innodb.test

+-- source include/have_innodb.inc
+-- source include/have_ssl_crypto_functs.inc
+
+CREATE TABLE t1(a int) engine=innodb;
+INSERT INTO t1 VALUES (1);
+
+SELECT DISTINCT
+convert((SELECT des_decrypt(2,1) AS a FROM t1 WHERE @a:=1), signed) as d
+FROM t1 ;
+
+DROP TABLE t1;

sql/item_strfunc.h

 #ifndef ITEM_STRFUNC_INCLUDED
 #define ITEM_STRFUNC_INCLUDED
 
-/* Copyright (C) 2000-2003 MySQL AB
+/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -361,7 +361,9 @@ public:
   {
     maybe_null=1;
     /* 9 = MAX ((8- (arg_len % 8)) + 1) */
-    max_length = args[0]->max_length - 9;
+    max_length= args[0]->max_length;
+    if (max_length >= 9U)
+      max_length-= 9U;
   }
   const char *func_name() const { return "des_decrypt"; }
 };