MDEV-22005 UBSAN: applying non-zero offset 2 to null pointer in my_charpos_mb()

Empty comment has a correct length.

sql/sql_string.h

@@ -3,7 +3,7 @@
 
 /*
    Copyright (c) 2000, 2013, Oracle and/or its affiliates.
-   Copyright (c) 2008, 2017, MariaDB Corporation.
+   Copyright (c) 2008, 2020, MariaDB Corporation.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -79,6 +79,10 @@ class Well_formed_prefix: public Well_formed_prefix_status
   Well_formed_prefix(CHARSET_INFO *cs, const char *str, size_t length)
    :Well_formed_prefix_status(cs, str, str + length, length), m_str(str)
   { }
+  Well_formed_prefix(CHARSET_INFO *cs, LEX_STRING str, size_t nchars)
+   :Well_formed_prefix_status(cs, str.str, str.str + str.length, nchars),
+    m_str(str.str)
+  { }
   size_t length() const { return m_source_end_pos - m_str; }
 };
 

sql/sql_table.cc

 /*
    Copyright (c) 2000, 2019, Oracle and/or its affiliates.
-   Copyright (c) 2010, 2019, MariaDB
+   Copyright (c) 2010, 2020, MariaDB
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -4286,8 +4286,12 @@ bool validate_comment_length(THD *thd, LEX_STRING *comment, size_t max_len,
                              uint err_code, const char *name)
 {
   DBUG_ENTER("validate_comment_length");
-  uint tmp_len= my_charpos(system_charset_info, comment->str,
-                           comment->str + comment->length, max_len);
+
+  if (comment->length == 0)
+    DBUG_RETURN(false);
+
+  size_t tmp_len=
+      Well_formed_prefix(system_charset_info, *comment, max_len).length();
   if (tmp_len < comment->length)
   {
     if (thd->is_strict_mode())