Bug #31674599: THE UDF_INIT() FUNCTION CAUSE SERVER CRASH

mysql-test/r/udf.result

@@ -492,4 +492,12 @@ select * from mysql.plugin WHERE name='unexisting_udf';
 name	dl
 DROP FUNCTION unexisting_udf;
 ERROR 42000: FUNCTION test.unexisting_udf does not exist
+#
+# Bug #31674599: THE UDF_INIT() FUNCTION CAUSE SERVER CRASH
+#
+call mtr.add_suppression('Invalid row in mysql.func table');
+insert mysql.func () values ();
+delete from mysql.func where name = '';
+#
 # End of 10.2 tests
+#

mysql-test/t/udf.test

@@ -562,4 +562,14 @@ select * from mysql.plugin WHERE name='unexisting_udf';
 --error ER_SP_DOES_NOT_EXIST
 DROP FUNCTION unexisting_udf;
 
+--echo #
+--echo # Bug #31674599: THE UDF_INIT() FUNCTION CAUSE SERVER CRASH
+--echo #
+call mtr.add_suppression('Invalid row in mysql.func table');
+insert mysql.func () values ();
+source include/restart_mysqld.inc;
+delete from mysql.func where name = '';
+
+--echo #
 --echo # End of 10.2 tests
+--echo #

sql/sql_udf.cc

@@ -196,7 +196,7 @@ void udf_init()
     DBUG_PRINT("info",("init udf record"));
     LEX_STRING name;
     name.str=get_field(&mem, table->field[0]);
-    name.length = (uint) strlen(name.str);
+    name.length = (uint) safe_strlen(name.str);
     char *dl_name= get_field(&mem, table->field[2]);
     bool new_dl=0;
     Item_udftype udftype=UDFTYPE_FUNCTION;
@@ -210,12 +210,12 @@ void udf_init()
 
       On windows we must check both FN_LIBCHAR and '/'.
     */
-    if (check_valid_path(dl_name, strlen(dl_name)) ||
+    if (!name.str || !dl_name || check_valid_path(dl_name, strlen(dl_name)) ||
         check_string_char_length(&name, 0, NAME_CHAR_LEN,
                                  system_charset_info, 1))
     {
       sql_print_error("Invalid row in mysql.func table for function '%.64s'",
-                      name.str);
+                      safe_str(name.str));
       continue;
     }