diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index ad5e2ef5ddd..c644aeab499 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -784,12 +784,15 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
       Old clients send null-terminated string ('\0' for empty string) for
       password.  New clients send the size (1 byte) + string (not null
       terminated, so also '\0' for empty string).
+
+      Cast *passwd to an unsigned char, so that it doesn't extend the sign
+      for *passwd > 127 and become 2**32-127 after casting to uint.
     */
     char db_buff[NAME_LEN+1];                 // buffer to store db in utf8
     char *db= passwd;
     char *save_db;
     uint passwd_len= (thd->client_capabilities & CLIENT_SECURE_CONNECTION ?
-                      *passwd++ : strlen(passwd));
+                      (uchar)(*passwd++) : strlen(passwd));
     uint dummy_errors, save_db_length, db_length;
     int res;
     Security_context save_security_ctx= *thd->security_ctx;