Description:
From sql/auth/sql_authentication.cc:

  /*
    The 4.0 and 4.1 versions of the protocol differ on how strings
    are terminated. In the 4.0 version, if a string is at the end
    of the packet, the string is not null terminated. Do not assume
    that the returned string is always null terminated.
  */

This details should be described in either of both of these two documentation pages:
https://dev.mysql.com/doc/internals/en/string.html
https://dev.mysql.com/doc/internals/en/connection-phase-packets.html

For instance, the above link expects that database is a null terminated string (string[NUL], or Protocol::NulTerminatedString).
While on protocol version 4.0 it is either Protocol::NulTerminatedString or Protocol::RestOfPacketString

How to repeat:
Open the links above: there is no description of how strings are terminated in protocol 4.0 and 4.1

Suggested fix:
Add in the documentation what described in the source code:

  /*
    The 4.0 and 4.1 versions of the protocol differ on how strings
    are terminated. In the 4.0 version, if a string is at the end
    of the packet, the string is not null terminated. Do not assume
    that the returned string is always null terminated.
  */

Hello Rene,

Thank you for the report!

Regards,
Umesh

Posted by developer:
 
Generic statements about all packets are not very useful. I'd rather make sure that doxygen docs for every packet sent to and from the server are correct and up to date.
Note that the "old" internals/ doc is now deprecated in favor of the doxygen version.

If you can find a problem in any of the descriptions there, please file new bugs about these.