From d075f0fab72d40ca324285d3bedcdc43bbe06339 Mon Sep 17 00:00:00 2001
From: Venkata Sidagam <venkata.sidagam@oracle.com>
Date: Wed, 14 Nov 2012 17:02:36 +0530
Subject: [PATCH] BUG#13556107: CHECK AND REPAIR TABLE SHOULD BE MORE ROBUST
 [3]

Problem description: Incorrect key file. Key file is corrupted,
while reading the keys from the file. The problem here is that
keyseg->start (which should point to the beginning of a field)
is pointing beyond total record length.

Fix: If keyseg->start is greater than total record length then
return error.
---
 storage/myisam/mi_open.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/storage/myisam/mi_open.c b/storage/myisam/mi_open.c
index 5951aef6d4f..93f70a5d340 100644
--- a/storage/myisam/mi_open.c
+++ b/storage/myisam/mi_open.c
@@ -343,6 +343,12 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
 	  }
 	  else if (pos->type == HA_KEYTYPE_BINARY)
 	    pos->charset= &my_charset_bin;
+          if (!(share->keyinfo[i].flag & HA_SPATIAL) &&
+              pos->start > share->base.reclength)
+          {
+            my_errno= HA_ERR_CRASHED;
+            goto err;
+          }
 	}
 	if (share->keyinfo[i].flag & HA_SPATIAL)
 	{