Description:
I have small corrupted MyISAM table t1 (I made it corrupted for testing).
If I do simple SELECT like:
select * from t1 order by id;

MySQL server crashes.

Backtrace:
(gdb) bt
#0  0x085bb25c in _mi_rec_unpack (info=0x8dee1d0, to=0x8deea38 '╔' <repeats 200 times>..., from=0x8def7a1 '╔' <repeats 200 times>..., found_length=10) at mi_dynrec.c:1062
#1  0x085bc89a in _mi_read_rnd_dynamic_record (info=0x8dee1d0, buf=0x8dedf38 "Ч\001", filepos=18446744073709551615, skip_deleted_blocks=0 '\0') at mi_dynrec.c:1599
#2  0x085b2bb2 in mi_scan (info=0x8dee1d0, buf=0x8dedf38 "Ч\001") at mi_scan.c:45
#3  0x0830e756 in ha_myisam::rnd_next (this=0x8dede48, buf=0x8dedf38 "Ч\001") at ha_myisam.cc:1277
#4  0x08303918 in find_all_keys (param=0xb4fe10d4, select=0x8de3640, sort_keys=0x8dddf38, buffpek_pointers=0xb4fe0f4c, tempfile=0xb4fe1010, indexfile=0x0)
    at filesort.cc:464
#5  0x08304493 in filesort (thd=0xb51260e0, table=0x8ded5f8, sortorder=0x8de3748, s_length=1, select=0x8de3640, max_rows=18446744073709551615, examined_rows=0xb4fe1208)
    at filesort.cc:225
#6  0x08287aad in create_sort_index (thd=0xb51260e0, join=0x8de21e0, order=0x8de2148, filesort_limit=18446744073709551615, select_limit=18446744073709551615)
    at sql_select.cc:12212
#7  0x08299856 in JOIN::exec (this=0x8de21e0) at sql_select.cc:1804
#8  0x08295caf in mysql_select (thd=0xb51260e0, rref_pointer_array=0xb51264dc, tables=0x8de1ed0, wild_num=1, fields=@0xb5126440, conds=0x0, og_num=1, order=0x8de2148,
    group=0x0, having=0x0, proc_param=0x0, select_options=2156153344, result=0x8de21d0, unit=0xb5126184, select_lex=0xb51263b4) at sql_select.cc:2017
#9  0x08299d74 in handle_select (thd=0xb51260e0, lex=0xb5126120, result=0x8de21d0, setup_tables_done_option=0) at sql_select.cc:257
#10 0x08233ca8 in mysql_execute_command (thd=0xb51260e0) at sql_parse.cc:2596
#11 0x0823c130 in mysql_parse (thd=0xb51260e0, inBuf=0x8de1db0 "select \n* from t1 order by id", length=29) at sql_parse.cc:5809
#12 0x0823eae0 in dispatch_command (command=COM_QUERY, thd=0xb51260e0, packet=0xb5157091 "select \n* from t1 order by id", packet_length=30) at sql_parse.cc:1773
#13 0x0824008f in do_command (thd=0xb51260e0) at sql_parse.cc:1557
#14 0x0824125d in handle_one_connection (arg=0xb51260e0) at sql_parse.cc:1188
#15 0xb7f4d34b in start_thread () from /lib/libpthread.so.0
#16 0xb7e7765e in clone () from /lib/libc.so.6

How to repeat:
I'll upload table files (.frm, .MYI, .MYD) to this issue.
Just run: select * from t1 order by id

corrupted table

Attachment: t1.zip (application/zip, text), 696 bytes.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18429

ChangeSet@1.2594, 2007-01-19 15:14:00+04:00, svoj@mysql.com +1 -0
  BUG#24401 - MySQL server crashes if you try to retrieve data from
              corrupted table
  
  Accessing a table with corrupted column definition results in server
  crash.
  
  This is fixed by refusing to open such tables. Affects MyISAM only.
  No test case, since it requires crashed table.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18536

ChangeSet@1.2594, 2007-01-22 16:34:58+04:00, svoj@mysql.com +1 -0
  BUG#24401 - MySQL server crashes if you try to retrieve data from
              corrupted table
  
  Accessing a table with corrupted column definition results in server
  crash.
  
  This is fixed by refusing to open such tables. Affects MyISAM only.
  No test case, since it requires crashed table.

Pushed to trees currently marked as 5.0.36 and 5.1.15.

Pushed to tree currently marked as 4.1.23.

Noted in 4.1.23, 5.0.36, 5.1.15 changelogs.