Problem description:
mysql server crashes when we run repair table on currupted table.

Analysis:
The problem with this bug seem to be key_reflength out of bounds
(186 according to debugger). We read this value from meta-data
segment of .MYI file while doing mi_open().

If you look into _mi_kpointer() you can see that the upper limit
for key_reflength is 7.

Solution:
In mi_open() there is a line like:
  if (share->base.keystart > 65535 || share->base.rec_reflength > 8)
we should verify key_reflength here as well.