diff --git a/myisam/mi_open.c b/myisam/mi_open.c
index 077d8c7da3a150f52b9e1f34f3b065e36e99c519..60049325c5c642d5fd5128febe9d381f3b061839 100644
--- a/myisam/mi_open.c
+++ b/myisam/mi_open.c
@@ -35,6 +35,14 @@ static void setup_key_functions(MI_KEYDEF *keyinfo);
 					pos+=size;}
 
 
+#define disk_pos_assert(pos, end_pos) \
+if (pos > end_pos)             \
+{                              \
+  my_errno=HA_ERR_CRASHED;     \
+  goto err;                    \
+}
+
+
 /******************************************************************************
 ** Return the shared struct if the table is already open.
 ** In MySQL the server will handle version issues.
@@ -70,7 +78,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
     key_parts,unique_key_parts,tmp_length,uniques;
   char name_buff[FN_REFLEN], org_name [FN_REFLEN], index_name[FN_REFLEN],
        data_name[FN_REFLEN];
-  char *disk_cache,*disk_pos;
+  char *disk_cache, *disk_pos, *end_pos;
   MI_INFO info,*m_info,*old_info;
   MYISAM_SHARE share_buff,*share;
   ulong rec_per_key_part[MI_MAX_POSSIBLE_KEY*MI_MAX_KEY_SEG];
@@ -138,11 +146,12 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
 
     info_length=mi_uint2korr(share->state.header.header_length);
     base_pos=mi_uint2korr(share->state.header.base_pos);
-    if (!(disk_cache=(char*) my_alloca(info_length)))
+    if (!(disk_cache=(char*) my_alloca(info_length+128)))
     {
       my_errno=ENOMEM;
       goto err;
     }
+    end_pos=disk_cache+info_length;
     errpos=2;
 
     VOID(my_seek(kfile,0L,MY_SEEK_SET,MYF(0)));
@@ -288,6 +297,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
       for (i=0 ; i < keys ; i++)
       {
 	disk_pos=mi_keydef_read(disk_pos, &share->keyinfo[i]);
+        disk_pos_assert(disk_pos + share->keyinfo[i].keysegs * MI_KEYSEG_SIZE,
+			end_pos);
 	set_if_smaller(share->blocksize,share->keyinfo[i].block_length);
 	share->keyinfo[i].seg=pos;
 	for (j=0 ; j < share->keyinfo[i].keysegs; j++,pos++)
@@ -319,6 +330,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
       for (i=0 ; i < uniques ; i++)
       {
 	disk_pos=mi_uniquedef_read(disk_pos, &share->uniqueinfo[i]);
+        disk_pos_assert(disk_pos + share->uniqueinfo[i].keysegs *
+			MI_KEYSEG_SIZE, end_pos);
 	share->uniqueinfo[i].seg=pos;
 	for (j=0 ; j < share->uniqueinfo[i].keysegs; j++,pos++)
 	{
@@ -344,6 +357,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags)
     for (i=0 ; i < keys ; i++)
       setup_key_functions(share->keyinfo+i);
 
+    disk_pos_assert(disk_pos + share->base.fields *MI_COLUMNDEF_SIZE, end_pos);
     for (i=j=offset=0 ; i < share->base.fields ; i++)
     {
       disk_pos=mi_recinfo_read(disk_pos,&share->rec[i]);
diff --git a/mysys/default.c b/mysys/default.c
index c354e1744bcd21ff420cb91108ba9819aa636694..cfdda17fb5f8198966153e77c818560f71341184 100644
--- a/mysys/default.c
+++ b/mysys/default.c
@@ -38,6 +38,7 @@
 #include "mysys_priv.h"
 #include "m_string.h"
 #include "m_ctype.h"
+#include <my_dir.h>
 
 char *defaults_extra_file=0;
 
@@ -61,13 +62,13 @@ DATADIR,
 NullS,
 };
 
-#define default_ext   	".cnf"		/* extension for config file */
+#define default_ext	".cnf"		/* extension for config file */
 #ifdef __WIN__
 #include <winbase.h>
 #define windows_ext	".ini"
 #endif
 
-static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc,
+static my_bool search_default_file(DYNAMIC_ARRAY *args,MEM_ROOT *alloc,
 				   const char *dir, const char *config_file,
 				   const char *ext, TYPELIB *group);
 
@@ -242,6 +243,20 @@ static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc,
   {
     strmov(name,config_file);
   }
+  fn_format(name,name,"","",4);
+#if !defined(__WIN__) && !defined(OS2)
+  {
+    MY_STAT stat_info;
+    if (!my_stat(name,&stat_info,MYF(0)))
+      return 0;
+    if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files */
+    {
+      fprintf(stderr, "warning: World-writeable config file %s is ignored\n",
+              name);
+      return 0;
+    }
+  }
+#endif
   if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0))))
     return 0;					/* Ignore wrong files */
 
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index daa5bfcc7ffa7c665c08caadf6cee2026e61e83e..411c9778c3e401f7e68fe941d19da658c427202f 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -4225,7 +4225,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
     if (!mysqld_user)
       mysqld_user= argument;
     else
-      fprintf(stderr, "Warning: Ignoring user change to '%s' becasue the user is set to '%s' earlier on the command line\n", argument, mysqld_user);
+      fprintf(stderr, "Warning: Ignoring user change to '%s' because the user was set to '%s' earlier on the command line\n", argument, mysqld_user);
     break;
   case 'L':
     strmake(language, argument, sizeof(language)-1);