Bug#27029 alter table ... enable keys crashes mysqld on large table

- When creating an index for the sort, the number of rows plus 1 is used 
to allocate a buffer.  In this test case, the number of rows 4294967295 
is the max value of an unsigned integer, so when 1 was added to it, a 
buffer of size 0 was allocated causing the crash.
- Create new test suite for this bug's test suite as per QA.


myisam/sort.c:
  Bug#27029 alter table ... enable keys crashes mysqld on large table
  - Check to make sure the value of records is < UINT_MAX32 to avoid a 
  false positive on the remaining condition.
mysql-test/suite/large_tests/README.TXT:
  Bug#27029 alter table ... enable keys crashes mysqld on large table
  - New testsuite for large tests.
  - Added mtr hint for potential testers.
mysql-test/suite/large_tests/r/alter_table.result:
  Bug#27029 alter table ... enable keys crashes mysqld on large table
  - New testsuite for large tests.
  - Added results for bug.
mysql-test/suite/large_tests/t/alter_table.test:
  Bug#27029 alter table ... enable keys crashes mysqld on large table
  - New testsuite for large tests.
  - Added test for bug.

1 files changed, 3 insertions, 2 deletions

diff --git a/myisam/sort.c b/myisam/sort.c
index 3cb48b47b2c..ba3a6e20b30 100644
--- a/myisam/sort.c
+++ b/myisam/sort.c
@@ -138,8 +138,9 @@ int _create_index_by_sort(MI_SORT_PARAM *info,my_bool no_messages,
 
   while (memavl >= MIN_SORT_MEMORY)
   {
-    if ((my_off_t) (records+1)*(sort_length+sizeof(char*)) <=
-	(my_off_t) memavl)
+    if ((records < UINT_MAX32) && 
+       ((my_off_t) (records + 1) * 
+        (sort_length + sizeof(char*)) <= (my_off_t) memavl))
       keys= records+1;
     else
       do