REPAIR TABLE crashes server

The REPAIR TABLE statement will crash the server.

Steps to repeat:

./config/autorun.sh && ./configure --with-debug && make -j2
cd tests
./dtr --suite=broken myisam

Output:

drizzletest: At line 338: query 'REPAIR TABLE t1' failed: 2013: Lost connection to Drizzle server during query

The result from queries just before the failure was:
< snip >
drop table t1;
CREATE TABLE `t1` (
`post_id` int NOT NULL auto_increment,
`topic_id` int NOT NULL default '0',
`post_time` datetime NOT NULL default '0000-00-00 00:00:00',
`post_text` text NOT NULL,
`icon_url` varchar(10) NOT NULL default '',
`sign` int NOT NULL default '0',
`post_edit` varchar(150) NOT NULL default '',
`poster_login` varchar(35) NOT NULL default '',
`ip` varchar(15) NOT NULL default '',
PRIMARY KEY (`post_id`),
KEY `post_time` (`post_time`),
KEY `ip` (`ip`),
KEY `poster_login` (`poster_login`),
KEY `topic_id` (`topic_id`)
# FULLTEXT KEY `post_text` (`post_text`)
) ENGINE=MyISAM;
INSERT INTO t1 (post_text) VALUES ('ceci est un test'),('ceci est un test'),('ceci est un test'),('ceci est un test'),('ceci est un test');
REPAIR TABLE t1;

GDB Backtrace:

Breakpoint 1, mysql_parse (session=0x7ff0b8005300,
    inBuf=0x1accdd0 "drop table if exists t1,t2", length=26,
    found_semicolon=0x418d6e18) at sql_parse.cc:2543
2543 lex_start(session);
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x41ac4950 (LWP 22372)]
0x00007ff0be78e007 in memcpy () from /lib/libc.so.6
(gdb) where
#0 0x00007ff0be78e007 in memcpy () from /lib/libc.so.6
#1 0x000000000072f217 in _mi_rec_pack (info=0x204ce00,
    to=0x19 <Address 0x19 out of bounds>, from=0x204dca8 "\001")
    at mi_dynrec.c:966
#2 0x000000000073f363 in sort_write_record (sort_param=0x41ab96e0)
    at mi_check.c:3335
#3 0x000000000073dd52 in sort_key_read (sort_param=0x41ab96e0, key=0x204e4c0)
    at mi_check.c:2890
#4 0x000000000074969c in find_all_keys (info=0x41ab96e0, keys=10,
    sort_keys=0x204e470, buffpek=0x41ab9320, maxbuffer=0x41ab9368,
    tempfile=0x41ab94a0, tempfile_for_exceptions=0x41ab9390) at sort.c:264
#5 0x00000000007490ea in _create_index_by_sort (info=0x41ab96e0,
    no_messages=true, sortbuff_size=8388608) at sort.c:180
#6 0x000000000073b96f in mi_repair_by_sort (param=0x41aba0a0, info=0x204ce00,
    name=0x41ab9df0 "./test/t1", rep_quick=0) at mi_check.c:2197
#7 0x000000000070f876 in ha_myisam::repair (this=0x202ac70,
    session=0x7ff0b8005300, param=@0x41aba0a0, do_optimize=false)
    at ha_myisam.cc:895
#8 0x00000000007103e0 in ha_myisam::repair (this=0x202ac70,
    session=0x7ff0b8005300, check_opt=0x7ff0b8006f10) at ha_myisam.cc:767
#9 0x0000000000548a3f in handler::ha_repair (this=0x202ac70,
    session=0x7ff0b8005300, check_opt=0x7ff0b8006f10) at handler.cc:2524
#10 0x0000000000522159 in mysql_admin_table (session=0x7ff0b8005300,
    tables=0x1acce40, check_opt=0x7ff0b8006f10,
    operator_name=0x7b20bd "repair", lock_type=TL_WRITE,
    open_for_modify=false, no_warnings_for_error=false, extra_open_options=32,
    prepare_func=0x519eef <prepare_for_repair>,
    operator_func=0x548a04 <handler::ha_repair(Session*, st_ha_check_opt*)>)
    at sql_table.cc:2593
#11 0x0000000000523076 in mysql_repair_table (session=0x7ff0b8005300,
    tables=0x1acce40, check_opt=0x7ff0b8006f10) at sql_table.cc:2817
#12 0x00000000004dde67 in mysql_execute_command (session=0x7ff0b8005300)
    at sql_parse.cc:1511
#13 0x00000000004e02e0 in mysql_parse (session=0x7ff0b8005300,
    inBuf=0x1accdd0 "REPAIR TABLE t1", length=15, found_semicolon=0x41ac3e18)
    at sql_parse.cc:2573
#14 0x00000000004e09a8 in dispatch_command (command=COM_QUERY,
    session=0x7ff0b8005300, packet=0x7ff0b800b5a1 "", packet_length=15)
    at sql_parse.cc:593
#15 0x00000000004e15dc in do_command (session=0x7ff0b8005300)
    at sql_parse.cc:414
#16 0x000000000048afdd in libevent_thread_proc (arg=0x0) at scheduler.cc:535
#17 0x00007ff0bf4313ea in start_thread () from /lib/libpthread.so.0
#18 0x00007ff0be7efc6d in clone () from /lib/libc.so.6
#19 0x0000000000000000 in ?? ()