Hi,<nl>
<nl>
Is it still in there?<nl>
<nl>
<bold><excerpt>Excerpts from mail: 30-Jul-94 patch for csh needed ? Andrew
Wheadon@wipux2.wi (1373*)</excerpt></bold><nl>
<nl>
<excerpt>I'm wondering whether it's<nl>
a) not a bug<nl>
</excerpt><nl>
It's a bug.  It's also a bl****y obscure bug :-)<nl>
<nl>
I found it long ago when trying to build auis-5.1 on NetBSD-0.9.  At the
time I posted it to comp.os.386bsd.bugs and more recently, for AUIS-6.3 &
NetBSD-current, to this mailing list.<nl>
<nl>
FreeBSD independantly found and fixed it long ago.<nl>
<nl>
<excerpt>b) been fixed differently<nl>
</excerpt><nl>
No.  FreeBSD did fix it by using what the SAVE() macro expands to.  I like
my patch better :-).  Maybe, the heap management code is now more robust so
your less likely to encounter it.<nl>
<nl>
<excerpt>c) still needs fixing.<nl>
</excerpt><nl>
Yes.  To be honest, I didn't get tickled by it when building auis-6.3.  It
is, however, certainly still there.<nl>
<nl>
Have a look at the code for `csh/dir.c:dcanon()'.  It dos an `xfree()' on
its its first argument.  With out the SAVE(tcp) on the call to dcanon() in
csh/dir.c:dinit(), dcanon() frees the array path (tcp =3D getwd(path)
implies tcp =3D=3D path) that was allocated from the stack (char
path[MAXPATHLEN]).  After this happens, all bets are off.<nl>
<nl>
					regards, Andrew<nl>

------------------------------------------------------------------------------