> Does sbrk() return zero'ed memory.  Looking at some code
> (moncontrol()) it appears to assume this.

Then it's broken. :-)  When sbrk allocates new pages, they are
demand-zero.  But as one person pointed out, negative sbrk()s can cause
old, written-to, memory to be returned by a future sbrk(), and if the
break is not page-aligned it's possible to scribble on the padding
memory, above the break but below the next page boundary, even if there
are no negative sbrk()s happening.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B