--==_Exmh_1044940976P
Content-Type: text/plain

On Mon, 26 May 1997 13:29:25 EDT, maximum entropy says
>For what it's worth, Bash-2.00 has similar problems and configuring to
>build without GNU malloc seems to work as a workaround.

I tracked this down somewhat in bash-1.14.7.  Bach (actually readline)
calls tgetent().  tgetent calls cgetent() with a NULL variable several
times.  The man page doesn't document it, but reading the source shows
that a NULL variable makes cgetent malloc() a buffer.  Once tgetent is
done, it free()s the buffer.  See /usr/src/lib/libterm/termcap.c line
148.

The problem seems to be that cgetent uses calloc() to get the memory.
Bash defines a replacement malloc and free, but not a calloc.  Thus
the memory is allocated with NetBSD's malloc and freed with bash's
free.  Crash.

I haven't sent a pr since I'm not sure where the bug lies.  It seems
stupid to define your oven malloc but not calloc; but it seems odd
that our calloc doesn't just call malloc (done for performance
reasons, maybe?).  I'm also not sure if this bug affects non-pmax
systems.

	-Kevin Sullivan

--==_Exmh_1044940976P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBM4sARH4qeMKIUCpVAQH5TwQAiDI6njGo9QVAdEMnrypE5cpWIJiHdrcV
wmLbb4VhLLj1jskDqI9cuySsGPEA+5FGLoIDgu0Ek3IzrXpNfkayp8/sZ6e1mKku
DOB8371YIuO8fN630n1rqLUJtOE/7Sx67VthHQ86Bk46Dd1dfrusxAM6ILwkxD4E
pI35DXOBE2s=
=qiZ9
-----END PGP MESSAGE-----

--==_Exmh_1044940976P--