john@polyof.UUCP ( John Buck ) (12/02/88)
Program: ftpd Sources: etc/ftpd/{glob.c,popen.c} Symptom: ftpd core dumps (essentially) sometimes, causing a remote error of "Service unavailable; server has closed connection" Problem: If glob() fails (no matches), it winds up freeing (via free()), an automatic stack array (gargv) Fix: Remove last free() call in blkfree() (IE the one that frees the pointer to the list) Then, you have to fix the call to blkfree() in popen.c to do an extra free(argv[argc]) after the blkfree(argv[argc]) History: The comment in glob.c says it all... The code for glob was lifted from csh, and seeming appropriate changes were made. Problem was a call to xfree() was changed to plain old free(). xfree() in csh checked to see if the address that was being freed was past the end of the data area. If it was, the call was ignored. free() does not do this extra, kludgy, checking. Alternative fix: lift the code for xfree() from csh, and make necessary, kludgy, changes. John Buck john@polyof.poly.edu john@polygraf.bitnet