[net.bugs.v7] space allocation bug in exec

rrg (12/01/82)

This from Peter Ross of HCR:

/*
 * UNIX exec doesn't check to ensure that there is sufficient space
 * to store the necessary pointers (*argp[], *envp[]). It does
 * allocate space for the strings but depends on SINCR being
 * enough for the pointers.  The following program works when
 * LIMIT is 100 but fails when it is 1000.
 */

#define LIMIT	1000
char	*av[LIMIT+1];

main()
{
	int	i;

	for (i = 0; i < LIMIT; i++)
		av[i] = "x";
	execv("/bin/echo", av);
}