Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!stl!crosfield!server3!rkww
From: rkww@crosfield.co.uk (roger willcocks)
Newsgroups: comp.unix.wizards
Subject: oldest bug in the world ?
Message-ID: <RKWW.91Mar4153858@server3.crosfield.co.uk>
Date: 4 Mar 91 15:38:58 GMT
Sender: rkww@crosfield.co.uk
Distribution: comp
Organization: Crosfield Electronics Ltd.
Lines: 18


historical exercise: how long has the following bug been in the Bourne
shell ?  It exists in both SVR2 (Uniplus) and SVR3 (MIPS risc/os 4.0),
and causes 'sh' to (essentially unpredictably) dump core.

In the file blok.c, function 'alloc' (#defined to be malloc) actually
returns a block of memory BYTESPERWORD too short.  The last few bytes
contain a live linkword for the storage allocator.

Somebody obviously knew this at one time, because a couple of places
call 'alloc(xxx + BYTESPERWORD)'.  But most places don't.

How has it worked for so long ?  Or have I missed something obvious ?
--
Roger Willcocks               "if it all worked we wouldn't have a job"
Crosfield Electronics Ltd     [ any opinions expressed here are my own;  ]
Hemel Hempstead, England      [ CEL may disagree with any or all of them ]
+44 442 230000                rkww@cel.co.uk  mcsun!cel!rkww@uunet.uu.net