I figured out what makes the segfault happen, definitely a libc quirk but
I can change the code of namelist.c to make it not happen. I'm not sure
if you want to do it in the real version, but it might not hurt. The
issue is one of what happens right at the end of a buffer, if the buffer
happens to end exactly at the end of a page, so that the next bytes are
off limits. At line 355 of namelist.c is:
strcat(name, d->d_name);
which is what is segfaulting. But:
strncat(name, d->d_name, strlen(d->d_name));
does not segfault. The reason (I think) is that the next byte in the
buffer after the \0 is out of the address space, and the strcat is somehow
reading more than one byte at a time or something, while the strlen
function is (properly) not assuming it is legal to read even the next
byte after the \0.
This will enable me to fix the bug in tomsrtbt much more quickly than I
thought I would be able to.
-Tom
