From owner-freebsd-commit  Thu Sep 21 06:39:01 1995
Return-Path: owner-commit
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id GAA06151
          for freebsd-commit-outgoing; Thu, 21 Sep 1995 06:39:01 -0700
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id GAA06139
          for cvs-all-outgoing; Thu, 21 Sep 1995 06:38:55 -0700
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id GAA06129
          for cvs-bin-outgoing; Thu, 21 Sep 1995 06:38:53 -0700
Received: from Root.COM (implode.Root.COM [198.145.90.17])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id GAA06122
          ; Thu, 21 Sep 1995 06:38:37 -0700
Received: from corbin.Root.COM (corbin [198.145.90.34]) by Root.COM (8.6.12/8.6.5) with ESMTP id GAA21085; Thu, 21 Sep 1995 06:37:21 -0700
Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id GAA00413; Thu, 21 Sep 1995 06:39:46 -0700
Message-Id: <199509211339.GAA00413@corbin.Root.COM>
To: Bruce Evans <bde@freefall.freebsd.org>
cc: cvs-bin@freefall.freebsd.org, CVS-commiters@freefall.freebsd.org
Subject: Re: cvs commit: src/bin/sh jobs.c 
In-reply-to: Your message of "Thu, 21 Sep 95 06:24:22 PDT."
             <199509211324.GAA05821@freefall.freebsd.org> 
From: David Greenman <davidg@Root.COM>
Reply-To: davidg@Root.COM
Date: Thu, 21 Sep 1995 06:39:46 -0700
Sender: owner-commit@FreeBSD.org
Precedence: bulk

>bde         95/09/21 06:24:21
>
>  Modified:    bin/sh    jobs.c
>  Log:
>  Fix relocation of job table.
>  
>  	while { sleep 1 & wait; } do echo 1; done
>  
>  corrupted the job table every 4th iteration.

   Hmmm...

***************
*** 459,465 ****
--- 459,472 ----
                        if (njobs == 0) {
                                jobtab = ckmalloc(4 * sizeof jobtab[0]);
                        } else {
+                               struct job *ojp;
+ 
                                jp = ckmalloc((njobs + 4) * sizeof jobtab[0]);
+                               for (i = njobs, ojp = jobtab; --i >= 0;
+                                    jp++, ojp++)
+                                       if (ojp->ps == &ojp->ps0)
+                                               ojp->ps = &jp->ps0;
+                               jp -= njobs;
                                bcopy(jobtab, jp, njobs * sizeof jp[0]);
                                ckfree(jobtab);
                                jobtab = jp;

   I'm concerned by what you're doing with 'jp' above. How is free() going to
be able to free this after you've changed the address that was returned by
malloc (jp -= njobs)?

-DG