Putting a zero byte file in htdocs somewhere and then requesting it repeatedly will cause monkeyd to corrupt memory/blow up depending on MALLOC_CHECK_ Dodgy code is: void M_free(void *ptr) { if(ptr!=NULL){ memset(ptr, '\0', sizeof(ptr)); free(ptr); ptr=NULL; } } The memset doesn't do what was intended. This isn't normally visible but the 0 byte file causes monkeyd to malloc(0) which means there is no data allocated to "absorb" the broken memset call. The ptr=NULL thing is also just plain weird :) Problem was spotted by ciaranm and investigated by me. The code is pretty scary, taviso is checking it over some more atm so hold fire on any glsa etc ;)
*** This bug has been marked as a duplicate of 87916 ***
