Comment 5 for bug 58256

glibc isn't "noticing" every time the double-free happens: for instance, a minimal example of «printf "\na\nb\n" | gawk '{length($1)}'» doesn't crash on my system, but running «printf "\na\nb\n" | valgrind gawk '{length($1)}'» produces the error in valgrind's output.

I've isolated the problem, and expect to prepare a patch soon. The bug is that a "Null field" value gets a pointer value written to one of its members (specifically, the one to hold the "wide string" version of its normal string vaue). The Null field value is used to initialize certain newly created field values, but when that pointer value is encountered, it is freed. Since the Null field value is used to initialize multiple other variables, that pointer value is freed multiple times.