Comment 4 for bug 327705

nscd_getpw_r() will free() on a static buffer passed in to it when called by
getpwnam() and friends.

This can be seen by simple code inspection in nscd/nscd_getpw_r.c.
(discussion is based on CVS version 1.30 which is the current MAIN). The
following excerpt are a few lines of nscd/nscd_getpw_r.c:

86:nscd_getpw_r (...)
96: retry:;
142: resultbuf->pw_uid = pw_resp->pw_uid;
203: if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1)
230: free (resultbuf);
232: goto retry;

The above shows that if there has been a GC cycle that resultbuf is freed and
then reused in the next retry. That's incorrect. It is also incorrect in that
resultbuf is passed in, and it can be a buffer that's not from the heap.

This turns up in a simple getpwnam() call made during a GC cycle. This tries to
free the resbuf in getpwnam and thus dumps core.

Suggested fix: remove free(resultbuf) (line 230).