I have a 32 bit Debian Squeeze (so 2011 era, with gcc-4.4 - too early for asan - and libc 2.11, so two Debian releases earlier than Denis’s) chroot lying around. Unsurprisingly, his reproducer crashes for me too, configured with no options and
make run with no arguments. gdb’s reporting line 119 rather than 118 in expand.c. valgrind annoyingly stops it crashing.
I had trouble compiling rule.c because johnny-come-lately mempcpy on this vintage setup seems to be provided as a macro and that doesn't play well with the STRING_SIZE_TUPLE macro, because, until the latter is expanded, mempcpy appears to only
have two arguments, when it requires three. #undef mempcpy in rule.c got me over that. I know we depend on C99 now, seemingly without a storm of protest, but this is failing to compile on a setup a decade newer than that.
For me, it’s the variable known in the make source as “environ”, which isn't what my gdb calls environ but what it calls ‘environ@@GLIBC_2.0' which has been corrupted, by the second call to recursively_expand_for_file, not, far as I sampled,
the environment variables it points to. gdb alleged to let me set a hardware watch point on it but it didn't fire. It seems to have been corrupted to point into the middle of an environment variable. So what should be an array of character pointers is an
array of characters. Interpreting those as character pointers promptly doesn't go so well. It’s already changed, for me, by the call to free_childbase.
And vfork is where that happens. If I’ve followed the thicket of #ifdef correctly and understood the vfork man page, then this is illegal when using vfork:
(I’d use the savannah git web thing but I don’t see line number links.)
The corruption happening in another process would explain the hardware watch point not catching it. The “blame“ says that dodgy assignment is 28 years old but, as was recently topical again, we have stopped using posix_spawn instead of vfork
with old libc versions and this code for copying the environment definitions of recursively expanded variables
for $(shell) invocations is even newer. Perhaps Make didn’t otherwise use the environ variable that it’s illegally corrupted for the last three decades.