This bug taken from the openbsd-tech mailing list applies to freebsd find, though the offending function is somewhat different in freebsd. http://marc.info/?l=openbsd-tech&m=143688921422969&w=2 After running: #include <sys/stat.h> #include <string.h> #include <unistd.h> int main(void) { char s[256]; int i; memset(s, 'x', sizeof s); s[255] = 0; for (i = 0; i < 200; i++) { mkdir(s, 0777); chdir(s); } return 0; } $ find xxx* -exec true {} \; Bus error (core dumped) See their fix in http://marc.info/?l=openbsd-tech&m=143689362824448&w=2
A commit references this bug: Author: jilles Date: Wed Aug 5 21:33:31 UTC 2015 New revision: 286344 URL: https://svnweb.freebsd.org/changeset/base/286344 Log: find: Fix segfault with very long path in -exec/-ok ... {} \;. If the resulting argument is longer than MAXPATHLEN, realloc() was called to extend the space, but the new pointer was not correctly stored. Different from what OpenBSD has done, rewrite brace_subst() to calculate the necessary space first and realloc() at most once. As before, the e_len fields are not updated in case of a realloc. Therefore, a following long argument will do another realloc. PR: 201750 MFC after: 1 week Changes: head/usr.bin/find/extern.h head/usr.bin/find/misc.c
A commit references this bug: Author: jilles Date: Fri Aug 28 20:53:09 UTC 2015 New revision: 287266 URL: https://svnweb.freebsd.org/changeset/base/287266 Log: MFC r286344: find: Fix segfault with very long path in -exec/-ok ... {} \;. If the resulting argument is longer than MAXPATHLEN, realloc() was called to extend the space, but the new pointer was not correctly stored. Different from what OpenBSD has done, rewrite brace_subst() to calculate the necessary space first and realloc() at most once. As before, the e_len fields are not updated in case of a realloc. Therefore, a following long argument will do another realloc. PR: 201750 Changes: _U stable/10/ stable/10/usr.bin/find/extern.h stable/10/usr.bin/find/misc.c