#
# Hi Mats,
#
# Fwiw, here's the output from
#
#    $ valgrind --leak-check=yes ./ftp -v ftp.archlinux.org
#
# Even if nothing here turns out to be related to the free() problem at main.c:333,
# at least it does seem to point up some other out-of-bounds accesses that might
# (or might not) be related, possibly worth looking into just for ftp's general
# health, being as the patient is already on the operating table so to speak. 
#
# Interestingly, valgrind did NOT seem to explicitly detect the free() error that
# we're actually searching for; in fact, ftp exits normally while run under valgrind.
# Heisenburg at play I suppose.
#
# Anyway, thought it might be useful. My comments inline, preceded by #.
#
# - Glenn
#

==8485== Memcheck, a memory error detector
==8485== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==8485== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==8485== Command: ./ftp -v ftp.archlinux.org
==8485== Parent PID: 1281
==8485== 

#
# This one is in libresolv, may well be a benign uninitialized dereference.
#
==8485== Syscall param sendmsg(mmsg[0].msg_hdr) points to uninitialised byte(s)
==8485==    at 0x417928A: sendmmsg (in /usr/lib/libc-2.17.so)
==8485==    by 0x46B15FA: ??? (in /usr/lib/libresolv-2.17.so)
==8485==    by 0x46AED18: __libc_res_nquery (in /usr/lib/libresolv-2.17.so)
==8485==    by 0x46AF367: ??? (in /usr/lib/libresolv-2.17.so)
==8485==    by 0x46AF9EE: __libc_res_nsearch (in /usr/lib/libresolv-2.17.so)
==8485==    by 0x46A3679: _nss_dns_gethostbyname4_r (in /usr/lib/libnss_dns-2.17.so)
==8485==    by 0x415DE67: gaih_inet (in /usr/lib/libc-2.17.so)
==8485==    by 0x416018A: getaddrinfo (in /usr/lib/libc-2.17.so)
==8485==    by 0x804F45B: hookup (ftp.c:144)
==8485==    by 0x804A88A: setpeer (cmds.c:229)
==8485==    by 0x8053B6D: main (main.c:244)
==8485==  Address 0xbed049e8 is on thread 1's stack
==8485== 

#
# The above error occurs prior to appearance of "Connected to ftp.archlinux.org.".
# Everything below here results from executing the "$myget" macro at the ftp cmd prompt. 
#
#

#
# This may be relevant: In domacro.c, just after parsing the leading "$" of the
# macro name. (But just guessing here, that code is not exactly a pleasure to follow.)
#
==8485== Invalid write of size 1
==8485==    at 0x804F219: domacro (domacro.c:130)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 

#
# This one looks like fallout from the above.
#
==8485== Invalid write of size 1
==8485==    at 0x804F23B: domacro (domacro.c:136)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 

#
# No clue on these, which are all in slurpstring(). Honestly, I just don't have
# the patience to go thru code which is written based on an FSM which I don't have
# the diagram of in front of me. :)
#
==8485== Invalid read of size 1
==8485==    at 0x805406E: slurpstring (main.c:498)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x8054098: slurpstring (main.c:508)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x8053FD9: slurpstring (main.c:464)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x8053F0F: slurpstring (main.c:415)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x8053F19: slurpstring (main.c:415)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x8053F80: slurpstring (main.c:435)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5e is 15 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 

#
# This one is in the region of cmdscanner() that you were concerned about (I think):
# 	(*c->c_handler) (margc, margv);
#
==8485== Invalid read of size 1
==8485==    at 0x402BF53: __GI_strlen (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x40F1B0D: puts (in /usr/lib/libc-2.17.so)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 


#
# The rest of these are in domacro, and I did not look at them closely.
#
==8485== Invalid read of size 1
==8485==    at 0x40FB6D8: _IO_file_xsputn@@GLIBC_2.1 (in /usr/lib/libc-2.17.so)
==8485==    by 0x40F1BAE: puts (in /usr/lib/libc-2.17.so)
==8485==    by 0x804F2E7: domacro (domacro.c:161)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5d is 14 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x40FB6EB: _IO_file_xsputn@@GLIBC_2.1 (in /usr/lib/libc-2.17.so)
==8485==    by 0x40F1BAE: puts (in /usr/lib/libc-2.17.so)
==8485==    by 0x804F2E7: domacro (domacro.c:161)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c5c is 13 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 4
==8485==    at 0x410862C: __GI_mempcpy (in /usr/lib/libc-2.17.so)
==8485==    by 0x40FB634: _IO_file_xsputn@@GLIBC_2.1 (in /usr/lib/libc-2.17.so)
==8485==    by 0x40F1BAE: puts (in /usr/lib/libc-2.17.so)
==8485==    by 0x804F2E7: domacro (domacro.c:161)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c4e is 6 bytes inside a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== Invalid read of size 1
==8485==    at 0x805403A: slurpstring (main.c:480)
==8485==    by 0x8053ED8: makeargv (main.c:398)
==8485==    by 0x804F242: domacro (domacro.c:137)
==8485==    by 0x8053E27: cmdscanner (main.c:372)
==8485==    by 0x8053BC0: main (main.c:254)
==8485==  Address 0x42a8c4f is 0 bytes after a block of size 7 alloc'd
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x8053BC0: main (main.c:254)
==8485== 
==8485== 

#
# Summary of leaks, etc. after program exits.
# 
==8485== HEAP SUMMARY:
==8485==     in use at exit: 56,677 bytes in 182 blocks
==8485==   total heap usage: 360 allocs, 178 frees, 77,494 bytes allocated
==8485== 
==8485== 10 bytes in 1 blocks are definitely lost in loss record 4 of 35
==8485==    at 0x402B6A8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==8485==    by 0x80563AF: xmalloc (in /home/xxx/src/abs/inetutils/src/inetutils-1.9.1/ftp/ftp)
==8485==    by 0x804F9CB: login (ftp.c:273)
==8485==    by 0x804A955: setpeer (cmds.c:245)
==8485==    by 0x8053B6D: main (main.c:244)
==8485== 
==8485== LEAK SUMMARY:
==8485==    definitely lost: 10 bytes in 1 blocks
==8485==    indirectly lost: 0 bytes in 0 blocks
==8485==      possibly lost: 0 bytes in 0 blocks
==8485==    still reachable: 56,667 bytes in 181 blocks
==8485==         suppressed: 0 bytes in 0 blocks
==8485== Reachable blocks (those to which a pointer was found) are not shown.
==8485== To see them, rerun with: --leak-check=full --show-reachable=yes
==8485== 
==8485== For counts of detected and suppressed errors, rerun with: -v
==8485== Use --track-origins=yes to see where uninitialised values come from
==8485== ERROR SUMMARY: 209 errors from 15 contexts (suppressed: 0 from 0)