/* the executable was specified as relative path to the jail, combine them together */
tmpstr = malloc0((strlen(exec)+strlen(jail))*sizeof(char));
tmpstr = strcat(strcat(tmpstr, jail), exec);
Looks to me that tmpstr is not malloced enough space for the null byte at the end. Depending on some random factors, it seems this can sometimes fail. I added a +1 to the malloc0 size and it seems to work. Does this seem right to you guys?