> if realloc() returns NULL:
> 
> (1) there's a memory leak, and
> 
> (2) the previous contents of the environment are unnecessarily lost.

And the next call to setenv will segfault at line 108:

	for (p = environ, cnt = 0; *p; ++p, ++cnt);

p will be NULL and dereferenced.

> I think that the assumption that environ will never be NULL is
> probably correct, and the real bug to be fixed is in the use of
> realloc().

Yes that's probably best.

--sjg