I've poked around a bit and this does appear to be a bug. (OSF
first brought this to my attention). Looks like we assume that the
code attribute will always come before any exception attributes in
the classfile ....

The allocation mechanism has been optimized so that most of the datas are
allocated in two buffers, malloc_buffer and clinit_buffer. Moreover,
freeClass() assumes that this buffers can be freed by freeing
cbConstantPool(cb) and <clinit>()V->code (when it exists).
It seems that cbConstantPool(cb) is indeed the first allocation made in
malloc_buffer but it may be false for <clinit>()V->code. According to the
class format pecification, the "Exception" attribute could come before the
"Code" attribute. In that case, <clinit>()V->code does no longer correspond
to clinit_buffer. Thus, the clinit_buffer is not freed (memory loss) and
free() is called with a bad address... We have fixed this problem by ensuring
that they are indeed allocated at the begining of their respective buffers.
Allocation start at the end of the buffers until the right allocation are
made. After these allocations, the old allocation scheme is used. We could
also fix this bug by keeping the values malloc_buffer and clinit_buffer int
the method table structure (consuming just a bit more memory).