Created attachment 122759 [details]
net-snmp-null-crash-fix.patch

I've tested this with net-snmp-5.1.2-11.EL4.6 and the segfault did not appear.
For the test case I put the override option on the first line. (Also tested with
this line as the very last one). Don't you have some specific option in snmpd.conf? 

# snmpd -Lo -f
/etc/snmp/snmpd.conf: line 1: Error: no variable value specified

The command, as can be seen below:
"snmpd -LE7 -Lsd -p /var/run/snmpd -aA -d -f"

That's the backtrace:
Core was generated by `snmpd -LE7 -Lsd -p /var/run/snmpd -aA -d -f'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /usr/sbin/snmpd
Reading symbols from /usr/lib/libnetsnmpagent.so.5...Reading symbols from
/usr/lib/debug/usr/lib/libnetsnmpagent.so.5.1.2.debug...done.
done.
Loaded symbols for /usr/lib/libnetsnmpagent.so.5
Reading symbols from /usr/lib/libnetsnmpmibs.so.5...Reading symbols from
/usr/lib/debug/usr/lib/libnetsnmpmibs.so.5.1.2.debug...done.
done.
Loaded symbols for /usr/lib/libnetsnmpmibs.so.5
Reading symbols from /usr/lib/libnetsnmphelpers.so.5...Reading symbols from
/usr/lib/debug/usr/lib/libnetsnmphelpers.so.5.1.2.debug...done.
done.
Loaded symbols for /usr/lib/libnetsnmphelpers.so.5
Reading symbols from /usr/lib/libwrap.so.0...done.
Loaded symbols for /usr/lib/libwrap.so.0
Reading symbols from /usr/lib/libnetsnmp.so.5...Reading symbols from
/usr/lib/debug/usr/lib/libnetsnmp.so.5.1.2.debug...done.
done.
Loaded symbols for /usr/lib/libnetsnmp.so.5
Reading symbols from /usr/lib/libsensors.so.3...done.
Loaded symbols for /usr/lib/libsensors.so.3
Reading symbols from /usr/lib/librpm-4.3.so...done.
Loaded symbols for /usr/lib/librpm-4.3.so
Reading symbols from /usr/lib/librpmdb-4.3.so...done.
Loaded symbols for /usr/lib/librpmdb-4.3.so
Reading symbols from /lib/libselinux.so.1...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /usr/lib/librpmio-4.3.so...done.
Loaded symbols for /usr/lib/librpmio-4.3.so
Reading symbols from /usr/lib/libbeecrypt.so.6...done.
Loaded symbols for /usr/lib/libbeecrypt.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/tls/librt.so.1...done.
Loaded symbols for /lib/tls/librt.so.1
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /usr/lib/libpopt.so.0...done.
Loaded symbols for /usr/lib/libpopt.so.0
Reading symbols from /usr/lib/libbz2.so.1...done.
Loaded symbols for /usr/lib/libbz2.so.1
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libcrypto.so.4...done.
Loaded symbols for /lib/libcrypto.so.4
Reading symbols from /usr/lib/libelf.so.1...done.
Loaded symbols for /usr/lib/libelf.so.1
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x00679e53 in strlen () from /lib/tls/libc.so.6
(gdb)
(gdb) bt
#0  0x00679e53 in strlen () from /lib/tls/libc.so.6
#1  0x00679b95 in strdup () from /lib/tls/libc.so.6
#2  0x001fb81c in netsnmp_register_mib (moduleName=0x0, var=0x0, varsize=0,
    numvars=0, mibloc=0x936ed18, mibloclen=12, priority=255, range_subid=0,
    range_ubound=0, ss=0x0, context=0x0, timeout=0, flags=0,
    reginfo=0x9358ba0, perform_callback=1) at agent_registry.c:571
#3  0x0020033d in netsnmp_register_handler (reginfo=0x9358ba0)
    at agent_handler.c:224
#4  0x00d4fd93 in netsnmp_register_serialize (reginfo=0x9358ba0)
    at serialize.c:46
#5  0x00d4b22f in netsnmp_register_instance (reginfo=0x9358ba0)
    at instance.c:74
#6  0x004887bb in netsnmp_parse_override (token=0xbff2aa90 "override",
    line=0x0) at utilities/override.c:188
#7  0x00bff38b in run_config_handler (lptr=0x931dc38,
    token=0xbff2aa90 "override",
    cptr=0xbff2ae99 "1.3.6.1.2.1.25.2.3.1.3.6 null", when=0)
    at read_config.c:449
#8  0x00bfffe2 in read_config (filename=0xbff2bdd0 "/etc/snmp/snmpd.conf",
    line_handler=0x92a19f0, when=0) at read_config.c:739
#9  0x00c00d68 in read_config_files (when=0) at read_config.c:1072
#10 0x00c01277 in read_configs () at read_config.c:775
#11 0x00bded75 in init_snmp (type=0x74f528 "snmpd") at snmp_api.c:811
---Type <return> to continue, or q <return> to quit---
#12 0x0074d1ce in main (argc=8, argv=0xbff2d484) at snmpd.c:867

I think the snmpd.conf is the main difference here.

$ rpm -q net-snmp
net-snmp-5.1.2-11.EL4.6
$ sudo snmpd -Lo -f
Segmentation fault

Created attachment 123298 [details]
snmpd.conf

Reproduced here, still chasing the override option

This issue is on Red Hat Engineering's list of planned work items 
for the upcoming Red Hat Enterprise Linux 4.4 release.  Engineering 
resources have been assigned and barring unforeseen circumstances, Red 
Hat intends to include this item in the 4.4 release.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0421.html