The following bug is present in the version of kudzu-0.99.23-1 that
comes with RedHat 7.2 and is still present in the latest version (as
of January 26th, 2002) kudzu-0.99.45-1.

When running kudzu on my system the function parse_pnp_string() (in the 
file "serial.c") is called with the following arguments:

    int pnp_len = 11
    unsigned char* pnp_id_string =
      { '~', 0x16, 0x8, '0', '(', '4', '9', ')', 'q', 0x19, 0x7f, 0x0 }

Note pnp_id_string contains both the BeginPnP1 '(' character and the
BeginPnP2 0x08 character but only the EndPnP1 ')' character - it does
not contain the EndPnP2 0x09 character.

pnp_id_string is copied into the memory pointed to by the local variable
pnp_string.

So then the piece of code marked by the comment

  /* first find the start of the PnP part of string */

finds the two begin characters and the following code chooses the
BeginPnP2 character over the BeginPnP1 character as it is nearer to the
start of the string.

So now we're in trouble as we hit the code marked by the comment

  /* we need to xlate data in PnP fields */

as the following code adds 0x20 to each character but runs over the
end of pnp_string as it does not find the EndPnP2 character.

On my system it zips on through memory and overwrites the local
variables before hitting a 0x09 somewhere. And so it's actually the
memcpy() just below that actually causes kudzu to exit with a
'Segmentation fault' as pnp_string now no longer points to a valid area
of memory.