Found by the Fedora FreeIPA team in testing the libbsd-0.5.1 update I submitted for Fedora 19. See Fedora bug 971513:
Nalin Dahyabhai's comment seems particularly informative, so I quote it here:
The top couple of frames in my backtrace (with a little more debuginfo) look like this:
#0 __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
#1 0x00007fffec389cdb in spt_copyenv (oldenv=0x55555577ec10)
#2 spt_init (argc=8, argv=0x7fffffffe448, envp=0x55555577ec10)
I think that spt_init's use of the passed-in value of "environ" is causing some trouble because when it calls spt_clearenv(), and spt_clearenv() ends up calling clearenv(), the value is freed before it's read.
Patching spt_clearenv() to behave as if HAVE_CLEARENV isn't defined keeps it from crashing on my system, as the fallback path doesn't actually free the old environment.
As mentioned on the list, I've two possible fixes for this, which I'll include in 0.5.2 probably later today.
Fixed in 0.5.2.