Comment 2 for bug 204270

Binary-chopping with a slightly modified dumpmem eventually revealed the problem.

findfile returns a pointer to a chunk of memory corresponding to the file; menuconfig.init uses strstr on it, which means that it's expected to be 0-terminated, but isn't. strstr therefore walks off the end, which causes menuconfig.init to stick a 0 immediately after the end of the memory chunk corresponding to the file, which happens to be metadata for the next malloc chunk along. Thus (eventually, maybe) boom.