Bounced of another odd one, about which I should have known better: strcmp() where one of the two inputs is null gives, on this 64-bit Linux/GCC C system, a segfault.
It turns out that if either or both inputs are NULL, the output is undefined... which is a reasonable explanation of a segfault - but it looks (from the effects; I haven't looked at the code) as if there is no test for the NULLness before the comparison is attempted. Which leads to dereferencing address zero, hence the segfault.
I was a bit surprised: I might rather have expected it to be able to make a sane decision on it (e.g. both inputs NULL, result ==, one input NULL, result > or < depending which) but I guess a string comparison is used so often they didn't want that extra time to check it.