It looks like I misapplied a patch. I checked the addresses against a non-stripped version of gpsapp and it pointed at the following bug.

          if (!strcmp(match, "routedir")) {

            int sz = (eof-(f+1)); /* reserve \0 */

            serport=(char *)malloc(sz);

            ^^^^^^^

            strncpy(routedir, (char *)f+1, sz); /* maybe no \0 */

            routedir[sz] = '\0'; 

Hmm, wonder how I managed to let that bad allocation slip through. New version will be out in about 5 minutes...