diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index e020d997d..6b2c38eb0 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,17 @@
+2005-08-11  Christopher Faylor  <cgf@timesys.com>
+
+	* child_info.  (CURR_CHILD_INFO_MAGIC): Refresh.
+	(child_info::child_info()): New constructor.
+	(child_info_spawn::child_info_spawn()): Ditto.
+	(child_info_spawn::operator new): New operator.
+	(child_info_spawn::set): New function.
+	* spawn.cc (av()): New constructor.
+	(av::operator new): New operator.
+	(av::set): New function.
+	(spawn_guts): Reorganize so that classes which allocates are defined
+	early in the function so that it can be properly cleaned up after an
+	efault.  Set errno to E2BIG in the event of a SEGV situation.
+
 2005-08-08  Christopher Faylor  <cgf@timesys.com>
 
 	* include/sys/cdefs.h: Remove extra line.
diff --git a/winsup/cygwin/child_info.h b/winsup/cygwin/child_info.h
index c079fe226..dc6a72457 100644
--- a/winsup/cygwin/child_info.h
+++ b/winsup/cygwin/child_info.h
@@ -29,7 +29,7 @@ enum child_info_types
 
 #define EXEC_MAGIC_SIZE sizeof(child_info)
 
-#define CURR_CHILD_INFO_MAGIC 0x5eecb012U
+#define CURR_CHILD_INFO_MAGIC 0x38772070U
 
 /* NOTE: Do not make gratuitous changes to the names or organization of the
    below class.  The layout is checksummed to determine compatibility between
@@ -51,6 +51,7 @@ public:
   DWORD dwProcessId;
   unsigned fhandler_union_cb;
   child_info (unsigned, child_info_types, bool);
+  child_info (): subproc_ready (NULL), parent (NULL) {}
   ~child_info ();
   void ready (bool);
   bool sync (int, HANDLE, DWORD) __attribute__ ((regparm (3)));
@@ -104,7 +105,10 @@ public:
 	cfree (moreinfo);
       }
   }
+  child_info_spawn (): moreinfo (NULL) {};
   child_info_spawn (child_info_types, bool);
+  void *operator new (size_t, void *p) __attribute__ ((nothrow)) {return p;}
+  void set (child_info_types ci, bool b) { new (this) child_info_spawn (ci, b);}
 };
 
 void __stdcall init_child_info (DWORD, child_info *, HANDLE);
diff --git a/winsup/cygwin/spawn.cc b/winsup/cygwin/spawn.cc
index 8261a45da..bb2fe7d32 100644
--- a/winsup/cygwin/spawn.cc
+++ b/winsup/cygwin/spawn.cc
@@ -266,11 +266,14 @@ class av
   int argc;
   bool win16_exe;
   bool iscygwin;
-  av (int ac, const char * const *av) : calloced (0), error (false), argc (ac), win16_exe (false), iscygwin (true)
+  av (): argv (NULL) {}
+  av (int ac_in, const char * const *av_in) : calloced (0), error (false), argc (ac_in), win16_exe (false), iscygwin (true)
   {
     argv = (char **) cmalloc (HEAP_1_ARGV, (argc + 5) * sizeof (char *));
-    memcpy (argv, av, (argc + 1) * sizeof (char *));
+    memcpy (argv, av_in, (argc + 1) * sizeof (char *));
   }
+  void *operator new (size_t, void *p) __attribute__ ((nothrow)) {return p;}
+  void set (int ac_in, const char * const *av_in) {new (this) av (ac_in, av_in);}
   ~av ()
   {
     if (argv)
@@ -362,6 +365,7 @@ spawn_guts (const char * prog_arg, const char *const *argv,
 {
   bool rc;
   pid_t cygpid;
+  int res = -1;
 
   if (prog_arg == NULL)
     {
@@ -379,12 +383,36 @@ spawn_guts (const char * prog_arg, const char *const *argv,
       return -1;
     }
 
-  path_conv real_path;
+  /* FIXME: There is a small race here and FIXME: not thread safe! */
 
+  pthread_cleanup cleanup;
+  if (mode == _P_SYSTEM)
+    {
+      sigset_t child_block;
+      cleanup.oldint = signal (SIGINT, SIG_IGN);
+      cleanup.oldquit = signal (SIGQUIT, SIG_IGN);
+      sigemptyset (&child_block);
+      sigaddset (&child_block, SIGCHLD);
+      sigprocmask (SIG_BLOCK, &child_block, &cleanup.oldmask);
+    }
+  pthread_cleanup_push (do_cleanup, (void *) &cleanup);
+  av newargv;
   linebuf one_line;
+  child_info_spawn ciresrv;
 
+  path_conv real_path;
+  bool reset_sendsig = false;
+
+  bool null_app_name = false;
   STARTUPINFO si = {0, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL};
 
+  myfault efault;
+  if (efault.faulted (E2BIG))
+    {
+      res = -1;
+      goto out;
+    }
+
   child_info_types chtype;
   if (mode != _P_OVERLAY)
     chtype = PROC_SPAWN;
@@ -401,13 +429,8 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   for (ac = 0; argv[ac]; ac++)
     /* nothing */;
 
-  myfault efault;
-  if (efault.faulted (EFAULT))
-    return -1;		// FIXME: Could be very leaky
+  newargv.set (ac, argv);
 
-  av newargv (ac, argv);
-
-  int null_app_name = 0;
   if (ac == 3 && argv[1][0] == '/' && argv[1][1] == 'c' &&
       (iscmd (argv[0], "command.com") || iscmd (argv[0], "cmd.exe")))
     {
@@ -423,7 +446,7 @@ spawn_guts (const char * prog_arg, const char *const *argv,
       one_line.add (" ");
       one_line.add (argv[2]);
       strcpy (real_path, argv[0]);
-      null_app_name = 1;
+      null_app_name = true;
       goto skip_arg_parsing;
     }
 
@@ -431,14 +454,14 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   if ((ext = perhaps_suffix (prog_arg, real_path)) == NULL)
     {
       set_errno (ENOENT);
-      return -1;
+      res = -1;
+      goto out;
     }
 
   MALLOC_CHECK;
-  int res;
   res = newargv.fixup (chtype, prog_arg, real_path, ext);
   if (res)
-    return res;
+    goto out;
 
   if (real_path.iscygexec ())
     newargv.dup_all ();
@@ -527,7 +550,9 @@ spawn_guts (const char * prog_arg, const char *const *argv,
     VerifyHandle (moreinfo->myself_pinfo);
 
  skip_arg_parsing:
-  PROCESS_INFORMATION pi = {NULL, 0, 0, 0};
+  PROCESS_INFORMATION pi;
+  pi.hProcess = pi.hThread = NULL;
+  pi.dwProcessId = pi.dwThreadId = 0;
   si.lpReserved = NULL;
   si.lpDesktop = NULL;
   si.dwFlags = STARTF_USESTDHANDLES;
@@ -541,7 +566,6 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   if (mode == _P_DETACH || !set_console_state_for_spawn ())
     flags |= DETACHED_PROCESS;
 
-  bool reset_sendsig = false;
   if (mode != _P_OVERLAY)
     myself->exec_sendsig = NULL;
   else
@@ -586,7 +610,7 @@ spawn_guts (const char * prog_arg, const char *const *argv,
   cygheap->user.deimpersonate ();
 
   moreinfo->envp = build_env (envp, envblock, moreinfo->envc, real_path.iscygexec ());
-  child_info_spawn ciresrv (chtype, newargv.iscygwin);
+  ciresrv.set (chtype, newargv.iscygwin);
   ciresrv.moreinfo = moreinfo;
 
   si.lpReserved2 = (LPBYTE) &ciresrv;
@@ -675,20 +699,6 @@ spawn_guts (const char * prog_arg, const char *const *argv,
       return -1;
     }
 
-  /* FIXME: There is a small race here */
-
-  pthread_cleanup cleanup;
-  if (mode == _P_SYSTEM)
-    {
-      sigset_t child_block;
-      cleanup.oldint = signal (SIGINT, SIG_IGN);
-      cleanup.oldquit = signal (SIGQUIT, SIG_IGN);
-      sigemptyset (&child_block);
-      sigaddset (&child_block, SIGCHLD);
-      sigprocmask (SIG_BLOCK, &child_block, &cleanup.oldmask);
-    }
-  pthread_cleanup_push (do_cleanup, (void *) &cleanup);
-
   /* Fixup the parent data structures if needed and resume the child's
      main thread. */
   if (cygheap->fdtab.need_fixup_before ())