>Number:         13733
>Category:       lib
>Synopsis:       mbstowcs in multibyte.c in 1.5.1 libc returns erroneous count when first arg is NULL and third arg is 0
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 16 16:36:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Scott Barron
>Release:        1.5.1
>Organization:
>Environment:
NetBSD unixbrewers.org 1.5.1 NetBSD 1.5.1 (GUINNESS) #0: Sat Aug 11 23:34:53 EST 2001     kain@unixbrewers.org:/usr/src/sys/arch/i386/compile/GUINNESS i386

>Description:
According to the documentation if mbstowcs() is passed NULL as the first argument and 0 as the third argument it is to return the number of wide characters it would copy.  This implementation returns 0 if the third argument is 0.  This is breaking some string handling in the galeon browser and possibly other multilanguage capable software.  This problem appears to be fixed in -current and hopefully that fix will make it into 1.5.2.  If not I have included a patch to at least make it return the correct count (the entire function appears to be very broken but my knowledge of the wide character realm is pretty small).
>How-To-Repeat:
Use mbstowcs passing NULL as the first argument and 0 as the third argument.
>Fix:
A patch against src/lib/libc/stdlib/multibyte.c from NetBSD-1.5.1 :

Index: multibyte.c
===================================================================
RCS file: /cvsroot/basesrc/lib/libc/stdlib/Attic/multibyte.c,v
retrieving revision 1.9
diff -r1.9 multibyte.c
111d110
<       if (n != 0) {
125d123
<       }

>Release-Note:
>Audit-Trail:
>Unformatted: